2

I don't understand this. Everywhere I read that glue records are only required to prevent circular dependencies, for example I want to set ns1.example.com and ns2.example.com nameservers for the example.com domain name.

But according to my experience it is not true. I want to create my own nameservers such as ns1.example.com and ns2.example.com. Example.com is my domain name, and I already have the 2 IPs for my nameservers and the nameservers work. I just need to create hostnames for my nameserver IPs.

So I added 2 A records for my example.com domain name using the DNS zone file editor (ns1.example.com. 300 IN A [nameserverip1] and ns2.example.com. 300 IN A [nameserverip2]). Example.com uses an external DNS service, it will never use the ns1.example.com and ns2.example.com nameservers, so in theory glue records are not required.

However this is what I experienced: there is example.net and I want to use the ns1.example.com and ns2.example.com nameservers for example.net, and guess what, it doesn't work. Because when I try to enter these nameservers, I get the error: Entity reference not found [host ns1.example.com not found.]

But after I open the control panel of my example.com domain name registrar and register the ns1.example.com and ns2.example.com nameservers (I create glue records), then it will work.

But I want to avoid setting the glue records, because I cannot control the TTL of the glue records, so if the IPs will change, I may experience downtime.

Why isn't it enough to only add the A records for ns1.example.com and ns2.example.com? Why must I register them at my domain name registrar?

Update: according to my experience, it is only an issue with .com, .net and .org domain names. Is it true that these TLDs require glue records even if there is no circular dependency? Because for example when I use the ns1.example.hu and ns2.example.hu nameservers, they work only with A records and no glue records. Seems like the .hu root servers behave differently than the .com root servers?

MexDeluxe
  • 23
  • 4

2 Answers2

2

com and net share a set of authoritative nameservers:

$ dig @f.root-servers.net. +noall +authority +norecurse com
net.                    172800  IN      NS      b.gtld-servers.net.
net.                    172800  IN      NS      h.gtld-servers.net.
net.                    172800  IN      NS      c.gtld-servers.net.
net.                    172800  IN      NS      j.gtld-servers.net.
net.                    172800  IN      NS      f.gtld-servers.net.
net.                    172800  IN      NS      l.gtld-servers.net.
net.                    172800  IN      NS      m.gtld-servers.net.
net.                    172800  IN      NS      k.gtld-servers.net.
net.                    172800  IN      NS      d.gtld-servers.net.
net.                    172800  IN      NS      i.gtld-servers.net.
net.                    172800  IN      NS      e.gtld-servers.net.
net.                    172800  IN      NS      a.gtld-servers.net.
net.                    172800  IN      NS      g.gtld-servers.net.

$ dig @f.root-servers.net. +noall +authority +norecurse net
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.

These are two of the oldest and most common TLDs on the internet, which creates an interesting problem. Domains falling within these TLDs need glue for all permutations of nameservers ending in com or net. This also tends to create an impression among many who deal with these domains that glue is not optional.

Even in cases where you're not using a problematic permutation, you might run into more restrictive glue checks when attempting to set nameservers for a domain falling within this scope. Given the problems that these registrars are having to code for with these two domains (and any other suffixes which share a set of nameservers), they're less likely to be more nuanced about their requirements.

As a general rule, the newer the TLD is, the less likely the registrars for that TLD are going to enforce these restrictons upon you. It's fairly common to see glueless namesevers in the wild when dealing with the newer suffixes.

Andrew B
  • 33,868
0

This is not just a requirement for .com/.net either, .info and a lot of other TLDs will do it too (support from domain selling websites told me all of them do it), so if you want to set NS of example.info to ns1.anything.info, ns1.anything.info is required to have a GLUE record in .info, otherwise the NS set will FAIL (no matter which website you purchased your example.info domain from, they will all report a generic error). More alarmingly, if any .info website has NS set to ns1.anything.info, the owner of anything.info also cannot REMOVE the GLUE record ns1.anything.info, it will fail with a generic error as well (i've tried on 3 different domain selling websites). However, since .info and .com/.net are not managed by the same registrar, you can set NS on example.info to be ns1.anything.net or ns1.anything.com and vice versa just fine, without any GLUE records required.

rajkosto
  • 1