Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How would you avoid using glue records for DNS?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How would you avoid using glue records for DNS?

I understand glue records need to be used in the below scenario, when self hosting DNS.

However is there a scenario where this isn't the case?

I'd imagine you can't get away from this setup unless you've got example.com hosting ANOTHER domain which then handles DNS for itself + others?

So:

example.com glue records > example.com hosts mydomain.com and its nameservers ns1 & ns2.mydomain.com. From there I can host any other domains without the need for glue.

Would that be correct or is there something i'm missing?

A glue record is the IP address of a name server held at the 
Domain Name registry.

Glue records are required when you wish to set the name servers of a domain name to a hostname under the domain name itself.

For example if you wished to set the name servers of example.com to ns1.example.com and ns2.example.com you would need to also provide the glue records (i.e. the IP addresses) for ns1.example.com and ns2.example.com.

If you did not provide the glue records for these name servers then your domain name would not work as anyone requiring DNS information for it would get stuck in a loop: 

What is the name server for example.com? -> ns1.example.com
What is the IP address of ns1.example.com? -> don't know, try looking at name server for example.com
What is the name server for example.com? -> ns1.example.com

...and so on.

With the glue record in place the registry will hold the IP address and the loop will not occur:

What is the name server for example.com? -> ns1.example.com
What is the IP address of ns1.example.com? -> [IP Address]

Comments

  • If you want example.com to have its own (vanity) nameservers e.g. ns1.example.com, ns2.example.com, etc then you have to use glue records at the domain registrar which map these custom nameservers to IP addresses

    Otherwise, you can use Cloudflare, Hurricane Electric, BuddyNS or any other DNS provider to provide name resolution for your domains

    Hope this helps ..

  • fxffxf Member
    edited November 2016

    @mik997 i don't think that's what he's asking exactly

    @jeromeza can you try rewording your example? Specifically, I dunno how you're using 'hosts' like with 'example.com hosts mydomain.com an its nameservers'.

    Regardless, no you don't need to create glue records for your domain. Normally this would be more convenient since if you're wanting to associate A/AAAA records with your domains nameservers, getting your domain's registry's nameservers to host them instead of having them just point queries to another zone will save anyone querying your zone 1 lookup before they actually get to your nameservers. Whether or not you care about 1 additional query is, well, up to you.

    Thanked by 1mik997
  • Thanks for the replies guys.

    So essentially if you want to self host your own DNS via powerdns, bind etc then you need to have glue records set?

  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2016

    I'm still not sure I understand why do you want to avoid glue records, but in any case it's simple. Just use nameservers from a different domain. There might be a small performance penalty for that, one extra lookup by clients to find out the actual NS IPs.

    E.g. in my case if I wanted to avoid glue records for whatever reason, I could do

    romanrm.hk IN NS ns1.romanrm.net.
    romanrm.hk IN NS ns2.romanrm.net.
    
    romanrm.net IN NS ns1.romanrm.hk.
    romanrm.net IN NS ns2.romanrm.hk.

    I.e. two domains cross-hosting NS for each other. Funniest part is, all four of those ns1/ns2 hostnames can even point to just one single IP.

    The only reason to avoid glue records is so that you don't have to edit the NS IPs at the registrar control panel when you migrate your nameservers. But I don't migrate very often, so I'm okay with that.

  • @jeromeza said:
    Thanks for the replies guys.

    So essentially if you want to self host your own DNS via powerdns, bind etc then you need to have glue records set?

    exactly! :) ... which is what I've done recently for one of my domains registered with Gandi i.e. create three glue records for the self-hosted nameservers running PowerDNS, config the MySQL backend db in master/slave and use DNSMadeEasy for secondary anycast DNS (for a fully redundant setup)

    Since then I've migrated all the domains I used to have on CF DNS to my own DNS

    I can now enable DNSSEC, TLSA, SSHFP, etc as/when necessary for domains I control which is what I wanted ;)

    if you need any advice with a similar DNS setup feel free to ask away :)

  • @rm_ said:
    I'm still not sure I understand why do you want to avoid glue records, but in any case it's simple. Just use nameservers from a different domain. There might be a small performance penalty for that, one extra lookup by clients to find out the actual NS IPs.

    E.g. in my case if I wanted to avoid glue records for whatever reason, I could do

    romanrm.hk IN NS ns1.romanrm.net.
    > romanrm.hk IN NS ns2.romanrm.net.
    > 
    > romanrm.net IN NS ns1.romanrm.hk.
    > romanrm.net IN NS ns2.romanrm.hk.

    I.e. two domains cross-hosting NS for each other. Funniest part is, all four of those ns1/ns2 hostnames can even point to just one single IP.

    The only reason to avoid glue records is so that you don't have to edit the NS IPs at the registrar control panel when you migrate your nameservers. But I don't migrate very often, so I'm okay with that.

    Basically my glue records seem to have somehow gotten deleted or corrupted. Thus when I went to reset my DNS for my domain I couldn't and had to ask the registrar to redo the glue records. Since its 100% out of my control I wondered if it could be avoided in future.

    Thanks for all the input.

  • jeromezajeromeza Member
    edited November 2016

    @mik997 said:

    @jeromeza said:
    Thanks for the replies guys.

    So essentially if you want to self host your own DNS via powerdns, bind etc then you need to have glue records set?

    exactly! :) ... which is what I've done recently for one of my domains registered with Gandi i.e. create three glue records for the self-hosted nameservers running PowerDNS, config the MySQL backend db in master/slave and use DNSMadeEasy for secondary anycast DNS (for a fully redundant setup)

    Since then I've migrated all the domains I used to have on CF DNS to my own DNS

    I can now enable DNSSEC, TLSA, SSHFP, etc as/when necessary for domains I control which is what I wanted ;)

    if you need any advice with a similar DNS setup feel free to ask away :)

    I may just do that. I'm comfortable with a PDNS authorative and recursive setup. I've got master / slave setup via MySQL. I just need to learn about anycast, DNSSEC, TLSA, SSHFP and so forth like you mention. I guess i've got the basics down I just need to expand on how it all works at the next level.

  • Are you guys using stock MySQL or MariaDB? I tried setting up a pdns cluster last month and completely failed at the replication part :-(

  • @classy said:
    Are you guys using stock MySQL or MariaDB? I tried setting up a pdns cluster last month and completely failed at the replication part :-(

    I used MariaDB 10.0 across all my nameservers and THIS DigitalOcean how-to as a starting point when configuring the database replication .. where did you get stuck?

  • @classy said:
    Are you guys using stock MySQL or MariaDB? I tried setting up a pdns cluster last month and completely failed at the replication part :-(

    MariaDB and I just setup another cluster last week.

    No problems.

Sign In or Register to comment.