View Single Post
  #10  
Old 12th January 2007, 11:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by wiremeister
Falko.

I want to make certain I'm understanding correctly what a glue record is, and how it relates to the .net root servers and ultimately allows access to our web pages.

Below is a copy of the forward zone for sheltiehosting.net (the reverse zone has a PTR going to this record):

$TTL 86400
@ IN SOA ns3.sheltiehosting.net. webmaster.sheltiehosting.net. (
2007010702 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;
NS ns3.sheltiehosting.net. ; Inet Address of name server 1
NS ns4.sheltiehosting.net. ; Inet Address of name server 2
;

ns3 MX 10 mail.sheltiehosting.net.

sheltiehosting.net. A 74.92.214.65
mail A 74.92.214.65
www A 74.92.214.65
ns3.sheltiehosting.net A 74.92.214.65
ns4.sheltiehosting.net A 74.92.214.66

ftp CNAME www.

ns3.sheltiehosting.net. TXT "v=spf1 ip4:74.92.214.65 ip4:74.92.214.66 ip4:74.92.214.67 ip4:74.92.214.68 ip4:74.92.214.69 a mx ptr include:yes ~all"
mail.sheltiehosting.net. TXT "v=spf1 ip4:74.92.214.65 ip4:74.92.214.66 ip4:74.92.214.67 ip4:74.92.214.68 ip4:74.92.214.69 a mx ptr include:yes ~all"

;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;

My understanding of a glue record is what is displayed above as an 'A' record showing NS3 and NS4 and the IP of those servers. Is this correct?

A dig @(All 13).gtld-servers.net any sheltiehosting.net yield the same result (below). Response time only varies from 39 to 305msec.:

; <<>> DiG 9.3.2 <<>> @c.gtld-servers.net any sheltiehosting.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8852
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;sheltiehosting.net. IN ANY

;; ANSWER SECTION:
sheltiehosting.net. 172800 IN NS ns3.sheltiehosting.net.
sheltiehosting.net. 172800 IN NS ns4.sheltiehosting.net.

;; AUTHORITY SECTION:
sheltiehosting.net. 172800 IN NS ns3.sheltiehosting.net.
sheltiehosting.net. 172800 IN NS ns4.sheltiehosting.net.

;; ADDITIONAL SECTION:
ns3.sheltiehosting.net. 172800 IN A 74.92.214.65
ns4.sheltiehosting.net. 172800 IN A 74.92.214.66

;; Query time: 53 msec
;; SERVER: 192.26.92.30#53(192.26.92.30)
;; WHEN: Wed Jan 10 19:50:43 2007
;; MSG SIZE rcvd: 132


Again, my understanding is that the 'glue' is the ns3 and ns4 shown in the Additional Section above. Is this correct?

Digging at the root servers also shows the same information for ns3 and ns4.sheltiehosting.net. Our nameservers.

GoDaddy (I called today), nice as they are, and helpful as they try to be are no help at all with this particular problem. Based on everything I've read, and everything I've tried, we should be able to reach a web page on our servers. Yet we cannot. We cannot dig ns3 or ns4, yet glue records appear to be in place though we can dig @(IP) each of our nameservers. Unless I'm misunderstanding what, and where a glue record is, and is kept.

I've tried very hard to trace the problem from both ends, looking toward the middle. Syntax, and all records appear to be in place as they should be in both our servers, and the root servers.
ns3 and ns4 are resolved now:

Code:
mh1:~# dig ns3.sheltiehosting.net

; <<>> DiG 9.2.1 <<>> ns3.sheltiehosting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28905
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns3.sheltiehosting.net.                IN      A

;; ANSWER SECTION:
ns3.sheltiehosting.net. 172800  IN      A       74.92.214.65

;; Query time: 63 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Fri Jan 12 11:06:09 2007
;; MSG SIZE  rcvd: 56

mh1:~# dig ns4.sheltiehosting.net

; <<>> DiG 9.2.1 <<>> ns4.sheltiehosting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14304
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns4.sheltiehosting.net.                IN      A

;; ANSWER SECTION:
ns4.sheltiehosting.net. 172794  IN      A       74.92.214.66

;; Query time: 9 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Fri Jan 12 11:06:15 2007
;; MSG SIZE  rcvd: 56
but when I ask them to resolve a domain for me, I get no answer:

Code:
mh1:~# dig @ns4.sheltiehosting.net sheltiehosting.net

; <<>> DiG 9.2.1 <<>> @ns4.sheltiehosting.net sheltiehosting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45700
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.sheltiehosting.net.                IN      A

;; Query time: 3310 msec
;; SERVER: 145.253.2.75#53(ns4.sheltiehosting.net)
;; WHEN: Fri Jan 12 11:07:03 2007
;; MSG SIZE  rcvd: 40

mh1:~# dig @ns4.sheltiehosting.net google.de

; <<>> DiG 9.2.1 <<>> @ns4.sheltiehosting.net google.de
;; global options:  printcmd
;; connection timed out; no servers could be reached
mh1:~# dig @74.92.214.66 google.de

; <<>> DiG 9.2.1 <<>> @74.92.214.66 google.de
;; global options:  printcmd
;; connection timed out; no servers could be reached
mh1:~# dig @74.92.214.65 google.de

; <<>> DiG 9.2.1 <<>> @74.92.214.65 google.de
;; global options:  printcmd
;; connection timed out; no servers could be reached
This leads me to the assumption that BIND isn't running on ns3 and ns4, or that your firewall is blocking port 53 (TCP and UDP).

This is the definition of a glue record (from Wikipedia):

Quote:
Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a circular dependency if the nameserver referred to is under the domain that it is authoritative of, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record.
So on some nameserver (the delegating one) there is now stored the IP address of ns3 and ns4.


Quote:
Originally Posted by wiremeister
One other thing. A traceroute to ns3 done at dnsstuff shows the destination as 74.92.214.65-colorado.hfc.comcastbusiness.net. I called Comcast (our provider), and asked if any server sending queries to our server would see the same information appended after the IP number as above.
Yes. That's the reverse record for the 74.92.214.65 IP address:

Code:
mh1:~# dig -x 74.92.214.65

; <<>> DiG 9.2.1 <<>> -x 74.92.214.65
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30544
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;65.214.92.74.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
65.214.92.74.in-addr.arpa. 3600 IN      PTR     74-92-214-65-Colorado.hfc.comcastbusiness.net.

;; Query time: 104 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Fri Jan 12 11:15:28 2007
;; MSG SIZE  rcvd: 102
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote