dns

Glue records ≠ A record replacement

Anurag Bhatia
Someone recently reached out to me discussing DNS and as that person started taking deep dive in DNS, he came across the glue records. He asked me “Why not just use A records on a sub-zone with glue record at the parent zone”? This was a fantastic question. I am going to document it in this post on why not. First and foremost let’s have a clear understanding of glue records.

NIXI root DNS servers and updates

Anurag Bhatia
Has been a while since I checked the status of root servers which are hosted at NIXI. The list as per their official member list stays the same i.e i root in Mumbai, K root in Noida and F root in Chennai. i root seems to be up! show ip bgp neighbors 218.100.48.75 received-routes There are 5 received routes from neighbor 218.100.48.75 Searching for matching routes, use ^C to quit... Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop MED LocPrf Weight Status 1 192.

Cloudflare hosting F root server

Anurag Bhatia
A few days some folks in internet community noticed Cloudflare AS13335 announcing F root server’s routes covering prefix 192.5.5.0/24. dig version.bind ch txt @f.root-servers.net pic.twitter.com/YLW7hqt170 — Tony Finch (@fanf) April 3, 2017 Above tweet shows that case is clearly not a mistake but rather some sort of arrangement between Cloudflare and ISC (which is responsible for F-root). There was another discussion on DNS-OARC mailing list here. From our bgp.he.net tool, one can analyse route propagation for F root’s AS3557.

DNS hack of Google, Facebook more sites in .bd

Anurag Bhatia
Yesterday Google’s Bangladeshi website google.com.bd was hacked and this happened via DNS. It was reported on the bdNOG mailing list at morning in a thread started by Mr Omar Ali. This clearly shows how authoritative DNS for “com.bd.” (which is same as bd. btw) was poisoned and was reflecting attackers authoritative DNS. Later Mr Farhad Ahmed posted a screenshot of google.com.bd showing hackers page: Later Mr Sumon Ahmed mentioned that it happened because web frontend of .