<div dir="ltr">Getting different output for NS record.<div><br></div><div><div>imtiaz@ip-172-31-21-211:~$<b> host -vt ns <a href="http://google.com.bd">google.com.bd</a> 8.8.8.8</b></div><div>Trying "<a href="http://google.com.bd">google.com.bd</a>"</div><div>Using domain server:</div><div>Name: 8.8.8.8</div><div>Address: 8.8.8.8#53</div><div>Aliases:</div><div><br></div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45935</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0</div><div><br></div><div>;; QUESTION SECTION:</div><div>;<a href="http://google.com.bd">google.com.bd</a>. IN NS</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://google.com.bd">google.com.bd</a>. 86399 IN NS <a href="http://ns3.google.com">ns3.google.com</a>.</div><div><a href="http://google.com.bd">google.com.bd</a>. 86399 IN NS <a href="http://ns1.google.com">ns1.google.com</a>.</div><div><a href="http://google.com.bd">google.com.bd</a>. 86399 IN NS <a href="http://ns2.google.com">ns2.google.com</a>.</div><div><a href="http://google.com.bd">google.com.bd</a>. 86399 IN NS <a href="http://ns4.google.com">ns4.google.com</a>.</div><div><br></div><div>Received 113 bytes from 8.8.8.8#53 in 5 ms</div><div><br></div><div><br></div><div>imtiaz@ip-172-31-21-211:~$ <b>host -vt ns <a href="http://google.com.bd">google.com.bd</a> 8.8.8.8</b></div><div>Trying "<a href="http://google.com.bd">google.com.bd</a>"</div><div>Using domain server:</div><div>Name: 8.8.8.8</div><div>Address: 8.8.8.8#53</div><div>Aliases:</div><div><br></div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37848</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0</div><div><br></div><div>;; QUESTION SECTION:</div><div>;<a href="http://google.com.bd">google.com.bd</a>. IN NS</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://google.com.bd">google.com.bd</a>. 51126 IN NS <a href="http://ns601.dnsserverboot.com">ns601.dnsserverboot.com</a>.</div><div><a href="http://google.com.bd">google.com.bd</a>. 51126 IN NS <a href="http://ns602.dnsserverboot.com">ns602.dnsserverboot.com</a>.</div><div><br></div><div>Received 88 bytes from 8.8.8.8#53 in 4 ms</div><div>imtiaz@ip-172-31-21-211:~$</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 20, 2016 at 6:17 PM, Sumon Ahmed Sabir <span dir="ltr"><<a href="mailto:sumon@fiberathome.net" target="_blank">sumon@fiberathome.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div><br></div><div>Google is probably waiting for stability.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 20 Dec 2016 at 18:11 Md. Anisuzzaman Bhuiyan <<a href="mailto:anisuzzamanb@yahoo.com" target="_blank">anisuzzamanb@yahoo.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="m_-696136838394077084gmail_msg"><div style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:24px" class="m_-696136838394077084gmail_msg">Seems not resolved yet. We are getting response from <a href="http://google.com" class="m_-696136838394077084gmail_msg" target="_blank">google.com</a> instead of <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a></div></div><div><div class="h5"><div class="m_-696136838394077084gmail_msg"><div style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:24px" class="m_-696136838394077084gmail_msg"><br class="m_-696136838394077084gmail_msg"><div id="m_-696136838394077084m_9573534953767200yui_3_16_0_ym19_1_1482219840167_46839" class="m_-696136838394077084gmail_msg"><span class="m_-696136838394077084gmail_msg"></span></div> <div class="m_-696136838394077084m_9573534953767200qtdSeparateBR m_-696136838394077084gmail_msg"><br class="m_-696136838394077084gmail_msg"><br class="m_-696136838394077084gmail_msg"></div><div class="m_-696136838394077084m_9573534953767200yahoo_quoted m_-696136838394077084gmail_msg" style="display:block"> <div style="font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:24px" class="m_-696136838394077084gmail_msg"> <div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px" class="m_-696136838394077084gmail_msg"> <div dir="ltr" class="m_-696136838394077084gmail_msg"><font size="2" face="Arial" class="m_-696136838394077084gmail_msg"> On Tuesday, December 20, 2016 5:31 PM, Kabindra Shrestha <<a href="mailto:kabindra@geeks.net.np" class="m_-696136838394077084gmail_msg" target="_blank">kabindra@geeks.net.np</a>> wrote:<br class="m_-696136838394077084gmail_msg"></font></div> <br class="m_-696136838394077084gmail_msg"><br class="m_-696136838394077084gmail_msg"> <div class="m_-696136838394077084m_9573534953767200y_msg_container m_-696136838394077084gmail_msg"><br clear="none" class="m_-696136838394077084gmail_msg">> On Dec 20, 2016, at 4:57 PM, Sumon Ahmed Sabir <<a shape="rect" href="mailto:sumon@fiberathome.net" class="m_-696136838394077084gmail_msg" target="_blank">sumon@fiberathome.net</a>> wrote:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Got the actual fact. The WebFront end of the .BD was compromised. So hacker changed some DNS record via that.<br clear="none" class="m_-696136838394077084gmail_msg">> At this moment it seems fixed.<br clear="none" class="m_-696136838394077084gmail_msg"><br clear="none" class="m_-696136838394077084gmail_msg">That's what I thought.