Someone recently reached out to me discussing DNS and as that person started taking deep dive in DNS, he came across the glue records. He asked me “Why not just use A records on a sub-zone with glue record at the parent zone”?
This was a fantastic question. I am going to document it in this post on why not. First and foremost let’s have a clear understanding of glue records.
Has been a while since I checked the status of root servers which are hosted at NIXI. The list as per their official member list stays the same i.e i root in Mumbai, K root in Noida and F root in Chennai. i root seems to be up! show ip bgp neighbors 18.104.22.168 received-routes There are 5 received routes from neighbor 22.214.171.124 Searching for matching routes, use ^C to quit... Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop MED LocPrf Weight Status 1 192.
A few days some folks in internet community noticed Cloudflare AS13335 announcing F root server’s routes covering prefix 126.96.36.199/24. dig version.bind ch txt @f.root-servers.net pic.twitter.com/YLW7hqt170
— Tony Finch (@fanf) April 3, 2017 Above tweet shows that case is clearly not a mistake but rather some sort of arrangement between Cloudflare and ISC (which is responsible for F-root). There was another discussion on DNS-OARC mailing list here. From our bgp.he.net tool, one can analyse route propagation for F root’s AS3557.
Yesterday Google’s Bangladeshi website google.com.bd was hacked and this happened via DNS. It was reported on the bdNOG mailing list at morning in a thread started by Mr Omar Ali.
This clearly shows how authoritative DNS for “com.bd.” (which is same as bd. btw) was poisoned and was reflecting attackers authoritative DNS. Later Mr Farhad Ahmed posted a screenshot of google.com.bd showing hackers page:
Later Mr Sumon Ahmed mentioned that it happened because web frontend of .
Talking about root DNS server’s anycast at APNIC42. YouTube here.