Inconsistent glue for name server

Question

I'm getting the error "Inconsistent glue for name server" for our domain webhost.pro on the third name server.

Not sure why, the third name server resolves correctly and has the correct DNS details.

Any idea how to narrow down what the error is with our third name server?

Delegation

Inconsistent glue for name server ns3.webhost.pro.

The address of a name server differed from the child and the parent. This is a configuration error and should be corrected as soon as possible.

Answer 1

Your current DNS configuration has many errors, see this online troubleshooting tool: http://dnsviz.net/d/webhost.pro/WwT6yw/dnssec/

It shows 9 errors, probably all tied to the problem below as they come from the 168.144.134.160 IP address.

And one warning which is what you report:

pro to webhost.pro: The glue address(es) for ns3.webhost.pro (168.144.134.160) differed from its authoritative address(es) (104.225.130.130).

Here is why.

You are using ns1.webhost.pro, ns2.webhost.pro and ns3.webhost.pro as authoritative nameservers for webhost.pro. Hence you need glues.

Here is what the registry thinks about your IP addresses:

$ for i in 1 2 3 ; do dig @a0.pro.afilias-nst.info. ns$i.webhost.pro A | grep ^ns$i.webhost.pro | awk '{print $1 " " $5}' ; done
ns1.webhost.pro. 104.223.9.2
ns2.webhost.pro. 104.223.9.254
ns3.webhost.pro. 168.144.134.160

Now let us query each authoritative nameserver of your zone for the same question, we get respectively from ns1, ns2, ns3 the following:

$ for auth in 1 2 3 ; do echo "Querying ns${auth}" ; for i in 1 2 3 ; do dig @ns${auth}.webhost.pro ns$i.webhost.pro A | grep ^ns$i.webhost.pro | awk '{print $1 " " $5}' ; done ; done
Querying ns1
ns1.webhost.pro. 104.223.9.2
ns2.webhost.pro. 104.223.9.254
ns3.webhost.pro. 104.225.130.130
Querying ns2
ns1.webhost.pro. 104.223.9.2
ns2.webhost.pro. 104.223.9.254
ns3.webhost.pro. 104.225.130.130
Querying ns3
ns1.webhost.pro. 104.223.9.2
ns2.webhost.pro. 104.223.9.254
ns3.webhost.pro. 104.225.130.130

(and if we query 168.144.134.160 as reported by the registry for ns3 we get no replies)

All three responds the same thing, which is good, but they do not reply exactly what the registry nameservers reply, hence the warning about this mismatch.

The registry has IP 168.144.134.160 for ns3.webhost.pro but your nameserver are stating that its IP is 104.225.130.130

You now have 2 possible choices to resolve it:

1. Make the change at the registry, so that it will also reply with IP 104.225.130.130 ; you will need to contact your domain name registrar, OnlineNIC, Inc. to have the glue record of ns3.webhost.pro be updated at the registry with the correct IP.
2. OR if 168.144.134.160 is also yours (which does not seem the case based on a comparison of the whois output for both blocks of IP addresses), you need to move ns3 on it and change the content of your zone to use this IP address.

The first option is probably the simplest one. And the only one if 168.144.134.160 is indeed not yours.

Also, for various reasons, I recommend you NOT to use only in-bailiwick nameservers for your domain. You should at least add a ns4 that does not live under webhost.pro as authoritative for your webhost.pro domain name. Ideally, use even an another TLD.