<br clear="none" class="m_-696136838394077084gmail_msg"><br clear="none" class="m_-696136838394077084gmail_msg">Great work Sumon da.<br clear="none" class="m_-696136838394077084gmail_msg"><br clear="none" class="m_-696136838394077084gmail_msg">Thanks.<br clear="none" class="m_-696136838394077084gmail_msg"> -kabindra<div class="m_-696136838394077084m_9573534953767200yqt3890905017 m_-696136838394077084gmail_msg" id="m_-696136838394077084m_9573534953767200yqtfd40227"><br clear="none" class="m_-696136838394077084gmail_msg"><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> -sumon<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Sumons-MacBook-Air:~ sumon$ host -vt ns <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a> <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Trying "<a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>"<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Using domain server:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Name: <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Address: 2407:5000:88:5::3#53<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Aliases:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48765<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; QUESTION SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;<a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. IN NS<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; AUTHORITY SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns4.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns4.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns2.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns2.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns3.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns3.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Received 95 bytes from 2407:5000:88:5::3#53 in 1003 ms<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Sumons-MacBook-Air:~ sumon$ host -vt ns <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a> <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Trying "<a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>"<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Using domain server:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Name: <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Address: 203.112.194.232#53<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Aliases:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14716<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; QUESTION SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;<a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. IN NS<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; AUTHORITY SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns4.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns4.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns2.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns2.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns3.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns3.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Received 95 bytes from 203.112.194.232#53 in 192 ms<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Sumons-MacBook-Air:~ sumon$ host -vt ns <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a> <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Trying "<a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>"<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Using domain server:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Name: <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Address: 203.112.194.232#53<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Aliases:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50416<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; QUESTION SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;<a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. IN NS<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ;; AUTHORITY SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns4.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns4.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns2.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns2.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns3.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns3.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Received 95 bytes from 203.112.194.232#53 in 214 ms<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> On Tue, 20 Dec 2016 at 16:13 Kabindra Shrestha <<a shape="rect" href="mailto:kabindra@geeks.net.np" class="m_-696136838394077084gmail_msg" target="_blank">kabindra@geeks.net.np</a>> wrote:<br clear="none" class="m_-696136838394077084gmail_msg">> Wow, they manage to change it again.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Like I mentioned in my previous mail to the list, I strongly believe it is their master server or registry portal that is compromised and they should temporarily disable their domain registry portal to further analyse into it, along with filtering the access.