TLD servers and ADDITIONAL section [duplicate]
Solution 1:
A glue record is a term for a record that's served by a DNS server that's not authoritative for the zone, to avoid a condition of impossible dependencies for a DNS zone.
Say I own a DNS zone for example.com
. I want to have DNS servers that're hosting the authoritative zone for this domain so that I can actually use it - adding records for the root of the domain, www
, mail
, etc. So, I put the name servers in the registration to delegate to them - those are always names, so we'll put in ns1.example.com
and ns2.example.com
.
There's the trick. The TLD's servers will delegate to the DNS servers in the whois record - but they're within example.com
. They try to find ns1.example.com
, ask the .com
servers, and get referred back to... ns1.example.com
.
What glue records do is to allow the TLD's servers to send extra information in their response to the query for the example.com
zone - to send the IP address that's configured for the name servers, too. It's not authoritative, but it's a pointer to the authoritative servers, allowing for the loop to be resolved.
Solution 2:
I requested that this answer be merged in from a duplicate question, as the existing answers did not explain the role of the ADDITIONAL
section.
To see how it works, type this:
dig +trace +additional google.com SOA
This will trace the nameserver authority starting from the root servers (+trace
). Adding +additional
will also show you the ADDITIONAL
section of each DNS server response. Normally most people think of DNS in terms of the QUESTION
and the ANSWER
sections, but ADDITIONAL
also plays an important role: if the nameserver knows the answers to any queries that are related to the answer, it can pre-emptively supply those answers in the ADDITIONAL
section without requiring additional queries from your client.
Note that the authoritative nameservers for google.com
are rooted under the domain they're authoritative for. (ns1.google.com
, ns2.google.com
, etc.)
When you ask a nameserver to supply the list of nameservers for a domain, they will often supply a list of A
-type records (IP addresses) in the ADDITIONAL
section, not just the NS
-type answers: these are called glue records, used to prevent circular dependencies. In this case, those A
records are served from the TLD (.com, .org, etc.) nameservers based on the IP addresses that someone supplied the DNS registrar responsible for the domain. They can usually be changed by logging into the admin web interface they supply you.
(disclaimer: AAAA
records containing IPV6 addresses can also be supplied as part of the glue, but I left this out for simplicity's sake.)
Solution 3:
After searching forever and reading a lot about glue records and still not understanding what they were or how you can make them I finally found an answer and it's a very simple one.
As I understand there is no magic extra information sent from somewhere, this is how it works.
Lets say your domain is example.com and you want to use your own name servers ns1.example.com and ns2.example.com, you need at least two DNS servers.
- ns1.example.com has IP 192.0.2.10
- ns2.example.com has IP 192.0.2.20
In order for this to work now you need the top domain owner to put following records into their DNS.
example.com NS ns1.example.com
example.com NS ns2.example.com
ns1.example.com A 192.0.2.10
ns2.example.com A 192.0.2.20
Those two A records are the glue records and they need to be at the top domain, in this case .com, and not all registrars can get this done for you.
If this is wrong please correct me. I just thought I try explain in a simple way for others who can't find correct answer.