View Single Post
Old 11th January 2007, 07:14
wiremeister wiremeister is offline
Junior Member
Join Date: Sep 2006
Posts: 23
Thanks: 0
Thanked 1 Time in 1 Post
Default Glue problem or something else?


I want to make certain I'm understanding correctly what a glue record is, and how it relates to the .net root servers and ultimately allows access to our web pages.

Below is a copy of the forward zone for (the reverse zone has a PTR going to this record):

$TTL 86400
@ IN SOA (
2007010702 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
NS ; Inet Address of name server 1
NS ; Inet Address of name server 2

ns3 MX 10 A
mail A
www A A A

ftp CNAME www. TXT "v=spf1 ip4: ip4: ip4: ip4: ip4: a mx ptr include:yes ~all" TXT "v=spf1 ip4: ip4: ip4: ip4: ip4: a mx ptr include:yes ~all"


My understanding of a glue record is what is displayed above as an 'A' record showing NS3 and NS4 and the IP of those servers. Is this correct?

A dig @(All 13) any yield the same result (below). Response time only varies from 39 to 305msec.:

; <<>> DiG 9.3.2 <<>> any
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8852
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2


;; ANSWER SECTION: 172800 IN NS 172800 IN NS


;; ADDITIONAL SECTION: 172800 IN A 172800 IN A

;; Query time: 53 msec
;; WHEN: Wed Jan 10 19:50:43 2007
;; MSG SIZE rcvd: 132

Again, my understanding is that the 'glue' is the ns3 and ns4 shown in the Additional Section above. Is this correct?

Digging at the root servers also shows the same information for ns3 and Our nameservers.

GoDaddy (I called today), nice as they are, and helpful as they try to be are no help at all with this particular problem. Based on everything I've read, and everything I've tried, we should be able to reach a web page on our servers. Yet we cannot. We cannot dig ns3 or ns4, yet glue records appear to be in place though we can dig @(IP) each of our nameservers. Unless I'm misunderstanding what, and where a glue record is, and is kept.

I've tried very hard to trace the problem from both ends, looking toward the middle. Syntax, and all records appear to be in place as they should be in both our servers, and the root servers.

One other thing. A traceroute to ns3 done at dnsstuff shows the destination as I called Comcast (our provider), and asked if any server sending queries to our server would see the same information appended after the IP number as above. They did not know, but tried a traceroute of thier own. Thier query timed out two hops before getting to our IP twice. So it would appear as though there is a block of some kind within Comcast's network (or at least that particular server). At least that is my supposition. Thier DNS folks are supposed to contact me in the next day or two. I've also done digs at Comcast's own nameservers, and they bring up the appropriate records as my other digs.

Since our zone records match those of GoDaddy and the root servers (including glue records) and digs done at both ends are the same, does my thought of Comcast blocking access to our server somewhere in thier system make sense? Could they have a bad dns entry of thier own that disrupts the information path? I'm very curious if I could be on to something, or if I'm merely blowing smoke!

Thanks! I don't think I'm going crazy here.... no. That's wrong. I have kids. I lost my mind a long time ago! Well at least I'm getting a good education on server administration and dns! (With some help I might add......)

Last edited by wiremeister; 11th January 2007 at 08:20.
Reply With Quote