The resolution of a DNS FQDN requires a number of servers to be queried, typically your machine (or a DNS resolver – on your behalf) will query the root DNS (name) servers, these will then return the (registrar) name servers that serve the TLD (top level domain) e.g. .com, .co.uk etc. for your domain, these will then return the name servers that serve the records for the domain. Glue records are not always required, if your domain uses name servers outside of your domain, you don’t need them.
The Glue records are there to allow DNS resolution to work when you use name servers for your domain which are actually within the domain you are trying to resolve. For example: turnip.ac.uk has the name servers dns1.turnip.ac.uk, dns2.turnip.ac.uk, dns4.turnip.ac.uk, how does a client resolve dns1.turnip.ac.uk, well it asks the registrar servers for which name servers serve the turnip.ac.uk domain, which is dns1.turnip.ac.uk, dns2.turnip.ac.uk and dns4.turnip.ac.uk, the client is looking to get an IP address back, but instead it just gets the list of name servers. The Glue record fixes this by “short circuiting” the lookup to provide the IP address of a name server to a client which it would not otherwise be able to resolve, because the name server name (e.g. dns1.turnip.ac.uk) is within the domain it is trying to resolve for.
Let’s look at an example using dig, we’ll step through the whole process from the root down for www.turnip.ac.uk. , firstly we query for the root “.” name servers (a.k.a the big 13), we are using Google’s DNS servers just so we don’t see any weirdness generated by our internal DNS.
dig NS . @8.8.8.8
Okay now we can see the list of the 13 name servers that serve DNS for root (i.e. all of the DNS):
; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> NS . @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40465
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 42329 IN NS a.root-servers.net.
. 42329 IN NS b.root-servers.net.
. 42329 IN NS c.root-servers.net.
. 42329 IN NS d.root-servers.net.
. 42329 IN NS e.root-servers.net.
. 42329 IN NS f.root-servers.net.
. 42329 IN NS g.root-servers.net.
. 42329 IN NS h.root-servers.net.
. 42329 IN NS i.root-servers.net.
. 42329 IN NS j.root-servers.net.
. 42329 IN NS k.root-servers.net.
. 42329 IN NS l.root-servers.net.
. 42329 IN NS m.root-servers.net.
;; Query time: 37 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jun 28 12:13:43 BST 2018
;; MSG SIZE rcvd: 239
Right now we know where to start looking, lets query one of the root (13) name servers for who knows about the .uk namespace:
dig NS uk @a.root-servers.net
Okay this returns the list of the registrar of the uk name space (Nominet), who have a list of name servers dns1.nic.uk etc. (as an aside you can see their glue records for their name servers that reside in the domain for which they are serving), but we digress:
; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> NS uk @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5669
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 14
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;uk. IN NS
;; AUTHORITY SECTION:
uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
uk. 172800 IN NS dns1.nic.uk.
uk. 172800 IN NS dns2.nic.uk.
uk. 172800 IN NS dns3.nic.uk.
uk. 172800 IN NS dns4.nic.uk.
;; ADDITIONAL SECTION:
nsa.nic.uk. 172800 IN A 156.154.100.3
nsb.nic.uk. 172800 IN A 156.154.101.3
nsc.nic.uk. 172800 IN A 156.154.102.3
nsd.nic.uk. 172800 IN A 156.154.103.3
dns1.nic.uk. 172800 IN A 213.248.216.1
dns2.nic.uk. 172800 IN A 103.49.80.1
dns3.nic.uk. 172800 IN A 213.248.220.1
dns4.nic.uk. 172800 IN A 43.230.48.1
nsa.nic.uk. 172800 IN AAAA 2001:502:ad09::3
dns1.nic.uk. 172800 IN AAAA 2a01:618:400::1
dns2.nic.uk. 172800 IN AAAA 2401:fd80:400::1
dns3.nic.uk. 172800 IN AAAA 2a01:618:404::1
dns4.nic.uk. 172800 IN AAAA 2401:fd80:404::1
;; Query time: 28 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Thu Jun 28 12:18:22 BST 2018
;; MSG SIZE rcvd: 451
Right now lets query dns1.nic.uk. for which name servers serve the .ac.uk name space:
dig NS ac.uk @dns1.nic.uk
As we can see in the below it is JaNET, no surprise there:
; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> NS ac.uk @dns1.nic.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23902
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ac.uk. IN NS
;; AUTHORITY SECTION:
ac.uk. 172800 IN NS ns0.ja.net.
