This site is for tech Q&A. Please keep your posts focused on the subject at hand.

Ask one question at a time. Don't conflate multiple problems into a single question.

Make sure to include all relevant information in your posts. Try to avoid linking to external sites.

Links to documentation are fine, but in addition you should also quote the relevant parts in your posts.

0 votes

I need to check the glue records for a domain (say, in a script. However, the dig command just gives me the nameservers from the actual zone.

user@host:~ $ dig +nocmd +nostats NS
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32213
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5

; EDNS: version: 0, flags:; udp: 4096
;			IN	NS

;; ANSWER SECTION:		86261	IN	NS		86261	IN	NS

a.iana-servers.NET.	1661	IN	A
a.iana-servers.NET.	1661	IN	AAAA	2001:500:8f::53
b.iana-servers.NET.	1661	IN	A
b.iana-servers.NET.	1661	IN	AAAA	2001:500:8d::53
in Scripting
edited by
by (125)
3 20 38
edit history

Please log in or register to answer this question.

1 Answer

0 votes

The glue records for the zone exist in its parent zone (com), so you need to query the nameservers of that zone for the nameservers of without recursing into the subdomain. To do that you first need a nameserver for the parent zone:

user@host:~ $ dig +short com. NS

The nameservers are listed in random order, so you can just pick the first one from the output:

dig +short NS com. | head -n 1

Then query that server for the NS records of the domain in question. The nameservers for the subdomain are listed in the "authority" section of the response, their A records (if there are any) are listed in the "additional" section.

dig +noall +authority +additional +norecurse NS


  • +noall: suppress all output
  • +authority: except for the "authority" section
  • +additional: and except for the "additional" section
  • +norecurse: don't perform a recursive query

Example script:


domain="${1:?Usage: $0 DOMAIN)"

ns="$(dig +short NS "${domain#*.}." | head -n 1)"

dig +noall +authority +additional +norecurse @"$ns" NS "${domain}."

edited by
by (125)
3 20 38
edit history