At 10/17/02 8:28 AM, Lists wrote:
>Can someone explain to me what is happening here and what the implications
>are/ what needs
>to be done? I am having trouble grasping the concept of 'glue' other than
>my son sometimes
>sticks the sofa with it ;o)
>
>When I look up a hosting customer's .biz domain at
>http://www.dnsreport.com it says there
>is no glue for my .com nameservers.
Short answer: this is okay (in fact, desirable) for .biz domains with
.com nameservers, and it will work fine. You don't need to do anything.
Long answer: "Glue records" are additional records returned by top-level
DNS servers when necessary.
Imagine a lookup for the nameservers for tigertech.com at
a.gtld-servers.net. It returns the information that the nameservers are
"ns1.tigertech.com" and "ns2.tigertech.com".
However, that's not enough information for the client to do further
lookups such as "www.tigertech.com", and you have a chicken-and-egg
problem: the client doing the lookup can't figure out the IP addresses of
ns1.tigertech.com (for example) without being able to do a lookup at
ns1.tigertech.com, and it can't do a lookup at ns1.tigertech.com without
knowing the IP address. The client resolver has nowhere to turn for help
except the top level nameservers.
To solve this problem, the top level nameservers for ".com" also know the
IP addresses of ".com" nameservers, and return that information to
"bootstrap" the client into knowing the correct IP. (This is why you have
to register your nameserver IP addresses with the registry before using
them.)
The result of a lookup for tigertech.com at a.gtld-servers.net looks like:
;; QUESTION SECTION:
;tigertech.com. IN NS
;; ANSWER SECTION:
tigertech.com. 172800 IN NS NS2.tigertech.com.
tigertech.com. 172800 IN NS NS1.tigertech.com.
;; ADDITIONAL SECTION:
NS2.tigertech.com. 172800 IN A 64.71.157.130
NS1.tigertech.com. 172800 IN A 140.99.17.131
The "glue records" are the "ADDITIONAL SECTION". With that, a resolver
doing a lookup knows the IP address of each nameserver so it can do
further lookups.
By contrast, a lookup on tigertech.biz at b.gtld.biz does not return any
glue records:
;; QUESTION SECTION:
;tigertech.biz. IN NS
;; ANSWER SECTION:
tigertech.biz. 7200 IN NS NS2.TIGERTECH.COM.
tigertech.biz. 7200 IN NS NS1.TIGERTECH.COM.
That's because it's not necessary. The client resolver DOES have
somewhere else to turn for more information about ns1.tigertech.com: the
top level name servers for ".com", which conveniently have the magic glue
records.
If the name servers for tigertech.biz included a hypothetical
"ns1.tigertech.biz", the .biz nameservers would give out glue records to
help the resolver know the IP addresses of that nameserver (because
again, the client would have nowhere else to turn).
So glue is only necessary if the nameservers for a domain are part of
that domain. If domain example.tld has a nameserver ending in
".example.tld", glue is needed to solve the chicken-and-egg problem;
otherwise, it's unnecessary.
(Before someone corrects me, I'm intentionally ignoring one other rare
situation where glue would help -- a chain of NS delegations that are
completely circular through multiple TLDs -- but that's an unlikely
problem, and not the case with yours.)
It makes sense to have glue records for each TLD only in the appropriate
nameservers for that TLD, and not give out glue records otherwise. It
used to be that registries would sometimes give out glue records for
other TLDs, and they could get out of sync. The nature of DNS is such
that it's usually a bad idea to duplicate information in different places.
Confused yet? Probably; this is confusing stuff. The short answer is
probably more useful :-)
------------------------------------
Robert L Mathews, Tiger Technologies