ac.uk. 172800 IN NS ns1.surfnet.nl.
ac.uk. 172800 IN NS ns2.ja.net.
ac.uk. 172800 IN NS ns3.ja.net.
ac.uk. 172800 IN NS ns4.ja.net.
ac.uk. 172800 IN NS auth03.ns.uu.net.
ac.uk. 172800 IN NS dns-3.dfn.de.
;; Query time: 24 msec
;; SERVER: 213.248.216.1#53(213.248.216.1)
;; WHEN: Thu Jun 28 12:19:00 BST 2018
;; MSG SIZE rcvd: 193
So now we want to query ns0.ja.net for which name servers serve the turnip.ac.uk name space:
dig NS turnip.ac.uk @ns0.ja.net
And we get:
; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> NS turnip.ac.uk @ns0.ja.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50020
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 9
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;turnip.ac.uk. IN NS
;; AUTHORITY SECTION:
turnip.ac.uk. 86400 IN NS dns1.turnip.ac.uk.
turnip.ac.uk. 86400 IN NS dns2.turnip.ac.uk.
turnip.ac.uk. 86400 IN NS dns3.turnip.ac.uk.
turnip.ac.uk. 86400 IN NS dns4.turnip.ac.uk.
;; ADDITIONAL SECTION:
dns1.turnip.ac.uk. 86400 IN A 134.62.201.30
dns2.turnip.ac.uk. 86400 IN A 134.62.201.31
dns3.turnip.ac.uk. 86400 IN A 134.62.201.32
dns4.turnip.ac.uk. 86400 IN A 234.110.171.59
dns1.turnip.ac.uk. 86400 IN AAAA 2001:630:145:4::30
dns2.turnip.ac.uk. 86400 IN AAAA 2001:630:145:4::31
;; Query time: 33 msec
;; SERVER: 128.86.1.20#53(128.86.1.20)
;; WHEN: Thu Jun 28 12:20:51 BST 2018
;; MSG SIZE rcvd: 335
And there they are, under the “ADDITIONAL SECTION”, these are the glue records, because the ns0.ja.net name servers return the turnip.ac.uk name servers, but these are within the domain for which they are resolving, so the glue record (which is basically a hint) will allow my client to resolve dns1.turnip.ac.uk for example to an IP address so it can query it for the next step.
If we did not have glue records here, DNS resolution would fail, because your client would keep getting given a name server and would try to look to resolve the name of the name server to the name server which is itself.
So now we can query dns1.turnip.ac.uk for www.turnip.ac.uk:
dig NS www.turnip.ac.uk @dns1.turnip.ac.uk
And we get:
; <<>> DiG 9.10.4-P8-RedHat-9.10.4-5.P8.fc25 <<>> NS www.turnip.ac.uk @dns1.turnip.ac.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34424
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.turnip.ac.uk. IN NS
;; ANSWER SECTION:
www.turnip.ac.uk. 300 IN CNAME lb.turnip.ac.uk.
;; AUTHORITY SECTION:
turnip.ac.uk. 900 IN SOA dns1.turnip.ac.uk. postmaster.turnip.ac.uk. 2011014294 10800 3600 2419200 900
;; Query time: 21 msec
;; SERVER: 134.62.201.30#53(134.62.201.30)
;; WHEN: Thu Jun 28 13:22:05 BST 2018
;; MSG SIZE rcvd: 119
So we can see that www.turnip.ac.uk resolves to lb.turnip.ac.uk, of course, now your client would need to resolve lb.turnip.ac.uk to an actual IP address.