DNS, glue records and TTL
Posted by jpluimers on 2017/12/06
If I ever need to read why, here are the explanatory links:
- [WayBack] domain name system – When does the TLD having glue records for the nameservers save DNS lookups? – Server Fault
- [WayBack] dns hosting – Is there any way to tell the TTL on root name server DNS records? – Server Fault
TL;DR:
- You need glue records for your domains if the nameserver is in the same TLD as your domain is (more explanation in the above links).
- Your domain registrar allows you to change both your DNS servers and the glue at the TLD servers.
- Glue records have a TTL at the TLD of 48 hours so changing them takes some waiting.
- This is how you query the glue records so you can verify what’s setup at your DNS servers matches the ones at the TLD servers (in the below examples, replace
google.comby your domain name).- Use leafdns: http://leafdns.com/index.cgi?name=google.com
- Use
dig:
dig +trace +additional google.com
Notes:
+tracewill turn off recursive queries, which is good.- I’ve used
google.combecause it has nameservers in the.comTLD (example.orghas nameservers in the.netTLD: http://leafdns.com/index.cgi?name=example.org)
At the time of writing the dig output is this:
# dig +trace +additional example.org ; <<>> DiG 9.8.3-P1 <<>> +trace +additional example.org ;; global options: +cmd . 86333 IN NS a.root-servers.net. . 86333 IN NS k.root-servers.net. . 86333 IN NS f.root-servers.net. . 86333 IN NS c.root-servers.net. . 86333 IN NS g.root-servers.net. . 86333 IN NS m.root-servers.net. . 86333 IN NS j.root-servers.net. . 86333 IN NS i.root-servers.net. . 86333 IN NS b.root-servers.net. . 86333 IN NS h.root-servers.net. . 86333 IN NS d.root-servers.net. . 86333 IN NS e.root-servers.net. . 86333 IN NS l.root-servers.net. ;; Received 228 bytes from 192.168.124.1#53(192.168.124.1) in 34 ms org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org. a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 ;; Received 431 bytes from 192.203.230.10#53(192.203.230.10) in 16 ms example.org. 86400 IN NS a.iana-servers.net. example.org. 86400 IN NS b.iana-servers.net. ;; Received 77 bytes from 199.249.112.1#53(199.249.112.1) in 15 ms example.org. 86400 IN A 93.184.216.34 example.org. 86400 IN NS b.iana-servers.net. example.org. 86400 IN NS a.iana-servers.net. a.iana-servers.net. 1800 IN A 199.43.135.53 a.iana-servers.net. 1800 IN AAAA 2001:500:8f::53 b.iana-servers.net. 1800 IN A 199.43.133.53 b.iana-servers.net. 1800 IN AAAA 2001:500:8d::53 ;; Received 181 bytes from 199.43.133.53#53(199.43.133.53) in 145 ms
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment