Check domain NS glue records with ‘dig’

A glue record is the IP address of a NameServer held at the Domain Name registry.
Glue records are required when it is needed to point name servers of a domain-name to a host-name under the domain name itself.

For example if we would like to set the name servers of intsec.info to ns1.intsec.info and ns2.intsec.info we need also to provide glue records to determine the right IP addresses for ns1.intsec.info and ns2.intsec.info.

Not providing glue records means that anyone requiring DNS information for the domain (intsec.info in the example) would get stuck in a loop:

1. What is the name server for intsec.info? -> ns1.intsec.info.
2. What is the IP address of ns1.intsec.info? -> don’t know, try looking at name server for intsec.info.
3. What is the name server for intsec.info? -> ns1.intsec.info
…and so on.

With the glue record set, the registry will hold the IP address for the autoritative DNSes and the loop will not occur:

1. What is the name server for intsec.info? -> ns1.intsec.info
2. What is the IP address of ns1.intsec.info? -> [2001:1418:14:a0::74]

Lets check intsec.info NS glue records by using dig command.

As it is a .info domain first we should check root servers for .info TLD (Top Level Domain) by using the following command and querying Google Public DNS Resolver (8.8.8.8):

dig NS info @8.8.8.8

The output will be something similar to this:

; <<>> DiG 9.8.3-P1 <<>> ns info @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4814
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;info.				IN	NS
 
;; ANSWER SECTION:
info.			19496	IN	NS	a0.info.afilias-nst.info.
info.			19496	IN	NS	a2.info.afilias-nst.info.
info.			19496	IN	NS	b0.info.afilias-nst.org.
info.			19496	IN	NS	b2.info.afilias-nst.org.
info.			19496	IN	NS	c0.info.afilias-nst.info.
info.			19496	IN	NS	d0.info.afilias-nst.org.
 
;; Query time: 36 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul  8 17:37:31 2014
;; MSG SIZE  rcvd: 161

Choose any root server for next query, (for example b0.info.afilias-nst.org):

dig NS intsec.info @b0.info.afilias-nst.org

The output will be something similar to this:

; <<>> DiG 9.8.3-P1 <<>> NS intsec.info @b0.info.afilias-nst.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58965
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
 
;; QUESTION SECTION:
;intsec.info.			IN	NS
 
;; AUTHORITY SECTION:
intsec.info.		86400	IN	NS	ns1.intsec.info.
intsec.info.		86400	IN	NS	ns2.intsec.info.
 
;; ADDITIONAL SECTION:
ns1.intsec.info.	86400	IN	A	213.212.132.74
ns1.intsec.info.	86400	IN	AAAA	2001:1418:14:a0::74
ns2.intsec.info.	86400	IN	A	91.121.230.34
 
;; Query time: 482 msec
;; SERVER: 2001:500:1a::1#53(2001:500:1a::1)
;; WHEN: Tue Jul  8 17:41:11 2014
;; MSG SIZE  rcvd: 125

Results: b0.info.afilias-nst.org has authoritative answer for NS records for domain intsec.info (Glue Records).


Comments are closed.