[bdNOG] About google.com.bd

Anurag Bhatia me at anuragbhatia.com
Wed Dec 21 16:09:50 BDT 2016 

Hi Sumon


Was wondering if it's known on how delegation was changed? Was it some
vulnerability in exposed APIs or someone managed to do it right on master
server?


On an unrelated note: It seems like PCH's bd-ns.anycast.pch.net. is still
not published on the root servers and this will impact if existing
three *(which
all happen to be in bd)* have any issues. In current scenario recursors
will cache NS records from existing three auth which includes 4th auth of
PCH. Thus the presence of PCH's auth in NS records will help only if at
least one of three others stays available else fresh query will just fail
because of missing delegation to PCH on the parent (root zone).




dig @i.root-servers.net. bd. ns  +auth

; <<>> DiG 9.8.3-P1 <<>> @i.root-servers.net. bd. ns +auth
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29491
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;bd. IN NS

;; AUTHORITY SECTION:
bd. 172800 IN NS surma.btcl.net.bd.
bd. 172800 IN NS dns.bd.
bd. 172800 IN NS jamuna.btcl.net.bd.

;; ADDITIONAL SECTION:
dns.bd. 172800 IN A 209.58.24.3
surma.btcl.net.bd. 172800 IN A 203.112.194.232
jamuna.btcl.net.bd. 172800 IN A 203.112.194.231

;; Query time: 295 msec
;; SERVER: 2001:7fe::53#53(2001:7fe::53)
;; WHEN: Wed Dec 21 15:34:48 2016
;; MSG SIZE  rcvd: 136



Thanks

On Wed, Dec 21, 2016 at 3:54 AM, Sumon Ahmed Sabir <sumon at fiberathome.net>
wrote:

>
> Yes Donald.
>
> I can see that the .BD ccTLD is normal for last 12 hours. Hope it remains
> so.
>
> Signing root zone is overdue for long time. Lets see if we can push it
> forward with this incident....
> Singing the root zone and also some capacity building to maintain it
> properly.
>
> In fact still they are not ready or capable to maintain DNSSEC.
>
> -sumon
>
> On Tue, 20 Dec 2016 at 21:48 Donald Clark <dsc at google.com> wrote:
>
>> Hi all
>>
>> Thanks for sharing all this on BDNOG list.  Can some of you out there
>> confirm that this .bd ccTLD is now behaving correctly again?
>>
>> Not a whole lot we can do if a ccTLD has been impacted.
>>
>> Time for signing the root zone?
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog
>>
>
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
>
>


-- 


Anurag Bhatia
anuragbhatia.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20161221/5e73608f/attachment.html>

More information about the nog mailing list