Thus said "AJ ONeal (Home)" on Mon, 16 Mar 2015 14:18:25 -0600: > * Glue Records register you with [a-m].gtld-servers.net > * ns1.example-dns-server.com -> 127.0.0.1
DNS delegations happen via the NS record. The NS record is a hostname. So if the .com server tells me that I can access domain.com at ns.domain.com, I'm not better off than I was before asking---so it must publish an A record that tells me the IP address of that NS record. So a DNS delegation consists simply of an NS record and an A record to provide the glue. Obviously for an NS record that is not in-bailiwick, it is not possible to provide the glue (and attempts to provide the glue should be looked at as an subversion attack because they are basically unauthoritative data). You're current domain setup is effectively ``glueless'' because nobody can authoritatively provide the glue for your domain (coolaj86.com): http://cr.yp.to/djbdns/notes.html#gluelessness It would be better if your NS records were at least in .com, but the best would be to use in-bailiwick NS records, like google.com (e.g. ns2.google.com is in-bailiwick, for google.com, but ns2.google.com is not in-bailiwick for gmail.com): $ dnsq a google.com d.gtld-servers.net 1 google.com: 164 bytes, 1+0+4+4 records, response, noerror query: 1 google.com authority: google.com 172800 NS ns2.google.com authority: google.com 172800 NS ns1.google.com authority: google.com 172800 NS ns3.google.com authority: google.com 172800 NS ns4.google.com additional: ns2.google.com 172800 A 216.239.34.10 additional: ns1.google.com 172800 A 216.239.32.10 additional: ns3.google.com 172800 A 216.239.36.10 additional: ns4.google.com 172800 A 216.239.38.10 At this point, my DNS resolver has to make 1 more query (direct to one of the above published NS records, for which it has successfully obtained the A glue record). > I am currently set up to use ns1.redirect-www.org, but since most of > my dynamic domains re .com domains, I should also set up a .com > nameserver to be most efficient. That would be more efficient, but not necessarily most efficient. > In name.com I was able to find "NS Registration" which is where I was > able to set the *glue records* as > ns1.redirect-www.org -> 192.241.238.7 > ns2.redirect-www.org -> 66.172.33.29 These are ``glue records'' for redirect-www.org only, they may only indirectly help coolaj86.com. Your domain is still glueless. > My assumption is that my records should look pretty similar to > google's Actually, coolaj86.com will still not look at all like google's... it is still glueless. coolaj86.com's parent (the DNS server that delegates coolaj86.com) cannot offer glue: $ dnsq a coolaj86.com d.gtld-servers.net 1 coolaj86.com: 82 bytes, 1+0+2+0 records, response, noerror query: 1 coolaj86.com authority: coolaj86.com 172800 NS ns1.redirect-www.org authority: coolaj86.com 172800 NS ns2.redirect-www.org This response tells my DNS resolver that it has NS records, but cannot provide the glue. Andy -- TAI64 timestamp: 400000005507b016 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
