Check domain NS glue records with ‘dig’
A glue record is the IP address of a NameServer held at the Domain Name registry.
Glue records are required when it is needed to point name servers of a domain-name to a host-name under the domain name itself.
For example if we would like to set the name servers of intsec.info to ns1.intsec.info and ns2.intsec.info we need also to provide glue records to determine the right IP addresses for ns1.intsec.info and ns2.intsec.info.
Not providing glue records means that anyone requiring DNS information for the domain (intsec.info in the example) would get stuck in a loop:
1. What is the name server for intsec.info? -> ns1.intsec.info.
2. What is the IP address of ns1.intsec.info? -> don’t know, try looking at name server for intsec.info.
3. What is the name server for intsec.info? -> ns1.intsec.info
…and so on.
With the glue record set, the registry will hold the IP address for the autoritative DNSes and the loop will not occur:
1. What is the name server for intsec.info? -> ns1.intsec.info
2. What is the IP address of ns1.intsec.info? -> [2001:1418:14:a0::74]
Lets check intsec.info NS glue records by using dig command.
As it is a .info domain first we should check root servers for .info TLD (Top Level Domain) by using the following command and querying Google Public DNS Resolver (8.8.8.8):
dig NS info @8.8.8.8 |
The output will be something similar to this:
; <<>> DiG 9.8.3-P1 <<>> ns info @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4814 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;info. IN NS ;; ANSWER SECTION: info. 19496 IN NS a0.info.afilias-nst.info. info. 19496 IN NS a2.info.afilias-nst.info. info. 19496 IN NS b0.info.afilias-nst.org. info. 19496 IN NS b2.info.afilias-nst.org. info. 19496 IN NS c0.info.afilias-nst.info. info. 19496 IN NS d0.info.afilias-nst.org. ;; Query time: 36 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Jul 8 17:37:31 2014 ;; MSG SIZE rcvd: 161 |
Choose any root server for next query, (for example b0.info.afilias-nst.org):
dig NS intsec.info @b0.info.afilias-nst.org |
The output will be something similar to this:
; <<>> DiG 9.8.3-P1 <<>> NS intsec.info @b0.info.afilias-nst.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58965 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;intsec.info. IN NS ;; AUTHORITY SECTION: intsec.info. 86400 IN NS ns1.intsec.info. intsec.info. 86400 IN NS ns2.intsec.info. ;; ADDITIONAL SECTION: ns1.intsec.info. 86400 IN A 213.212.132.74 ns1.intsec.info. 86400 IN AAAA 2001:1418:14:a0::74 ns2.intsec.info. 86400 IN A 91.121.230.34 ;; Query time: 482 msec ;; SERVER: 2001:500:1a::1#53(2001:500:1a::1) ;; WHEN: Tue Jul 8 17:41:11 2014 ;; MSG SIZE rcvd: 125 |
Results: b0.info.afilias-nst.org has authoritative answer for NS records for domain intsec.info (Glue Records).