Bangladesh

A few weeks back I got in touch with Marc from Meghalaya. He offered to host RIPE Atlas probe at Shillong and that’s an excellent location which isn’t there on RIPE Atlas coverage network yet. It took around 5 days for the probe to reach Shillong from Haryana. I think probably this probe is the one at the most beautiful place in India. :) Now that probe is connected, I thought to look into routing which is super exciting for far from places like Shillong. Marc has a BSNL FTTH connection & mentioned about not-so-good latency. Let’s trace to 1st IP of the corresponding /24 pool on which probe is hosted:

India has a slum problem as many of us know. Slums are a serious problem and there’s just no easy way to fix them. One cannot just push thousands and thousands of people out while at the same time quality of life in slums is terrible. One thing which happens a lot in India is the fact that Govt. does nothing when slums are getting established and once they are established situation gets out of control.    

Earlier this month I got an opportunity to be part of IXP workshop in Kolkata. It was a 3-day event organised by ISOC Kolkata and supported by APNIC. There was also a workshop on DNSSEC and Champika Wijayatunga (from ICANN) was the instructor along with Anand Raje. It was a nice event and I come to know of other interesting projects ISOC Kolkata is doing like Indian IETF capacity building program apart from the IXP they are running in Kolkata. Mr Anupam Aggarwal and Anand showed the IX and it looks very good. I think it’s the first and only IX I know in India which is a real IX with proper policy. It’s an IX by a non-for-profit group, allows anyone to connect, a real layer 2 IX and welcomes anyone including ISPs, content players and root DNS servers. Presently IIFON-IX in Kolkata has few member ISPs besides the L root from ICANN and one of Verisign gTLD nodes (which host zones for .com, .net etc). I also saw a rack with some of Akamai CDN servers. This brings decent content right there. IX’es play an extremely important part of current internet infrastructure ecosystem. It’s very likely that content of this blog is travelling from my server to your browser from an Internet Exchange. :)  

Yesterday Google’s Bangladeshi website google.com.bd was hacked and this happened via DNS. It was reported on the bdNOG mailing list at morning in a thread started by Mr Omar Ali.

This clearly shows how authoritative DNS for “com.bd.” (which is same as bd. btw) was poisoned and was reflecting attackers authoritative DNS. Later Mr Farhad Ahmed posted a screenshot of google.com.bd showing hackers page:

Later Mr Sumon Ahmed mentioned that it happened because web frontend of .bd was compromised. This was an interesting hijack as attacker attacked the key infrastructure of the registry instead of Google or Facebook servers. It’s also a warm reminder of the way DNS depends on the hierarchal structure by design and at this stage, we need to focus on DNSSEC to add on the security to the current system.   Lately .bd domain faced issues multiple time this year. I hope it will have a good stable time in the upcoming year. In terms of stability it is being backed by PCH anycast infrastructure but PCH’s DNS servers are just published in NS records of it’s existing auth servers, but not on the parent zone (which is root zone). Thus the point of failure remains and is yet to be fixed.

Bangladesh’s .bd ccTLD faced another outage. As I mentioned in one of the previous posts - .bd domain seems to be primarily on BTCL (AS17494).  Zone delegation of .bd is still pending with PCH and while PCH is mentioned in NS records of the authoritative DNS servers but delegation is pending in the root DNS servers as per reply from Kabindra from PCH on the bdNOG mailing list during the last outage.