Understanding glue records and Dedicated DNS

Domain
name
system
(DNS)
resolution
is
an
iterative
process
where
a
recursive
resolver
attempts
to
look
up
a
domain
name
using
a
hierarchical
resolution
chain.
First,
the
recursive
resolver
queries
the
root
(.),
which
provides
the
nameservers
for
the
top-level
domain(TLD),
e.g.com.
Next,
it
queries
the
TLD
nameservers,
which
provide
the
domain’s
authoritative
nameservers.
Finally,
the
recursive
resolver
 queries
those
authoritative
nameservers.
 
 
In
many
cases,
we
see
domains
delegated
to
nameservers
inside
their
own
domain,
for
instance,
“example.com.”
is
delegated
to
“ns01.example.com.”
In
these
cases,
we
need
glue
records
at
the
parent
nameservers,
usually
the
domain
registrar,
to
continue
the
resolution
chain.
 

What
is
a
glue
record? 

Glue
records
are
DNS
records
created
at
the
domain’s
registrar.
These
records
provide
a
complete
answer
when
the
nameserver
returns
a
reference
for
an
authoritative
nameserver
for
a
domain.
For
example,
the
domain
name
“example.com”
has
nameservers
“ns01.example.com”
and
“ns02.example.com”.
To
resolve
the
domain
name,
the
DNS
would
query
in
order:
root,
TLD
nameservers
and
authoritative
nameservers.
 

When
nameservers
for
a
domain
are
within
the
domain
itself,
a
circular
reference
is
created.
Having
glue
records
in
the
parent
zone
avoids
the
circular
reference
and
allows
DNS
resolution
to
occur.
 

Glue
records
can
be
created
at
the
TLD
via
the
domain
registrar
or
at
the
parent
zone’s
nameservers
if
a
subdomain
is
being
delegated
away.
 

When
are
glue
records
required? 

Glue
records
are
needed
for
any
nameserver
that
is
authoritative
for
itself.
If
a
3rd
party,
such
as
a

managed
DNS
provider hosts
the
DNS
for
a
zone,
no
glue
records
are
needed. 

IBM
NS1
Connect
Dedicated
DNS
nameservers
require
glue
records 

IBM
NS1
Connect
requires
that
customers
use
a
separate
domain
for
their
Dedicated
DNS
nameservers.
As
such,
the
nameservers
within
this
domain
will
require
glue
records.
Here,
we
see
glue
records
for
exampledns.net
being
configured
in
Google
Domains
with
random
IP
addresses: 

Once
the
glue
records
have
been
added
at
the
registrar,
the
Dedicated
DNS
domain
should
be
delegated
to
the
IBM
NS1
Connect
Managed
nameservers
and
the
Dedicated
DNS
nameservers.
For
most
customers,
there
will
be
a
total
of
8
NS
records
in
the
domain’s
delegation. 

What
do
glue
records
look
like
in
the
dig
tool? 

Glue
records
appear
in
the
ADDITIONAL
SECTION
of
the
response.
To
see
a
domain’s
glue
records
using
the
dig
tool,
directly
query
a
TLD
nameserver
for
the
domain’s
NS
record.
The
glue
records
in
this
example
are
in
quotation
marks.
Quotation
marks
are
used
for
emphasis
below: 

How
do
I
know
my
glue
records
are
correct? 

To
verify
that
glue
records
are
correctly
listed
at
the
TLD
nameservers,
directly
query
the
TLD
nameservers
for
the
domain’s
NS
records
using
the
dig
tool
as
shown
above.
Compare
the
ADDITIONAL
SECTION
contents
of
the
response
to
the
expected
values
entered
as
NS
records
in
IBM
NS1
Connect.
 

Learn
more
about
Dedicated
DNS