Guidelines

This site is for tech Q&A. Please keep your posts focused on the subject at hand.

Ask one question at a time. Don't conflate multiple problems into a single question.

Make sure to include all relevant information in your posts. Try to avoid linking to external sites.

Links to documentation are fine, but in addition you should also quote the relevant parts in your posts.

Related questions

Categories

Most popular tags

bash linux question2answer puppet mysql devuan php css nginx array ubuntu powershell puppet-bolt apt jq json ruby docker certbot gitlab cron vim firefox goss ssh font partition lvm openssl dns password datetime postfix logger logging html puppet-provider service-management savegame pentiment prometheus promql grafana minecraft-java pager azure bell fluxbox nfs pip locale python tun-device openvpn mirror hetzner-cloud web-search hiera nag-screen youtube responsive-design systemctl ssh-agent windows cups printer bind request-trace label gpg shared-folder virtualbox sector raid disk environment glue-record nis tcp foreman chroot volume mount powerdns puppetdb fact network-interface systemd network java hash sha256 solr letsencrypt smtp-auth database permissions theme admin puppet-agent

How can I check the glue records for a domain?

0 votes
1.1k views
1.1k views

I need to check the glue records for a domain (say, example.com) in a script. However, the dig command just gives me the nameservers from the actual zone.

user@host:~ $ dig +nocmd +nostats NS example.com.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32213
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.			IN	NS

;; ANSWER SECTION:
example.com.		86261	IN	NS	a.iana-servers.net.
example.com.		86261	IN	NS	b.iana-servers.net.

;; ADDITIONAL SECTION:
a.iana-servers.NET.	1661	IN	A	199.43.135.53
a.iana-servers.NET.	1661	IN	AAAA	2001:500:8f::53
b.iana-servers.NET.	1661	IN	A	199.43.133.53
b.iana-servers.NET.	1661	IN	AAAA	2001:500:8d::53
in Scripting
edited by
by (100)
1 13 28
edit history

Please log in or register to answer this question.

1 Answer

0 votes
 

The glue records for the zone example.com exist in its parent zone (com), so you need to query the nameservers of that zone for the nameservers of example.com without recursing into the subdomain. To do that you first need a nameserver for the parent zone:

user@host:~ $ dig +short com. NS
b.gtld-servers.net.
f.gtld-servers.net.
a.gtld-servers.net.
e.gtld-servers.net.
g.gtld-servers.net.
h.gtld-servers.net.
i.gtld-servers.net.
l.gtld-servers.net.
d.gtld-servers.net.
k.gtld-servers.net.
c.gtld-servers.net.
j.gtld-servers.net.
m.gtld-servers.net.

The nameservers are listed in random order, so you can just pick the first one from the output:

dig +short NS com. | head -n 1

Then query that server for the NS records of the domain in question. The nameservers for the subdomain are listed in the "authority" section of the response, their A records (if there are any) are listed in the "additional" section.

dig +noall +authority +additional +norecurse @b.gtld-servers.net. NS example.com.

Arguments:

  • +noall: suppress all output
  • +authority: except for the "authority" section
  • +additional: and except for the "additional" section
  • +norecurse: don't perform a recursive query

Example script:

#!/bin/bash

domain="${1:?Usage: $0 DOMAIN)"
domain="${domain%.}"

ns="$(dig +short NS "${domain#*.}." | head -n 1)"

dig +noall +authority +additional +norecurse @"$ns" NS "${domain}."

edited by
by (100)
1 13 28
edit history
Powered by Question2Answer
...