The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please help one of the Name servers repot no glue

Discussion in 'General Discussion' started by 5stars, Feb 21, 2007.

  1. 5stars

    5stars Active Member

    Joined:
    Oct 10, 2006
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    I recently changed the domain the server is operating on.
    As I created new NS records with the new domain name for my server I ran in to some problems.
    Dns report reports that one of my Name server "NS1" has no glue, but it reports that NS2 is okay.
    Since NS1 has no glue the NS section can't see my NS1 record.
    My NS1 and NS2 records are identical in configuration only that they are called different as NS1 and NS2 and the Ips for each of them are different, but the rest is the same.
    My A entry for the server contains:
    server.crdserver.net. 86400 IN NS ns1.crdserver.net.
    server.crdserver.net. 86400 IN NS ns2.crdserver.net.
    server.crdserver.net. 14400 IN A xx.xx.xx.xx(IP)
    localhost.server.crdserver.net. 14400 IN A 127.0.0.1
    server.crdserver.net. 14400 IN MX 0

    Alos in the main configuration under the Basic cPanel/WHM Setup I have also added the NS records and I have asigned different Ips to them.

    Why does it report that NS1 has no glue, I never had this problem when the server was running on the previus domain.
    Can it be that I have modified the ip for the nameserver a couple of times in the registry after I have created it, it has already been almost 24 hours and I have modified the Nameserver2 after I have modified Nameserver1 and nameserver2 is working.
     
    #1 5stars, Feb 21, 2007
    Last edited: Feb 21, 2007
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I would have to see the DNS report but generally 'no glue' usually means that
    your nameserver(s) and the domain you are checking have different TLDs
     
  3. 5stars

    5stars Active Member

    Joined:
    Oct 10, 2006
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    I fixed the problem by adding an A entry for my NS records in the basic server configuration from WHM, but I don't know if what I did is good.
    Now my NS1 and NS2 report proper but now I recive an error in the dns report.

    Single Point of Failure WARNING: Although you have at least 2 NS records, and they appear to point to different physical servers, it looks like they share the same firewall. This results in a single point of failure, which could cause all your DNS servers to be unreachable.

    Any one has any opinion on this?
     
  4. carnesmc

    carnesmc Registered

    Joined:
    Mar 17, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    If both of your nameservers are in the same namespace (on the same network) behind the same firewall then the firewall would be considered a single point of failure. DNS report is just pointing out that if your firewall goes down so will all your DNS. Best practice is to place your nameservers on different networks so in the event one goes down the other NS can still service requests. If you are not in a position to move one of the servers to another network then just know you have a single point of failure that may cause problems in the event that it goes down.
     
  5. jenlepp

    jenlepp Well-Known Member

    Joined:
    Jul 4, 2005
    Messages:
    116
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Liberty Hill, TX
    cPanel Access Level:
    DataCenter Provider
    Actually, that's not necessarily true. The warning is:

    WARNING: Although you have at least 2 NS records, and they appear to point to different physical servers, it appears that they block the ICMP packets used as part of our test, which means that they may share the same firewall. If they share the same firewall, this results in a single point of failure, which could cause all your DNS servers to be unreachable.

    I have my main DNS at a NOC in Michigan, secondary one in Texas. Not only are they different IPs, they are on entirely different networks with entirely different connections in entirely different parts of the country - and I still get the "single point of failure" warning - likely because I use the same firewall software (but different firewalls, obviously) for the two servers.

    I do wish it would double-check to see if the dns's are "geographically and topologically dispersed" before spitting out the warning, and considering I actually pass on the "Nameservers on separate class C's". It stands to reason that the same company managing servers in two different locations may actually have similar software on both.

    Using the same firewall software is not the same as having everything behind the same firewall, it sure doesn't translate into a "single point of failure" especially when the nameservers are on different Class C's - and that test doesn't seem to differentiate between the two.
     
Loading...

Share This Page