3

I have two domains, example1.com and example2.com. I run nameservers ns1.example1.com and ns2.example1.com. Example2.com uses these nameservers. Example1.com uses my registrar's nameservers.

Under this scenario, I would expect not to need any GLUE records of my own, and I have not created any. However, using information in this post I have checked for the existence of GLUE records using the dig tool.

When I query h.gtld-servers.net (or any of the others) for example2.com's nameservers, I see ns1.example1.com and ns2.example1.com in the 'authority' section, but also their IP addresses in the 'additional' section.

;; QUESTION SECTION:
;example2.com.                        IN      NS

;; AUTHORITY SECTION:
example2.com.         172800  IN      NS      ns1.example1.com.
example2.com.         172800  IN      NS      ns2.example1.com.

;; ADDITIONAL SECTION:
ns1.example1.com.         172800  IN      A       192.0.2.1
ns2.example1.com.         172800  IN      A       198.51.100.1

My understanding is that this means that there are GLUE records in existence for those nameservers, but my registrar insists that they do not exist. The only difference from the example given in the linked post is that I have two different domains, but I'm not sure if that's relevant.

Who is correct? My registrar, or the linked post? Do entries in the 'Additional section' always indicate the existence of GLUE records or can there be another reason?

Many thanks in advance.

Community
  • 1
jamiecon
  • 163
  • 1
  • 6
  • Interestingly enough, this service - http://www.intodns.com - also says that the "DNS Parent sent Glue". My registrar continues to insist that the records do not exist, however. I'm beginning to think that this is somehow related to the fact there are two seperate domains, a scenario that doesn't seem to be covered in any examples! – jamiecon Apr 28 '11 at 15:30
  • Those look like glue records (I'm assuming those are anonymised IPs). What does `dig +trace example2.com` come up with? – SmallClanger Apr 28 '11 at 16:13
  • Apologies all. The 0.0.0.0 IP addresses were anonymised. The values actually returned were the correct IP addresses. – jamiecon Apr 28 '11 at 17:47
  • @SmallClanger - that command on its own returns nothing but this could be to do with the default DNS I have configured on my machine? If I specify h.gtld-servers.net I get a list of root servers, a list of GTLD servers, a list of my own nameservers, and finally the A records for example2.com. IP addresses are not returned for any of the NS records though. – jamiecon Apr 28 '11 at 17:51
  • "My understanding is that this means" You are not showing how you do your query, nor the trailing part that shows which nameserver replied. Glue records are at the parent. So you need to query those authoritative nameservers. – Patrick Mevzek Jan 31 '20 at 15:47

2 Answers2

1

Just because you don't need GLUE records doesn't mean that there aren't any.

Maybe your domain provider automatically creates these records for you, when you enter subdomains of another domain with him as NS resource records.

joschi
  • 20,747
  • 3
  • 46
  • 50
  • While it's true that there might still be glue records despite not needing them; in this case the NS record is pointing to them, meaning they're being used. And if they're returning 0.0.0.0, that isn't going to work. – Chris S Apr 28 '11 at 17:21
  • I presume that `0.0.0.0` should be a generic IP address like `example.com` is a generic domain. He could have used an IP address from the RFC 5737 IP blocks, though. – joschi Apr 28 '11 at 17:23
  • That could be the case, but example2.com still shouldn't be pointing to glue records, it should be pointing to the name servers hosting that domain's DNS. – Chris S Apr 28 '11 at 17:28
  • I have updated my question to use IP addresses reserved for documentation - apologies for causing confusion. Definitely possible that the registrar automatically creates glue records as the scenario you describe is true for me. However they do claim otherwise. Basically I'd like to know who's right! – jamiecon Apr 28 '11 at 17:57
0

If example1.com is using ns1.example1.com and ns2.example1.com then it will need glue records. Because the NS and SOA records will point to the same domain, DNS needs these glue records to be able to recurse any records in the domain from your server (something has to point at your server after all).

For example2.com, if it's being hosed by a 3rd party, and assuming that party has it's own name servers (say ns1.domain.com and ns2.domain.com) then example2.com should not have any glue or ns records. Instead it should an SOA record pointing to the domain.com servers. This essentially tells DNS to go talk to those servers because the TLD doesn't know where the next direct step is.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Yep, understand the need for glue records to resolve circular dependencies - however that is not the case here. I didn't believe that I had glue records configured, and my registrar also says this - however I was curious about why an online service and my own test seem to indicate that glue records do in fact exist. – jamiecon Apr 28 '11 at 17:51
  • Yep, that's not right. When you `dig example2.com` it *should* return something like `example2.net. 10800 IN SOA ns.domain.com ......` or the NS records for ns.domain.com; in any case no glue records, and not for an unrelated domain. – Chris S Apr 28 '11 at 18:05