Welcome!

Related Topics: @DevOpsSummit, Linux Containers, Containers Expo Blog

@DevOpsSummit: Blog Post

Glue Records and Why They Are Crucial | @DevOpsSummit #DevOps #WebPerf

A lot has been written and discussed about Domain Name System (DNS) in the past few days

Glue Records and Why They Are Crucial
By Nilabh Mishra

A lot has been written and discussed about Domain Name System (DNS) in the past few days. The DDoS attacks on one of the major managed DNS Providers a while ago just made us all take DNS issues seriously once again.

So why so much emphasis on getting DNS Right? Like a lot of other people in this Ecosystem, we believe that DNS is not just a metric but a lifeline; a backbone for our online systems. It is extremely important to the Internet as it lays the foundation for the WWW (World Wide Web).

DNS, in simple terms, translates Host names to IP Addresses. The objective of DNS seems straight forward and simple, yet in real life, it has grown to become one of the most complex systems we have today.

All these add more complexity to an already complex system.

  • Domain Registries
  • Global Top Level Domains (gTLDs)
  • Numerous Country Code Top Level Domains (ccTLDs)
  • An ever-growing list of all the new TLDs (.space, .photography etc.)

Since DNS is not restricted to a single machine (being a distributed, coherent, and hierarchical database) and involves multiple hierarchies and entities, ensuring that every hierarchy and entity involved in managing the system is working efficiently becomes crucial. At the top of the hierarchy is:

  • Root(.)
  • gTLD servers
  • Authoritative Nameservers for domains

Every level in this hierarchy has an important role to play in the resolution process of a Domain Name:

  • The Registries (Verisign managing .COM and .NET)
  • Registrars (GoDaddy and Namecheap)
  • Registrants (those register a Domain Name)
  • ISPs
  • Managed DNS Service Providers

We all are a part of this system and it becomes extremely important for us, as Registrants, to keep an eye on how these multiple components are functioning to ensure that we have a stable and well-functioning system.

In this article, we will focus on a very important concept in DNS known as “Additional Records,” or “Glue Records.”

Additional Records or Glue Records
In simplest of terms, Glue records are A records or IP Addresses that are assigned or mapped to a Domain Name or a sub-domain. Glue records become extremely important when the Nameservers for a domain name are the sub-domains of the domain name itself.

The Glue records can be seen under the “Additional Section” of a DNS Response.

Let’s take an example to understand how Glue Records work; assume you have a domain name called “yourdomain.com” for which you are using the following set of Nameservers:

ns1. yourdomain.com

ns2. yourdomain.com

In the DNS Resolution process, the authoritative nameservers for yourdomain.com are ns1.yourdomain.com and ns2.yourdomain.com. The DNS resolution for ns1.yourdomain.com would first require the resolution of yourdomain.com, which returns the authoritative nameservers as ns1 and ns2.yourdomain.

As you may have already noticed, this creates a circular dependency, or other words a Loop, and the resolution never succeeds.

Glue records help in breaking this dependency by providing the IP Addresses for ns1.yourdomain.com and ns2.yourdomain.com in the lookup process, this breaks the loop from getting created as we no longer need to resolve the nameservers for the IP Addresses – these addresses are already provided in the form of “Glue Records”.

image2

In the example above, we see that Glue records helped remove the circular dependency by providing the A Records for ns1.ctrls.in and ns2.ctrls.in which were returned as the Authoritative Nameservers for the domain: ctrls.in. If this was not the case, the DNS Lookup would have failed because of a circular dependency.

For Domain names, which do not use sub-domains of the same domain as Authoritative Nameservers, Glue records help in reducing the number of lookups by providing the IP Addresses for the authoritative Nameservers. Here is an example for Wikipedia.com.

image1

In this case, Wikipedia.org returned ns1.wikimedia.org, ns2.wikimedia.org and ns3.wikimedia.org as the authoritative nameservers for the domain. This would have required an additional level of DNS lookup for Wikimedia.org to get the A/AAAA record for the domain name initially queried for i.e. Wikipedia.org.

