Monday, May 1, 2017

nameserver - Do glue records in non-circular dns-lookups speed up domain resolution or not?

Doing a lookup for my domain on http://www.intodns.com/ I noticed theese two messages:



In Parent section:




DNS Parent sent Glue The parent
nameserver g.gtld-servers.net is not
sending out GLUE for every nameservers

listed, meaning he is sending out your
nameservers host names without sending
the A records of those nameservers.
It's ok but you have to know that this
will require an extra A lookup that
can delay a little the connections to
your site. This happens a lot if you
have nameservers on different TLD
(domain.com for example with
nameserver ns.domain.org.)





and in NS section:




Glue for NS records INFO: GLUE was not
sent when I asked your nameservers for
your NS records.This is ok but you
should know that in this case an extra
A record lookup is required in order

to get the IPs of your NS records. The
nameservers without glue are:
109.230.225.96
84.201.40.52 You can fix this for example by adding A records to your
nameservers for the zones listed
above.




I do perfectly understand that the primary objective of glue records is to resolve circular dependencies.




The classic use case:



my domain is example.com and I want to have the nameserver ns1.example.com. This will never work because i cannot know the ip of ns1.example.com if I don't fetch example.com and in order to do that I need to fetch it from ns1.example.com. To resolve this deadlock I add a glue record to ns1.example.com containing the ip adress of the nameserver, so this can work out.



So this problem does not occour if the nameservers are in a different TLD than the domain i want to look up. But however to fetch the zone information from the nameservers I need to know their ip adress right? And in order to know that i need to fetch the zone the nameservers are in from their respective nameservers, right? (or rather my ISP needs to do that in the background) So an extra lookup that takes time?



If I now have glue records, I know the IP adress right away without the need to look it up - so this should speed up the resolution of my domain, shouldnt it?



However my DNS zone provider (tecserver.at) replied that





this would make no sense because "we
are not running ns1.ourdomain.com an
ns1.ourdomain.com as authorative NS for
ourdomain.com.



This would be the only sense for glue
records.



Tecserver has a glue record because

the NS for tecserver.at are
ns1.tecserver.at and ns2.tecserver.at.
Therefore a glue record is needed for
resolution.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...