nanog mailing list archives

RE: Bad glue record in .NET zone

From: John Palmer via NANOG <nanog () lists nanog org>
Date: Mon, 23 Feb 2026 02:22:53 -0600

Nope.

The issue is that the glue record SLD1.WORLDROOT.NET has the wrong IP address on it (198.180.140.223) in the 
gtld-servers.net servers and there is no way that I can change it since Network Solutions has a broken website that 
doesn't show any glue records unless they were created on their website. Our domains were originally created at another 
registrar and apparently Network Solutions can't handle that.

NS1, NS2, KOVU, NEBULA and QUASAR all answer properly forr ADNS.NET:

; <<>> DiG 9.14.7 <<>> ns adns.net @b.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21948
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;adns.net.                      IN      NS

;; AUTHORITY SECTION:
adns.net.               172800  IN      NS      ns1.adns.net.
adns.net.               172800  IN      NS      ns2.adns.net.
adns.net.               172800  IN      NS      czones1.american-webmasters.net.
adns.net.               172800  IN      NS      czones2.american-webmasters.net.
adns.net.               172800  IN      NS      kovu.adns.net.
adns.net.               172800  IN      NS      nebula.adns.net.

;; ADDITIONAL SECTION:
ns1.adns.net.           172800  IN      A       199.5.157.2
ns2.adns.net.           172800  IN      A       199.5.157.3
czones1.american-webmasters.net. 172800 IN A    199.5.157.129
czones2.american-webmasters.net. 172800 IN A    199.5.156.253
kovu.adns.net.          172800  IN      A       199.5.157.52
nebula.adns.net.        172800  IN      A       3.134.129.157

;; Query time: 31 msec
;; SERVER: 2001:503:231d::2:30#53(2001:503:231d::2:30)
;; WHEN: Mon Feb 23 02:21:30 CST 2026
;; MSG SIZE  rcvd: 273

That also brings up another poiint about Netsol's website - it doesn't allow you to put an IP6 address on a glue record 
- it parses it as an invalid entry.

We were dumped into Network Solutions against our will by the myriad of mergers (Dotster -> some other company -> 
Network Soltions).  I could move them but transferring 50 domains is a PITA.

Same problem with data centers. Hivelocity abandoned its Chicago and Miami customers.

-----Original Message-----
From: Christopher Morrow via NANOG <nanog () lists nanog org> 
Sent: Sunday, February 22, 2026 17:24
To: North American Network Operators Group <nanog () lists nanog org>
Cc: John R. Levine <johnl () iecc com>; Christopher Morrow <morrowc.lists () gmail com>
Subject: Re: Bad glue record in .NET zone

On Sun, Feb 22, 2026 at 1:48 PM John R. Levine via NANOG <nanog () lists nanog org> wrote:


But anyway, Verisign talks to registrars, and registrars talk to 
customers.  If a glue record is broken, you need to talk to the 
registrar that is responsible for it.  If we knew what the record was 
we could easily tell which registrar it is.


hazarding a guess: adns.net looks wonky :(

a.gtld-servers.net says: ( for and NS set query) ;; ADDITIONAL SECTION:
ns1.adns.net. 172800 IN A 199.5.157.2
ns2.adns.net. 172800 IN A 199.5.157.3
czones1.american-webmasters.net. 172800 IN A 199.5.157.129 czones2.american-webmasters.net. 172800 IN A 199.5.156.253 
kovu.adns.net. 172800 IN A 199.5.157.52 nebula.adns.net. 172800 IN A 3.134.129.157

and the first in that list that replies fo dns requests: 3.134.129.157 / nebula.adns.net. says:
NS1.ADNS.NET. 3600 IN A 199.5.157.2
NS2.ADNS.NET. 3600 IN A 199.5.157.3
KOVU.ADNS.NET. 3600 IN A 199.5.157.52
NEBULA.ADNS.NET. 3600 IN A 3.134.129.157 QUASAR.ADNS.NET. 3600 IN A 198.180.140.2 NS1.ADNS.NET. 3600 IN AAAA 
2602:f813::1:c705:9d02 NS2.ADNS.NET. 3600 IN AAAA 2602:f813::1:c705:9d03 KOVU.ADNS.NET. 3600 IN AAAA 
2602:f813::1:c705:9d34 NEBULA.ADNS.NET. 3600 IN AAAA 2600:1f16:ec1:a1b4:767d:df35:b9b9:2581
QUASAR.ADNS.NET. 3600 IN AAAA 2602:f813::1:c6b4:8c02

NONE of the 199.5/16 ips reply at all for dns.. that seems bad :( or at least 'sub optimal'.
In that second answer the only not-aws IPv4 address that replies is:
198.180.140.2

-chris

(yes this is the 'additional section' content from dig NS @<thing> domain) 
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/JFVO7ZDLJVNVRX473S6ZR23HYZAJ3I4V/

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/U77RPIFU53YJHMU3JWFBJTPHY27UPTJD/

Current thread:

Bad glue record in .NET zone John Palmer via NANOG (Feb 20)
- Re: Bad glue record in .NET zone Jonathan Lassoff via NANOG (Feb 20)
  - Re: Bad glue record in .NET zone John Levine via NANOG (Feb 21)
    - Re: Bad glue record in .NET zone Jonathan Lassoff via NANOG (Feb 22)
    - Re: Bad glue record in .NET zone Ibro Seremet via NANOG (Feb 22)
    - Re: Bad glue record in .NET zone John R. Levine via NANOG (Feb 22)
    - Re: Bad glue record in .NET zone Christopher Morrow via NANOG (Feb 22)
    - RE: Bad glue record in .NET zone John Palmer via NANOG (Feb 23)
    - Re: Bad glue record in .NET zone Robert McKay via NANOG (Feb 23)
- Re: Bad glue record in .NET zone Christopher Morrow via NANOG (Feb 21)
  - Re: Bad glue record in .NET zone Warren Kumari via NANOG (Feb 21)