<br clear="none" class="m_-696136838394077084gmail_msg">> They seem to have updated the filter but they have also updated DNS filter and I can confirm (since we also slave <a href="http://com.bd" class="m_-696136838394077084gmail_msg" target="_blank">com.bd</a>) we no longer are able to do the zone transfer, so that is the reason that you are not seeing two of the servers with fake NS list.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> $ dig @x.x.x.x axfr <a href="http://com.bd" class="m_-696136838394077084gmail_msg" target="_blank">com.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ; <<>> DiG 9.9.9-P3 <<>> @ x.x.x.x axfr <a href="http://com.bd" class="m_-696136838394077084gmail_msg" target="_blank">com.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> ; (1 server found)<br clear="none" class="m_-696136838394077084gmail_msg">> ;; global options: +cmd<br clear="none" class="m_-696136838394077084gmail_msg">> ;; connection timed out; no servers could be reached<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> If you see, the nameserver for .<a href="http://COM.BD" class="m_-696136838394077084gmail_msg" target="_blank">COM.BD</a> are now carrying varying serials.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> $ dig +nssearch <a href="http://com.bd" class="m_-696136838394077084gmail_msg" target="_blank">com.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> SOA <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122031 14400 3600 604800 86400 from server 204.61.216.108 in 3 ms.<br clear="none" class="m_-696136838394077084gmail_msg">> SOA <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122031 14400 3600 604800 86400 from server 209.58.24.3 in 376 ms.<br clear="none" class="m_-696136838394077084gmail_msg">> SOA <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122036 14400 3600 604800 86400 from server 203.112.194.231 in 386 ms.<br clear="none" class="m_-696136838394077084gmail_msg">> SOA <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122036 14400 3600 604800 86400 from server 203.112.194.232 in 550 ms<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> for n in `dig ns <a href="http://com.bd" class="m_-696136838394077084gmail_msg" target="_blank">com.bd</a> +short`; do echo $n; dig @$n soa <a href="http://com.bd" class="m_-696136838394077084gmail_msg" target="_blank">com.bd</a> +short; echo ; done<br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122031 14400 3600 604800 86400<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://bd-ns.anycast.pch.net" class="m_-696136838394077084gmail_msg" target="_blank">bd-ns.anycast.pch.net</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122031 14400 3600 604800 86400<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122035 14400 3600 604800 86400<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://jamuna.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">jamuna.btcl.net.bd</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://root.dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">root.dns.bd</a>. 2016122035 14400 3600 604800 86400<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Only reverting back to the original content will not help solve this problem, they have to analyse and figure out the loophole.<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> Thanks.<br clear="none" class="m_-696136838394077084gmail_msg">> -kabindra<br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> > On Dec 20, 2016, at 3:01 PM, Brian Candler <<a shape="rect" href="mailto:brian@nsrc.org" class="m_-696136838394077084gmail_msg" target="_blank">brian@nsrc.org</a>> wrote:<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > On 20/12/2016 05:33, Omar Ali wrote:<br clear="none" class="m_-696136838394077084gmail_msg">> >> Please someone help BTCL to fix NS record to actual NS<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > The replies from the BD nameservers are inconsistent:<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > $ dig +norec @<a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a>. <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. a | grep NS<br clear="none" class="m_-696136838394077084gmail_msg">> > ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns2.phpvibe.net" class="m_-696136838394077084gmail_msg" target="_blank">ns2.phpvibe.net</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns1.phpvibe.net" class="m_-696136838394077084gmail_msg" target="_blank">ns1.phpvibe.net</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > $ dig +norec @<a href="http://jamuna.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">jamuna.btcl.net.bd</a>. <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. a | grep NS<br clear="none" class="m_-696136838394077084gmail_msg">> > ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns2.phpvibe.net" class="m_-696136838394077084gmail_msg" target="_blank">ns2.phpvibe.net</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns1.phpvibe.net" class="m_-696136838394077084gmail_msg" target="_blank">ns1.phpvibe.net</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > $ dig +norec @<a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. a | grep NS<br clear="none" class="m_-696136838394077084gmail_msg">> > ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns2.