[bdNOG] About google.com.bd
Brian Candler
brian at nsrc.org
Tue Dec 20 15:16:57 BDT 2016
On 20/12/2016 05:33, Omar Ali wrote:
> Please someone help BTCL to fix NS record to actual NS
The replies from the BD nameservers are inconsistent:
$ dig +norec @surma.btcl.net.bd. google.com.bd. a | grep NS
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
google.com.bd. 86400 IN NS ns2.phpvibe.net.
google.com.bd. 86400 IN NS ns1.phpvibe.net.
$ dig +norec @jamuna.btcl.net.bd. google.com.bd. a | grep NS
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
google.com.bd. 86400 IN NS ns2.phpvibe.net.
google.com.bd. 86400 IN NS ns1.phpvibe.net.
$ dig +norec @dns.bd. google.com.bd. a | grep NS
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
google.com.bd. 86400 IN NS ns2.google.com.
google.com.bd. 86400 IN NS ns3.google.com.
google.com.bd. 86400 IN NS ns4.google.com.
I should also check whether the addresses of the nameservers themselves
have been poisoned. Here (UK) I get:
$ dig +short surma.btcl.net.bd
203.112.194.232
$ dig +short jamuna.btcl.net.bd
203.112.194.231
$ dig +short dns.bd
209.58.24.3
That looks correct - at least it agrees with the glue records returned
by the root nameservers:
;; ADDITIONAL SECTION:
dns.bd. 172800 IN A 209.58.24.3
surma.btcl.net.bd. 172800 IN A 203.112.194.232
jamuna.btcl.net.bd. 172800 IN A 203.112.194.231
So the most likely thing is that two of those three bd. nameservers have
been attacked somehow It doesn't look like cache poisoning; they are
giving authoritative answers pointing to ns{1,2}.phpvibe.net
Regards,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20161220/91e85ee3/attachment.html>
More information about the nog
mailing list