[npnog] Tweets about .NP being leaked!!

Kabindra Shrestha kabindra at geeks.net.np
Tue Sep 26 13:27:58 NPT 2017 

Hello Gyanu dai,

I now see the NS list for com.np is changed but the thing is all the locally hosted servers have been removed form the authoritative list of COM.NP.

kabindra$ dig ns com.np +short
ns-ext.vix.com.
ns-ext.isc.org.
sec1.apnic.net.


The only reason you will be getting answer from the locally hosted servers is because they are also carrying COM.NP at the moment, if that isn't the case, we will be querying all the out of Nepal servers to get the delegation info for *.COM.NP servers.

kabindra$ dig ns np. +short
sec3.apnic.net.
ns-ext.isc.org.
np-ns.anycast.pch.net.
shikhar.mos.com.np.
np-ns.npix.net.np.
np.cctld.authdns.ripe.net.

My suggestion, please do not remove the locally hosted or Anycasted servers like,

np-ns.npix.net.np
shikhar.mos.com.np
np-ns.anycast.pch.net


Also, the nameserver "ns-ext.vix.com." listed in the com.np and other *.NP servers is giving NXDOMAIN, so either fix that or remove it from the list.

kabindra$ dig ns-ext.vix.com a

; <<>> DiG 9.11.1-P2 <<>> ns-ext.vix.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63813
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns-ext.vix.com.			IN	A

;; AUTHORITY SECTION:
vix.com.		306	IN	SOA	ns-676.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 2 msec
;; SERVER: 202.79.32.4#53(202.79.32.4)
;; WHEN: Tue Sep 26 13:24:08 NPT 2017
;; MSG SIZE  rcvd: 124

kabindra$ dig ns-ext.vix.com aaaa

; <<>> DiG 9.11.1-P2 <<>> ns-ext.vix.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46020
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns-ext.vix.com.			IN	AAAA

;; AUTHORITY SECTION:
vix.com.		294	IN	SOA	ns-676.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 233 msec
;; SERVER: 202.79.32.4#53(202.79.32.4)
;; WHEN: Tue Sep 26 13:24:10 NPT 2017
;; MSG SIZE  rcvd: 124


  .kabindra


> On Sep 23, 2017, at 7:55 AM, Kabindra Shrestha via npnog <npnog at npnog.org> wrote:
> 
> Hello Gyanu dai,
> 
>> On Sep 23, 2017, at 7:15 AM, Gyanendra Mishra <gyanu at mercantile.com.np> wrote:
>> 
>> 
>> Dear Kabindra,
>> 
>> It is from one of the Australia slave server which we do not have any contact of connect.com.au so it is good we will disable them from list by today.
>> Ie Yakima and warana server of connect.com
> Yes.
> 
>> We will disable and update.
> Great :-).
> 
> .kabindra
> 
>> Thank You.
>> Regards
>> Gyanendra
>> 
>> Sent from my Samsung Galaxy smartphone.
>> 
>> -------- Original message --------
>> From: Kabindra Shrestha via npnog <npnog at npnog.org>
>> Date: 9/23/17 06:52 (GMT+05:45)
>> To: npnog at npnog.org
>> Subject: [npnog] Tweets about .NP being leaked!!
>> 
>> https://twitter.com/i/web/status/911352140580495360
>> '"""
>> Another day, another ccTLD leak: Nepal !
>> (cc
>> @IAmMandatory , Thanks again, root 'NP.' leak detected by TLDR project ;) )
>> """
>> 
>> One of the nameserver for .NP is allowing zone transfers for all globally which isn't necessarily bad and is done on purpose but for .NP I am not sure if that is the case :-).
>> 
>> Interesting tweet from the same guy after analyzing .NP contents :)
>> """
>> Pretty weird root DNS structure, registrations of "*.np" are not allowed actually, but we have multiple domains in it (hello, beer.np).
>> """
>> 
>> """
>> np. -> 285 entries
>> com.np. -> 82963 entries
>> gov.np. -> 5762 entries
>> mil.np. -> 35 entries
>> net.np. -> 1548 entries
>> org.np. -> 14656 entries
>> """
>> 
>> I did inform about that server allowing zone transfer to .NP operator personally last time :-).
>> 
>> 
>> .kabindra
>> 
> 
> _______________________________________________
> npnog mailing list
> npnog at npnog.org
> https://lists.npnog.org/listinfo/npnog

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.npnog.org/pipermail/npnog/attachments/20170926/24b6091d/attachment.sig>

More information about the npnog mailing list