Error 1001, Bad Glue detected

There are many threads on this topic, but I haven’t found anything that is helping.

I have a client who set up a vanity domain with my SaaS by creating a CNAME record for pointing to my domain at

Using this url in Firefox returns SSL_ERROR_NO_CYPHER_OVERLAP. Chrome, until recently, reported Error 1001 DNS resolution error. Now Chrome shows ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Safari is still reporting Error 1001.

When I run the domain through the DNS checker at MXToolbox, I get “Bad Glue detected Parent server gave glue for to be but we resolve that hostname to”

My site is hosted on AWS, and I have an Amazon issued SSL certificate for * My client entered the DNS records to verify the cerficate and Amazon reports the cert as “Issued” with a green checkmark.

Any help or suggestions are greatly appreciated!

It seems your client did not just create a CNAME record as you say: I see an NS (nameserver) record as well, pointed at

This would effectively delegate the client’s subdomain and all subdomains under it to your DNS server to manage (making the CNAME in Cloudflare not work at all).

Except is not a nameserver (hence the “bad glue record detected” error message) and can’t handle DNS resolution which is why the subdomain doesn’t work.


Thank you George! Can you tell me how you found that, so that I can provide that information to my client (and so I can check it if it happens again in the future)?

I tried looking up using, but it reported that no NS record was found for the domain. Looking up in that tool shows bluehost nameservers.

I can’t see NS records, but there is still something wrong with your clients DNS configuration, the Bluehost nameservers are responding with a wrong IP for YOUR domain:


;; ANSWER SECTION:        7200    IN      CNAME         60      IN      A

Querying the authoritative Cloudflare nameservers directly results in a different IP, belonging to Cloudflare:


;; ANSWER SECTION:         300     IN      A         300     IN      A

I think MxToolbox incorrectly interprets the wrong IP address as a glue record, thus resulting in the weird errors MxToolbox shows.

The real problem is that the Bluehost nameservers apparently think they should respond to DNS requests for every domain:

dig +short
dig +short

This probably leads to problems if resolvers don’t ignore these fake responses.

Btw, does anyone have an idea why the syntax highlighting works so inconsistently?


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.