Error 1001, Bad Glue detected

There are many threads on this topic, but I haven’t found anything that is helping.

I have a client who set up a vanity domain with my SaaS by creating a CNAME record for esat.satrde.com pointing to my domain at app.agolix.com.

Using this url in Firefox returns SSL_ERROR_NO_CYPHER_OVERLAP. Chrome, until recently, reported Error 1001 DNS resolution error. Now Chrome shows ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Safari is still reporting Error 1001.

When I run the domain through the DNS checker at MXToolbox, I get “Bad Glue detected Parent server gave glue for esat.satrde.com to be app.agolix.com but we resolve that hostname to 74.220.199.6”

My site is hosted on AWS, and I have an Amazon issued SSL certificate for *.satrde.com. My client entered the DNS records to verify the cerficate and Amazon reports the cert as “Issued” with a green checkmark.

Any help or suggestions are greatly appreciated!

It seems your client did not just create a CNAME record as you say: I see an NS (nameserver) record as well, pointed at app.agolix.com.

This would effectively delegate the client’s subdomain esat.satrde.com and all subdomains under it to your DNS server to manage (making the CNAME in Cloudflare not work at all).

Except app.agolix.com is not a nameserver (hence the “bad glue record detected” error message) and can’t handle DNS resolution which is why the subdomain doesn’t work.

2 Likes

Thank you George! Can you tell me how you found that, so that I can provide that information to my client (and so I can check it if it happens again in the future)?

I tried looking up esat.satrde.com using https://dnschecker.org, but it reported that no NS record was found for the domain. Looking up satrde.com in that tool shows bluehost nameservers.

I can’t see NS records, but there is still something wrong with your clients DNS configuration, the Bluehost nameservers are responding with a wrong IP for YOUR domain:

dig esat.satrde.com @ns1.bluehost.com

;; ANSWER SECTION:
esat.satrde.com.        7200    IN      CNAME   app.agolix.com.
app.agolix.com.         60      IN      A       74.220.199.6

Querying the authoritative Cloudflare nameservers directly results in a different IP, belonging to Cloudflare:

dig app.agolix.com @lilith.ns.cloudflare.com

;; ANSWER SECTION:
app.agolix.com.         300     IN      A       172.66.40.197
app.agolix.com.         300     IN      A       172.66.43.59

I think MxToolbox incorrectly interprets the wrong IP address as a glue record, thus resulting in the weird errors MxToolbox shows.

The real problem is that the Bluehost nameservers apparently think they should respond to DNS requests for every domain:

dig gdfgdfgdfg.com @ns1.bluehost.com +short
74.220.199.6
dig doesnotexist.com @ns1.bluehost.com +short
74.220.199.6

This probably leads to problems if resolvers don’t ignore these fake responses.

Btw, does anyone have an idea why the syntax highlighting works so inconsistently?

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.