Here's an interesting thing I just figured out today after some inconsistencies with a company DNS records where my expertise was requested. The differing data was between the authoritative TLD servers and the company NS records. The glue records are provided by the TLD servers, in the ADDITIONAL SECTION. These are the IP addresses of the DNS servers. They've got a TTL set to 172800. That means two days. That means, if the zone is updated with the NS records containing glue records, some DNS servers might still contain the old IP addresses for NS servers until their TTL expires. So our local DNS servers still had the timeout value of 61476, showing the outdated IP address value for the secondary DNS server as well as the TLD DNS servers.
[miklos.quartus@miklos-mac: ~]$ dig +norec @b.gtld-servers.net sdgtl.net NS
; <<>> DiG 9.8.3-P1 <<>> +norec @b.gtld-servers.net sdgtl.net NS; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 17165="" font="" id:="" noerror="" opcode:="" query="" status:="">
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:->;sdgtl.net. IN NS
;; AUTHORITY SECTION:sdgtl.net. 172800 IN NS ns1.sdgtl.net.
sdgtl.net. 172800 IN NS ns4.sdgtl.net.
;; ADDITIONAL SECTION:ns1.sdgtl.net. 172800 IN A 184.108.40.206
ns4.sdgtl.net. 172800 IN A 220.127.116.11
;; Query time: 37 msec;; SERVER: 18.104.22.168#53(22.214.171.124)
;; WHEN: Thu May 9 17:51:22 2013
;; MSG SIZE rcvd: 95
As you see above, the TLD responds with the TTL value of 172800, which is exactly two days. However, our DNS servers lagging behind due to their TTL value is still active and not yet expired. See below the query result of our servers.
[miklos.quartus@miklos-mac: ~]$ host -v ns4.sdgtl.net 10.Z.X.Y
Using domain server:
;; ->>HEADER<<- 32901="" font="" id:="" noerror="" opcode:="" query="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns4.sdgtl.net. IN A
;; ANSWER SECTION:
ns4.sdgtl.net. 61476 IN A 126.96.36.199
Received 47 bytes from 10.Z.X.Y#53 in 38 ms->
Look above: the current value is 61476 seconds! I figured out that our DNS servers still have the old IP address value (188.8.131.52 is the old value, correct value is 184.108.40.206) and need about cca. 17 hours to have their TTL expire. In the meantime, I found out how to query any TLD domain's authoritative NS servers. Let's take for e.g. the .net domain.
[miklos.quartus@miklos-mac: ~]$ dig +short net. NS
Voila! The above list shows the list of authoritative name servers for the .net TLD. Anyway. If the domain registrar's settings are wrongly containing the DNS server IP addresses, they continue to provide the wrong, outdated values for glue records, despite the right values are inside the authoritative domain zone. Solution: fix the domain registrar's values so that the correct IP address should be registered for the NS servers.