Thanks to all for your replies but... I'm sorry for the misleading Subject of this thread, I meant "delegation NS records" (not "glue records").
Below is the answer from bind-us...@lists.isc.org. -- Alexei -------- Original Message -------- Subject: Re: DNS: how to verify glue NS records? Date: Fri, 5 Dec 2014 10:39:28 -0500 From: Casey Deccio <ca...@deccio.net> To: Alexei Malinin <alexei.mali...@mail.ru> CC: Bind Users <bind-us...@lists.isc.org> Hi Alexei, On Fri, Dec 5, 2014 at 10:16 AM, Alexei Malinin <alexei.mali...@mail.ru> wrote: > I would like to resolve this problem: > - I have a child DNS zone served by my ISP slave name server; > - the parent zone is served by my ISP master name server; > - the question is - how and with what tools (dig, host, nslookup, or > maybe C or Perl libs) can I verify the NS glue records in the parent > zone of my ISP (zone transfers are denied)? The delegation NS records (i.e., the NS records in the parent zone) cannot be determined using simple queries because the parent zone is also authoritative for the child zone, as you mentioned. Thus, when one of those servers (e.g., ns1.agtel.net) is queried for 0-15.66.233.212.in-addr.arpa/NS, the server will (should) always send the authoritative NS RRset in (i.e., from the child) preference to the delegation NS RRset (i.e., in the parent), and in fact the latter may be different. There are by definition no glue records for your zone. Glue A/AAAA records are only required in the parent for NS targets that are subdomains of the delegated child zone to bootstrap resolution. For example, ns1.example.com as an NS target for example.com. That is not the case with yours (and usually isn't with in-addr.arpa zones). > My child zone is 0-15.66.233.212.in-addr.arpa. I tried "dig -4 > +multiline +showsearch +trace 0-15.66.233.212.in-addr.arpa ns" but it > was not possible to make any conclusions about NS glue records from the > dig output. >. > I found some tools in the Internet (for example > http://www.intodns.com/0-15.66.233.212.in-addr.arpa, see "Missing > nameservers reported by parent") but these are inconvenient, I would > like to use OS tools. That's unfortunately a misleading error, as this cannot be determined, as I mentioned above. > Please give me some good advise. You'll need to take the word of the operator of your parent zone. Casey
