What is a Glue Record?
As we learned in our article What Are Domains?, a domain is associated with an IP address. That IP directs visitors to the correct location on the Internet that hosts your website and its contents. In the same way, glue records or nameserver glue records, link a nameserver on the internet to an IP address. When a DNS request is made for an IP address of a specific domain, it’s queried at the registrar. The registrar will provide any information that it has for the DNS. If there is a glue record, it is presented as the place to look for any DNS zones.
A glue record binds the IP address to a static cache, so visitors can always locate your site without issue. This record also avoids dependencies issues for that DNS zone. Typically, your registrar maintains the glue records for a set of nameservers. This allows traffic to be directed without using the typical lookup process of DNS. You will often see a glue record being used for nameservers. It can also occasionally be utilized in other records, depending on the circumstances.
How is a Glue Record Different From Other DNS Records?
Let’s review how DNS works. Your computer normally has no idea how to locate a website on the internet from a domain name we type into our browser. As an example, If we said, “Call Bob’s house”, we inherently would not know how to contact them. This request must be made to an intermediary first. That go between information service is called the Domain Name System or DNS. DNS basically acts as the phone book of the internet and associated domain names with IP addresses. In this case, Bob’s house would equate to an IP like 192.168.1.1.
Normally, we leave this behind the scenes translation of names to IPs to the DNS nameservers. Even though we may be able to discover the nameserver for a domain, that nameserver is still a domain name. Nameservers (like ns1.liquidweb.com) must be turned into an IP address before it can be accessed. To look up the ns1.liquidweb.com A record, you will need to know the IP address for liquidweb.com! At first, this may seem like a catch-22 situation, right? This is where the nameserver glue records come into play.
The ultimate authority for a fully qualified domain name (or FQDN) is the domains’ registrar. The registrar is where domains are purchased and contain a list of the nameservers related to a particular domain name. Similarly, we can translate a nameserver name into an IP. Thatway we can contact the nameserver to get DNS records for the domain it controls.
Example DNS Query
As an example, let’s use liquidweb.com again. We start out on our browser, not knowing anything about the domain’s IP, or even what nameservers it uses. Our first step will search our local DNS cache and hosts file, to see if we have visited the domain before, and if we have, a local record is cached. In this example, we have not visited liquidweb.com before.
Next, our browser checks for the domain at our Internet Service Provider (ISP) to see if they have a cached nameserver record. Let’s say they don’t; we then have to move up the chain to the next nameserver provider which may be an internet provider like Level 5 or Cogent. If they do not have a nameserver record, we proceed to one of the 13 worldwide root nameservers. If the domain is registered correctly and resolves to an IP, the root nameservers will have a record stored. We use a public service to determine the registrar, and subsequently, the nameserver names. You can do the same thing by running the linux whois command:
root@host:~# whois liquidweb.com Domain Name: LIQUIDWEB.COM Registry Domain ID: 1458046_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2020-08-04T12:02:49Z Creation Date: 1997-08-05T04:00:00Z Registry Expiry Date: 2030-08-04T04:00:00Z Registrar: Network Solutions, LLC Registrar IANA ID: 2 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +1.8003337680 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS.LIQUIDWEB.COM Name Server: NS1.LIQUIDWEB.COM DNSSEC: unsigned
This tells us the domain registrar (network solutions) and the authoritative nameservers (ns.liquidweb.com and ns1.liquidweb.com) along with a significant amount of other useful information.
Search for Nameserver DNS
Now that we have the nameservers for liquidweb.com, and know whom to contact to get the IP address for the domain. If we still cannot contact those nameservers; we can’t do another DNS lookup for them, since the records are on the nameservers themselves! So, we ask the registrar for the IP addresses of the nameservers as well. You can test this query using the whois command.
root@host:~# whois ns.liquidweb.com Server Name: NS.LIQUIDWEB.COM IP Address: 126.96.36.199 Registrar: Network Solutions, LLC Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com >>> Last update of whois database: 2021-02-26T17:11:01Z <<< root@host:~# whois ns1.liquidweb.com Server Name: NS1.LIQUIDWEB.COM IP Address: 188.8.131.52 Registrar: Network Solutions, LLC Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com >>> Last update of whois database: 2021-02-26T17:11:01Z <<<
In our example, we get 184.108.40.206 and 220.127.116.11 as the nameserver IPs. Now that we have the IP addresses, we can ask ns.liquidweb.com and ns1.liquidweb.com about the IP address of liquidweb.com, and the browser can carry on with its query for the web page. We can also use the dig command to locate DNS information. You can see that without glue records set up at the registrar, we would never be able to contact the nameservers, and no one would be able to go to liquidweb.com!
Are Glue Records Needed?
Anyone who uses a shared set of nameservers, like ns.liquidweb.com and ns1.liquidweb.com or a service like CloudFlare, will probably not need to worry about glue records, since these are already set up. But, if we are using custom nameservers, like ones based around our domain name, or if we are setting up a new set of nameservers for a client, or if we are moving our nameservers from one set of IPs to another during a domain migration, we will need to make sure our glue records are set up properly.
How to Set Up Nameserver Glue Records
Every domain registrar has different steps for setting up the nameserver glue records for a domain. But, you will need to know a few things in advance to be successful.
- We will need the login information to our registrar where the domain was purchased. This is where we will set up our nameservers information.
- Next, we need to know or choose the names of our nameservers. Most clients select something similar to ns1 and ns2 or some variation of that. But, any designation can be used.
- Finally, we need to have an IP addresses assigned for each of our nameservers. Some registrars are ok with using the same IP address for both nameservers, however, best practice dictates we use a different IP for each nameserver used. Additionally, have geographically disparate nameservers is a bonus in case the DNS service goes down on the main server. This allows for the remote nameserver to still direct traffic to the main server.
Setup Nameservers in WHM
For cPanel servers, and most other servers running the Berkeley Internet Name Domain (or BIND) nameserver software, all the IPs on the machine are set up to listen for DNS requests. This means that we can use any of our IPs for any of your nameservers. But, we should ensure that the actual A records for the nameservers also match the glue records, to keep everything resolving properly. Also, nameserver software (like BIND) and webserver software (like Apache or Nginx) listen on different network ports, so you can use the same IP for your nameservers as you do for apache without any issues.
If we do not have direct access to the registrar, we can ask our host or domain name reseller to set up glue records for us. If you purchased your domain name through Liquid Web, simply open a support ticket or chat with us, and we ensure your glue records are set up correctly.
We pride ourselves on being The Most Helpful Humans In Hosting™! Our Support Teams are filled with experienced Linux technicians and talented system administrators who have intimate knowledge of multiple web hosting technologies, especially those discussed in this article. Should you have any questions regarding this information, we will always answer any inquiries with issues related to this article, 24 hours a day, 7 days a week, 365 days a year.
If you are a Fully Managed VPS server, Cloud Dedicated, VMWare Private Cloud, Private Parent server, Managed Cloud Servers, or a Dedicated server owner, and have further questions about SIEM or other security-related topics, clients can reach us via phone at 800.580.4985, via a chat or support ticket to assist you with this process.