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns2.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns3.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns3.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://google.com.bd" class="m_-696136838394077084gmail_msg" target="_blank">google.com.bd</a>. 86400 IN NS <a href="http://ns4.google.com" class="m_-696136838394077084gmail_msg" target="_blank">ns4.google.com</a>.<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > I should also check whether the addresses of the nameservers themselves have been poisoned. Here (UK) I get:<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > $ dig +short <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> > 203.112.194.232<br clear="none" class="m_-696136838394077084gmail_msg">> > $ dig +short <a href="http://jamuna.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">jamuna.btcl.net.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> > 203.112.194.231<br clear="none" class="m_-696136838394077084gmail_msg">> > $ dig +short <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a><br clear="none" class="m_-696136838394077084gmail_msg">> > 209.58.24.3<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > That looks correct - at least it agrees with the glue records returned by the root nameservers:<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > ;; ADDITIONAL SECTION:<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://dns.bd" class="m_-696136838394077084gmail_msg" target="_blank">dns.bd</a>. 172800 IN A 209.58.24.3<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://surma.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">surma.btcl.net.bd</a>. 172800 IN A 203.112.194.232<br clear="none" class="m_-696136838394077084gmail_msg">> > <a href="http://jamuna.btcl.net.bd" class="m_-696136838394077084gmail_msg" target="_blank">jamuna.btcl.net.bd</a>. 172800 IN A 203.112.194.231<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > So the most likely thing is that two of those three bd. nameservers have been attacked somehow It doesn't look like cache poisoning; they are giving authoritative answers pointing to ns{1,2}.<a href="http://phpvibe.net" class="m_-696136838394077084gmail_msg" target="_blank">phpvibe.net</a><br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > Regards,<br clear="none" class="m_-696136838394077084gmail_msg">> ><br clear="none" class="m_-696136838394077084gmail_msg">> > Brian.<br clear="none" class="m_-696136838394077084gmail_msg">> > ______________________________<wbr>_________________<br clear="none" class="m_-696136838394077084gmail_msg">> > nog mailing list<br clear="none" class="m_-696136838394077084gmail_msg">> > <a shape="rect" href="mailto:nog@bdnog.org" class="m_-696136838394077084gmail_msg" target="_blank">nog@bdnog.org</a><br clear="none" class="m_-696136838394077084gmail_msg">> > <a shape="rect" href="http://mailman.bdnog.org/mailman/listinfo/nog" class="m_-696136838394077084gmail_msg" target="_blank">http://mailman.bdnog.org/<wbr>mailman/listinfo/nog</a><br clear="none" class="m_-696136838394077084gmail_msg">> <br clear="none" class="m_-696136838394077084gmail_msg">> ______________________________<wbr>_________________<br clear="none" class="m_-696136838394077084gmail_msg">> nog mailing list<br clear="none" class="m_-696136838394077084gmail_msg">> <a shape="rect" href="mailto:nog@bdnog.org" class="m_-696136838394077084gmail_msg" target="_blank">nog@bdnog.org</a><br clear="none" class="m_-696136838394077084gmail_msg">> <a shape="rect" href="http://mailman.bdnog.org/mailman/listinfo/nog" class="m_-696136838394077084gmail_msg" target="_blank">http://mailman.bdnog.org/<wbr>mailman/listinfo/nog</a><br clear="none" class="m_-696136838394077084gmail_msg"></div><br class="m_-696136838394077084gmail_msg"><div class="m_-696136838394077084m_9573534953767200yqt3890905017 m_-696136838394077084gmail_msg" id="m_-696136838394077084m_9573534953767200yqtfd58659">______________________________<wbr>_________________<br clear="none" class="m_-696136838394077084gmail_msg">nog mailing list<br clear="none" class="m_-696136838394077084gmail_msg"><a shape="rect" href="mailto:nog@bdnog.org" class="m_-696136838394077084gmail_msg" target="_blank">nog@bdnog.org</a><br clear="none" class="m_-696136838394077084gmail_msg"><a shape="rect" href="http://mailman.bdnog.org/mailman/listinfo/nog" class="m_-696136838394077084gmail_msg" target="_blank">http://mailman.bdnog.org/<wbr>mailman/listinfo/nog</a><br clear="none" class="m_-696136838394077084gmail_msg"></div><br class="m_-696136838394077084gmail_msg"><br class="m_-696136838394077084gmail_msg"></div> </div> </div> </div></div></div></div></div></blockquote></div>
<br>______________________________<wbr>_________________<br>
nog mailing list<br>
<a href="mailto:nog@bdnog.org">nog@bdnog.org</a><br>
<a href="http://mailman.bdnog.org/mailman/listinfo/nog" rel="noreferrer" target="_blank">http://mailman.bdnog.org/<wbr>mailman/listinfo/nog</a><br>
<br></blockquote></div><br></div>