ATTN GARY KLINE

Jon Radel jon at radel.com
Fri Nov 5 05:32:19 UTC 2010 

On 11/5/10 12:22 AM, kline wrote:
>
> i''m using evo to be able to click on.  i have fewer ``Fail'' type
> responses, but do not understand the failure messages.  Also, since it
> has been 9.5 years since I read DNS AND BIND, the jargon  is lost.  What
> does "glue" means? and how should I resolve?
>
> It is time to  get this stuff arrow-straight, so hoping that someone
> on-list can clue me in.
>
>
> tx,
>
>
> gary
>
> http://www.dnscog.com/report/thought.org/1288928790
If your parents, the nameservers authoritative for .org, tell the world 
that one of the nameservers for thought.org is ns1.thought.org, they 
also have to tell the world what the IP address for ns1.thought.org is 
using an A record.  That A record is glue.  Otherwise you get a machine 
conversation something like:

Resolving nameserver trying to find a record in the thought.org zone 
(RN):  Please Mr. root server, I'd like to know about www.thought.org....
Root:  See the .org folks over there....
RN:  Please Mr. top-level dude, about that www.thought.org....
Org: Well, see ns1.thought.org....
RN:  Ahem, I'm trying to find out basic stuff about thought.org and I 
don't know the address for ns1.thought.org in order to ask it
Org:  Well, ask ns1.thought.org what the address for ns1.thought.org is...
RN:  But, but, but....followed by petulant stomping off

Glue A records fix that problem.

BTW, the fact that a glue record isn't returned for ns2.everydns.net in 
response to a query about NS records for thought.org really isn't a 
problem; note the "info" rather than "fail" from DNSCog.

Biggest problem I still see is that ns2.everydns.net refuses to respond 
to queries about thought.org.  You sure your account there is still 
active and functional and that you're allowing zone transfers to them?  
I note that you don't allow transfers from arbitrary addresses, and 
http://www.everydns.com/faq/secondary-domain/example-setup does warn 
that the source address for transfer requests was/will/did change.

Some of the problems reported by DNSCog appear to be bogus.  They've got 
some bugs related to cases where a nameserver has a name in the domain 
in question.  (And also some bugs related to nameservers which are 
reachable by both ipv4 and ipv6, but that doesn't apply to you.)

-- 

--Jon Radel
jon at radel.com

More information about the freebsd-questions mailing list