[bdNOG] About google.com.bd

Anurag Bhatia me at anuragbhatia.com
Wed Dec 21 16:15:39 BDT 2016


Sorry, ignore my last mail about how it was hacked. Just noticed your
previous message:


*"Got the actual fact. The WebFront end of the .BD was compromised. So
hacker changed some DNS record via that.*
*At this moment it seems fixed. " *





Thanks for info Sumon!

On Wed, Dec 21, 2016 at 3:39 PM, Anurag Bhatia <me at anuragbhatia.com> wrote:

> Hi Sumon
>
>
> Was wondering if it's known on how delegation was changed? Was it some
> vulnerability in exposed APIs or someone managed to do it right on master
> server?
>
>
> On an unrelated note: It seems like PCH's bd-ns.anycast.pch.net. is still
> not published on the root servers and this will impact if existing three *(which
> all happen to be in bd)* have any issues. In current scenario recursors
> will cache NS records from existing three auth which includes 4th auth of
> PCH. Thus the presence of PCH's auth in NS records will help only if at
> least one of three others stays available else fresh query will just fail
> because of missing delegation to PCH on the parent (root zone).
>
>
>
>
> dig @i.root-servers.net. bd. ns  +auth
>
> ; <<>> DiG 9.8.3-P1 <<>> @i.root-servers.net. bd. ns +auth
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29491
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;bd. IN NS
>
> ;; AUTHORITY SECTION:
> bd. 172800 IN NS surma.btcl.net.bd.
> bd. 172800 IN NS dns.bd.
> bd. 172800 IN NS jamuna.btcl.net.bd.
>
> ;; ADDITIONAL SECTION:
> dns.bd. 172800 IN A 209.58.24.3
> surma.btcl.net.bd. 172800 IN A 203.112.194.232
> jamuna.btcl.net.bd. 172800 IN A 203.112.194.231
>
> ;; Query time: 295 msec
> ;; SERVER: 2001:7fe::53#53(2001:7fe::53)
> ;; WHEN: Wed Dec 21 15:34:48 2016
> ;; MSG SIZE  rcvd: 136
>
>
>
> Thanks
>
> On Wed, Dec 21, 2016 at 3:54 AM, Sumon Ahmed Sabir <sumon at fiberathome.net>
> wrote:
>
>>
>> Yes Donald.
>>
>> I can see that the .BD ccTLD is normal for last 12 hours. Hope it remains
>> so.
>>
>> Signing root zone is overdue for long time. Lets see if we can push it
>> forward with this incident....
>> Singing the root zone and also some capacity building to maintain it
>> properly.
>>
>> In fact still they are not ready or capable to maintain DNSSEC.
>>
>> -sumon
>>
>> On Tue, 20 Dec 2016 at 21:48 Donald Clark <dsc at google.com> wrote:
>>
>>> Hi all
>>>
>>> Thanks for sharing all this on BDNOG list.  Can some of you out there
>>> confirm that this .bd ccTLD is now behaving correctly again?
>>>
>>> Not a whole lot we can do if a ccTLD has been impacted.
>>>
>>> Time for signing the root zone?
>>> _______________________________________________
>>> nog mailing list
>>> nog at bdnog.org
>>> http://mailman.bdnog.org/mailman/listinfo/nog
>>>
>>
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org
>> http://mailman.bdnog.org/mailman/listinfo/nog
>>
>>
>
>
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>



-- 


Anurag Bhatia
anuragbhatia.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20161221/93ea59c3/attachment-0001.html>


More information about the nog mailing list