Glue records (definition)

A glue record is simply the association of a hostname (nameserver, or DNS) with an IP address at the registry.

In order for a nameserver to “work,” it needs to be able to be found first. This is done by creating a glue record.

When to use glue records

Glue records are needed when you want to set a domain's nameservers to a hostname that is a subdomain of the domain itself.

In such a scenario, if you do not provide the registry with glue records, other nameservers trying to look up the IP address of example.com would ask the .com nameservers for a referral, thus encountering the following catch-22:

Your browser:
Hi! I need the IP address of example.com. What is it?

.com nameserver:
I don't know, but you can ask its nameserver. It was ns1.example.com the last time I checked.

Your browser:
Thanks! Okay, in order to send a query to ns1.example.com, I need its IP address. What is it?

.com nameserver:
I don't know, but you can ask its parent example.com.

Your browser:
:-(

If you set a glue record at the registry, the DNS lookup would go more like this:

[…]
Your browser:
Thanks! Okay, in order to send a query to ns1.example.com, I need its IP address. Do you have it?

.com nameserver:
Yes, it was 192.0.43.11 the last time I checked.

Your browser:
:-D

Creating a glue record

See How to manage glue records

Glue records are created at the registrar of the domain name.

If your domain name is registered with Gandi, there are two different ways of creating a glue record, depending on the TLD.

The most common TLDs will allow you to create your glue record directly from your domain's control panel; just click on the “Glue record management” link (in the lower right-hand corner in the “Name servers” section). If you do not see the Glue record management link, please contact Gandi support for assistance.

Examples of valid glue records

Gandi's default nameservers, which you have come to know and love by now, have the following glue records:

a.dns.gandi.net 217.70.179.40
b.dns.gandi.net 217.70.184.40
c.dns.gandi.net 217.70.182.20

In this example, the host name a.dns.gandi.net is registered at Verisign (the registry for .net) as pointing to the machine 217.70.179.40.

Therefore, when requests are made by a domain name that use a.dns.gandi.net as a nameserver, a.dns.gandi.net will send the request to the DNS server hosted on the machine called 217.70.179.40, which will tell it what to do.

Error messages

If you try and apply nameservers to your domain on Gandi's DNS update interface and get the following message (in this example, let's say I want to use boom.whack-a-mole.eu):

The following error occurred while changing the DNS of your 
domain: boom.whack-a-mole.eu: The domain name used as DNS server does not exist.

This means that no glue records exist for nameserver boom.whack-a-mole.eu at the registry. In other words, you need to go to the registrar of whack-a-mole.eu (Gandi) and first create a glue record for boom.whack-a-mole.eu. Otherwise, there is no way that the registry will know what server will respond to that name.

If the glue record is valid, and the DNS does not respond, then it is a server-side issue; the registrar simply tells the registry what IP address corresponds to the given host name. In this case, the administrator of the DNS server needs to verify the configuration of the server. It is useless to contact the registrar in this case, as they do not have access to the actual server. If you are not running the DNS server yourself, you can perform a whois lookup of the IP address itself to see who to contact.

See also

External resources

上一次變更: 2016/05/31 10:23 (外部編輯)