By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

DNSSEC - glue record missing according to dnsviz.net

0

I changed my domain name -- but this maybe difficult to sort out without it. but the AAAA glue record seems to be missing. I don't think this is something I can add obviously.

$ dig +short mydomain.com. NS | grep -i '\.com\.'
ns-74.awsdns-09.com.
$ dig +short ns-74.awsdns-09.com. A ns-74.awsdns-09.com. AAAA | ipsort
205.251.192.74
2600:9000:5300:4a00::1
$ dig @$(dig +short com. NS | head -n 1) +norecurse +noall +additional mydomain.com. NS
ns-74.awsdns-09.com.        172800  IN      A       205.251.192.74
$ dig @2600:9000:5300:4a00::1 +noall +answer +norecurse mydomain.com. SOA
mydomain.com. 900     IN      SOA     ns-1147.awsdns-15.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
$ dig @2600:9000:5300:4a00::1 +norecurse mydomain.com. SOA | sed -ne '/^;; flags:/{p;q}'
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
$
  • AWS-User-4644975
    7 months ago

    Glue records are the DNS A/AAAA records for the DNS servers as duplicated in the DNS of the TLD that the DNS server name is under. So if the DNS server for yourdomain.com is ns-74.awsdns-09.com, then you need to check for the NS records of awsdns-09.com and if those are under .com, check for their A and AAAA records on the Verisign gtld DNS servers. After seeing your question, I tested with host(1) from our office and it seemed to find neither A nor AAAA glue unless looking in the "additional" section (which seems to be a relatively new but common reinterpretation of the DNS standard).

Topics
Networking & Content Delivery
Tags
Amazon Route 53Domain Name System (DNS)
Language
English
aram535
asked 7 months ago27 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content