<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 20/12/2016 05:33, Omar Ali wrote:
<br>
<blockquote type="cite" style="color: #000000;">Please someone help
BTCL to fix NS record to actual NS
<br>
</blockquote>
<br>
The replies from the BD nameservers are inconsistent:
<br>
<br>
$ dig +norec @surma.btcl.net.bd. google.com.bd. a | grep NS
<br>
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
<br>
google.com.bd.������� 86400��� IN��� NS��� ns2.phpvibe.net.
<br>
google.com.bd.������� 86400��� IN��� NS��� ns1.phpvibe.net.
<br>
<br>
$ dig +norec @jamuna.btcl.net.bd. google.com.bd. a | grep NS
<br>
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
<br>
google.com.bd.������� 86400��� IN��� NS��� ns2.phpvibe.net.
<br>
google.com.bd.������� 86400��� IN��� NS��� ns1.phpvibe.net.
<br>
<br>
$ dig +norec @dns.bd. google.com.bd. a | grep NS
<br>
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
<br>
google.com.bd.������� 86400��� IN��� NS��� ns2.google.com.
<br>
google.com.bd.������� 86400��� IN��� NS��� ns3.google.com.
<br>
google.com.bd.������� 86400��� IN��� NS��� ns4.google.com.
<br>
<br>
I should also check whether the addresses of the nameservers
themselves have been poisoned. Here (UK) I get:
<br>
<br>
$ dig +short surma.btcl.net.bd
<br>
203.112.194.232
<br>
$ dig +short jamuna.btcl.net.bd
<br>
203.112.194.231
<br>
$ dig +short dns.bd
<br>
209.58.24.3
<br>
<br>
That looks correct - at least it agrees with the glue records
returned by the root nameservers:
<br>
<br>
;; ADDITIONAL SECTION:
<br>
dns.bd.����������� 172800��� IN��� A��� 209.58.24.3
<br>
surma.btcl.net.bd.��� 172800��� IN��� A��� 203.112.194.232
<br>
jamuna.btcl.net.bd.��� 172800��� IN��� A��� 203.112.194.231
<br>
<br>
So the most likely thing is that two of those three bd. nameservers
have been attacked somehow <span class="moz-smiley-s2" title=":-("></span>�
It doesn't look like cache poisoning; they are giving authoritative
answers pointing to ns{1,2}.phpvibe.net
<br>
<br>
Regards,<br>
<br>
Brian.<br>
</body>
</html>