What Are Glue Records and How Do TLD Servers Store Them?

When setting up your own authoritative DNS server, you may come across the term Glue Records. These records are essential for ensuring that DNS resolution works correctly, especially when your name servers are subdomains of your own domain. In this article, we'll explore what Glue Records are, why they are needed, and how Top-Level Domain (TLD) servers store and use them.

---

What Are Glue Records?

A Glue Record is a special type of DNS record that provides the IP address of a name server. It is required when your authoritative name server is a subdomain of the domain it serves.

Why Are Glue Records Needed?

Normally, when a domain’s NS (Name Server) records are queried, they return the name servers’ hostnames, not their IP addresses. However, if your name server is a subdomain of your own domain, this creates a circular dependency problem.

Example of Circular Dependency

Suppose you set up a custom authoritative DNS server for example.com and configure the following NS records:

example.com.   NS   ns1.example.com.
example.com.   NS   ns2.example.com.

When a resolver queries example.com, the request is sent to the TLD (.com) name servers. However, the TLD server needs to resolve ns1.example.com before it can provide an answer. Since ns1.example.com itself depends on example.com, this creates a loop, making resolution impossible.

When Do You Need Glue Records?

✅ Glue Records Are Required If:

• Your name servers are subdomains of your own domain.

  • Example:

ns1.example.com → 192.0.2.1
ns2.example.com → 192.0.2.2

• Since ns1.example.com is inside example.com, a Glue Record is needed.

❌ Glue Records Are NOT Required If:

• You are using an external DNS provider with existing name servers.

  • Example:

example.com  NS  ns1.cloudflare.com
example.com  NS  ns2.cloudflare.com

• Since ns1.cloudflare.com is not a subdomain of example.com, there’s no circular dependency, and no Glue Record is needed.

---

How Glue Records Solve This Problem

To break this loop, Glue Records are used. These are A records that link the name server’s hostname to an IP address:

ns1.example.com.   A   192.0.2.1
ns2.example.com.   A   192.0.2.2

With Glue Records:

1. When a resolver queries example.com, the TLD name server returns not only the NS records but also the Glue Records (IP addresses of ns1.example.com and ns2.example.com).

2. The resolver directly contacts ns1.example.com at 192.0.2.1 without needing to resolve its hostname first.

3. The authoritative server then provides the DNS records for example.com.

---

How TLD Servers Store and Use Glue Records

1. Registering Glue Records with a Domain Registrar

TLD servers do not allow you to directly add Glue Records. Instead, you must register Glue Records with your domain registrar (e.g., GoDaddy, Namecheap, AWS Route 53), and the registrar submits them to the TLD registry responsible for your domain extension (e.g., Verisign for .com domains).

2. How Glue Records Are Stored in TLD Servers

Once submitted, the TLD registry updates its database to include the Glue Records. Now, when someone queries your domain, the TLD name servers provide the Glue Record along with the NS records.

Example of What the .com TLD Server Stores

example.com   NS   ns1.example.com  
example.com   NS   ns2.example.com  
ns1.example.com   A   192.0.2.1  ← (Glue Record)  
ns2.example.com   A   192.0.2.2  ← (Glue Record)  

Now, when a resolver queries example.com:

1. The .com TLD server provides the NS records (ns1.example.com, ns2.example.com).

2. The TLD server also provides the Glue Records (the IP addresses of these name servers).

3. The resolver directly contacts ns1.example.com to get the final DNS records.

---

How to Set Up Glue Records

If you need Glue Records, you must set them up at your domain registrar. Here’s how:

1. Set Up Your Authoritative Name Server

• Install DNS software like BIND, PowerDNS, or NSD on an AWS EC2 instance.

• Configure the zone file with the necessary A, NS, and other DNS records.

• Assign Elastic IP addresses to your name servers.

2. Register Glue Records with Your Registrar

• Log in to your domain registrar (GoDaddy, Namecheap, AWS Route 53, etc.).

• Look for "Custom Name Servers" or "Glue Records" settings.

• Add the hostname and IP address:

ns1.example.com → 192.0.2.1
ns2.example.com → 192.0.2.2

• Save the settings and wait for the changes to propagate.

3. Update Your Domain’s NS Records

At your registrar, set the NS records for your domain:

example.com   NS   ns1.example.com.
example.com   NS   ns2.example.com.

This tells the TLD server that ns1.example.com is authoritative for example.com.

---

Key Takeaways

✔ TLD servers store Glue Records, but you must register them through your domain registrar.
✔ Glue Records prevent circular dependencies when using name servers that are subdomains of your own domain.
✔ Registrars submit Glue Records to the TLD registry, which updates the TLD servers.
✔ Without Glue Records, resolvers wouldn't be able to reach your authoritative name server in cases of circular dependencies.

By properly setting up Glue Records, you ensure that your self-hosted DNS infrastructure works correctly and is recognized as authoritative by the global DNS system.