One of our customers, a leading CDN provider headquartered in China, reached out to us a while ago, complaining that the A records being returned for two of their Nameservers were incorrect (Old IPs).

When investigating this case, we observed that when doing a DNS Experience test for the Nameservers, the IPs being returned by the authoritative nameservers were correct. However, when running a DNS Direct test to the Nameservers of the Domain using any of the gTLDs (a-m.gtld-servers.net.), the IPs returned were the incorrect IPs.

Digs to the domain name using the command: dig “domain name here” @a.root-servers.net returned the same response as Catchpoint’s DNS tests.

Further investigation led us to believe that this was one of those cases where the changes to the GLUE/Additional record at the Domain Registrar’s end was not pushed to the gTLD Servers.

Catchpoint DNS Monitors
Experience DNS Test For DNS tests that use the experience monitor, Catchpoint randomly selects a server from each level of the DNS route and queries it for the domain.
Direct DNS Test This test provides the complete query and response from the DNS server specified for the test along with the length of time it took to complete the test and any errors received during testing.


What fixed this issue?
Based on our recommendations, our Client reached out to the Domain Registrar for the domain and got the Glue records updated for the Domain. The change made was pushed to all the gTLD servers and the issue was resolved.

This incident emphasizes the importance of monitoring each level as well as each component of this amazingly vast system we know as DNS. Having a Monitoring strategy focused around DNS is not just recommended but is crucial to discover issues that may be under our control or out of our control.

The post Glue Records and Why They are Crucial appeared first on Catchpoint's Blog.

Read the original blog entry...

More Stories By Mehdi Daoudi

Catchpoint radically transforms the way businesses manage, monitor, and test the performance of online applications. Truly understand and improve user experience with clear visibility into complex, distributed online systems.

Founded in 2008 by four DoubleClick / Google executives with a passion for speed, reliability and overall better online experiences, Catchpoint has now become the most innovative provider of web performance testing and monitoring solutions. We are a team with expertise in designing, building, operating, scaling and monitoring highly transactional Internet services used by thousands of companies and impacting the experience of millions of users. Catchpoint is funded by top-tier venture capital firm, Battery Ventures, which has invested in category leaders such as Akamai, Omniture (Adobe Systems), Optimizely, Tealium, BazaarVoice, Marketo and many more.

Latest Stories
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
Transformation Abstract Encryption and privacy in the cloud is a daunting yet essential task for both security practitioners and application developers, especially as applications continue moving to the cloud at an exponential rate. What are some best practices and processes for enterprises to follow that balance both security and ease of use requirements? What technologies are available to empower enterprises with code, data and key protection from cloud providers, system administrators, inside...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been designed around data privacy," explained Julian Box, CEO and co-founder of Calligo, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
You want to start your DevOps journey but where do you begin? Do you say DevOps loudly 5 times while looking in the mirror and it suddenly appears? Do you hire someone? Do you upskill your existing team? Here are some tips to help support your DevOps transformation. Conor Delanbanque has been involved with building & scaling teams in the DevOps space globally. He is the Head of DevOps Practice at MThree Consulting, a global technology consultancy. Conor founded the Future of DevOps Thought Leade...
Security, data privacy, reliability and regulatory compliance are critical factors when evaluating whether to move business applications from in-house client hosted environments to a cloud platform. In her session at 18th Cloud Expo, Vandana Viswanathan, Associate Director at Cognizant, In this session, will provide an orientation to the five stages required to implement a cloud hosted solution validation strategy.
Jo Peterson is VP of Cloud Services for Clarify360, a boutique sourcing and benchmarking consultancy focused on transforming technology into business advantage. Clarify360 provides custom, end-to-end solutions from a portfolio of more than 170 suppliers globally. As an engineer, Jo sources net new technology footprints, and is an expert at optimizing and benchmarking existing environments focusing on Cloud Enablement and Optimization. She and her team work with clients on Cloud Discovery, Cloud ...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...