My bank’s website is down right now, and it appears to be a glue record issue. This is interesting to me because (a) I would like to check something in my bank account and (b) glue records were far and away the hardest thing about DNS for me to understand.

Most people that read this blog already know this, but I’m bored and home sick so I’m going to write it up anyway. A glue record, in short, is a little known aspect of DNS that ties a domain name directly to an IP at the registrar (WHOIS) level, rather than the name server level. It’s useful if you want to host your own DNS, and here’s what it looks like when it fails (sorry for outing you, UFCU!):

$ ping
ping: cannot resolve Unknown host
$ dig +short
;; connection timed out; no servers could be reached
$ host -t ns
;; connection timed out; no servers could be reached
$ whois | grep NS
Name Server:NS1.UFCU.ORG
Name Server:NS2.UFCU.ORG
Name Server:NS3.UFCU.ORG

As you can see, according to the WHOIS information, DNS information for can be found at Which, since information about is exactly what we’re looking for, sends us into a loop:

What’s the IP for Ask the name server Okay, what’s the IP for so I can go ask? Ask the name server for (

This is only a problem because the DNS for is self-referential. Enter the glue record. A glue record, as I mentioned above, bypasses the normal name server queries and directly provides an IP for a name server. You’ll never be able to complete a query for if you have to query for information about itself, so the registrar will hard code an IP for and hand that out when asked “What’s the IP for”

Once you understand the loop a query would fall in to, glue records are easy. But the loop itself is hard to explain, and most of what I had trouble with. Aside from a missing one, the only other glue record problem I’ve run into is an incorrect one. Those are even more fun!

I now return you to your regularly scheduled day. Time for another popsicle and a nap for me!

ps. Their website is back up 🙂