Dig shows wrong ip

Danny Mayer mayer at gis.net
Mon Aug 3 03:26:08 UTC 2009

Chris Thompson wrote:
> On Jul 30 2009, Danny Mayer wrote:
>> Chris Thompson wrote:
>>> On Jul 28 2009, sthaug at nethelp.no wrote:
>>>> % dig +short a dns3.potomacnetworks.com @a.gtld-servers.net
>>>> As long as that host record exists, with an IP different from what
>>>> your authoritative servers reply with, you are going to have problems,
>>>> because queries will be answered by the GTLD servers and not your own
>>>> authoritative servers.
>>> This is the wretched "glue promoted to answer" bug (we can call it a
>>> bug by now, surely?) which we are assured that the GTLD servers will
>>> be cured of this year, next year, sometime, or ...
>>> ... well, they will have to fix it before they can roll out DNSSEC,
>>> won't they? 
>> No. The op always needs to notify the Registrar of their domain when the
>> address of any of their nameservers changes. That has always been a
>> requirement.
> You are misinterpreting what I said. Of course erroneous glue needs to be
> corrected. But there is no need for the servers to return IP addresses
> provided for glue as an *answer* to a query, as the *.gtld-servers.net ones
> do, rather than giving a proper referral. (At least their answers are not
> marked authoritative, unlike those from some other nameservers.)

It needs to be part of the answer if the nameserver is in the same
domain as the FQDN otherwise it won't know where to go for the answers.
That's the point of the glue.


More information about the bind-users mailing list