Bdnog

Yesterday Google’s Bangladeshi website google.com.bd was hacked and this happened via DNS. It was reported on the bdNOG mailing list at morning in a thread started by Mr Omar Ali.

This clearly shows how authoritative DNS for “com.bd.” (which is same as bd. btw) was poisoned and was reflecting attackers authoritative DNS. Later Mr Farhad Ahmed posted a screenshot of google.com.bd showing hackers page:

Later Mr Sumon Ahmed mentioned that it happened because web frontend of .bd was compromised. This was an interesting hijack as attacker attacked the key infrastructure of the registry instead of Google or Facebook servers. It’s also a warm reminder of the way DNS depends on the hierarchal structure by design and at this stage, we need to focus on DNSSEC to add on the security to the current system.   Lately .bd domain faced issues multiple time this year. I hope it will have a good stable time in the upcoming year. In terms of stability it is being backed by PCH anycast infrastructure but PCH’s DNS servers are just published in NS records of it’s existing auth servers, but not on the parent zone (which is root zone). Thus the point of failure remains and is yet to be fixed.

Day before yesterday i.e on 18th August 2016 Bangladesh’s TLD .bd went had an outage. It was originally reported by Jasim Alam on bdNOG mailing list.

dig btcl.com.bd @8.8.8.8
; <<>> DiG 9.10.4-P2 <<>> btcl.com.bd @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8114
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;btcl.com.bd.                   IN      A
;; Query time: 76 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 18 14:24:25 Bangladesh Standard Time 2016
;; MSG SIZE  rcvd: 40

His message shows that DNS resolution of BTCL (Bangladesh Telecommunications Company Ltd) was failing. Later Alok Das that it was the power problem resulting in outage. Let’s look ask one of 13 root DNS server about NS records on who has the delegation for .bd.

So last month I had a wonderful trip to Bangladesh for bdNOG. This is bit delayed.  

Some thoughts on infrastructure

1. In terms of infrastructure - roads & traffic, power, quality of builds - it seemed like India in 2000’s.
2. Specifically roads and traffic was bit terrible and even as an Indian (who manages to drive in Indian traffic!) I still got scared out of traffic in Dhaka. Speeds, roughness and overtaking is pretty high.
3. There was no Uber and app based services are still pretty low. It was mostly usual “yellow taxi” which one had to call. (And it was expensive by local standards).
4. There was excessive, just excessive amounts of overhead cabling in Dhaka and most of key city areas. It’s worth noting that there is way more overhead fiber than India. I guess most of it was running “active ethernet” based solutions (not a PON).  Most was just via media converters on both ends.
5. I got 30Mbps speeds in cheap budget hotel in Dhaka which was more higher then what I have ever seen in India! (Speedtest here)
6. Bangladesh currently is connected to outside world via SEA-ME-WE4 (landing at Cox’s Bazaar) and a terrestrial cable route via Kolkata.
7. Overall network connectivity with India is decent since many large Bangladeshi networks buy transit from Tata Communications (AS6453) and Airtel (AS9498). So mostly there’s direct path to India and if not direct then via Singapore which added bit of latency but was not as bad as India-China routes.
8. Bangladesh has a real & functional internet exchange :)

   

This week I presented in bdNOG 4 on “Misused top ASNs”. It was a study we at Hurricane Electric did to see how many times AS1, AS2 and AS3 appeared in global routing table between 2010 and 2015. This highlights cases where AS1, AS2 or AS3 appeared as a result of wrong prepend.  

My presentation is embedded below:

Overall bdNOG 4 had been a great experience. It’s good to see a nice NOG community actively sharing technical know-how, sharing experiences, and much more. I must say that is something I greatly miss in India. More on bdNOG conference later on.