ATTN GARY KLINE
jon at radel.com
Fri Nov 5 05:32:19 UTC 2010
On 11/5/10 12:22 AM, kline wrote:
> i''m using evo to be able to click on. i have fewer ``Fail'' type
> responses, but do not understand the failure messages. Also, since it
> has been 9.5 years since I read DNS AND BIND, the jargon is lost. What
> does "glue" means? and how should I resolve?
> It is time to get this stuff arrow-straight, so hoping that someone
> on-list can clue me in.
If your parents, the nameservers authoritative for .org, tell the world
that one of the nameservers for thought.org is ns1.thought.org, they
also have to tell the world what the IP address for ns1.thought.org is
using an A record. That A record is glue. Otherwise you get a machine
conversation something like:
Resolving nameserver trying to find a record in the thought.org zone
(RN): Please Mr. root server, I'd like to know about www.thought.org....
Root: See the .org folks over there....
RN: Please Mr. top-level dude, about that www.thought.org....
Org: Well, see ns1.thought.org....
RN: Ahem, I'm trying to find out basic stuff about thought.org and I
don't know the address for ns1.thought.org in order to ask it
Org: Well, ask ns1.thought.org what the address for ns1.thought.org is...
RN: But, but, but....followed by petulant stomping off
Glue A records fix that problem.
BTW, the fact that a glue record isn't returned for ns2.everydns.net in
response to a query about NS records for thought.org really isn't a
problem; note the "info" rather than "fail" from DNSCog.
Biggest problem I still see is that ns2.everydns.net refuses to respond
to queries about thought.org. You sure your account there is still
active and functional and that you're allowing zone transfers to them?
I note that you don't allow transfers from arbitrary addresses, and
http://www.everydns.com/faq/secondary-domain/example-setup does warn
that the source address for transfer requests was/will/did change.
Some of the problems reported by DNSCog appear to be bogus. They've got
some bugs related to cases where a nameserver has a name in the domain
in question. (And also some bugs related to nameservers which are
reachable by both ipv4 and ipv6, but that doesn't apply to you.)
jon at radel.com
More information about the freebsd-questions