[Bender]

Every time I stand up new name servers I have to add the glue records into the root servers or the name servers do not exist. In fairness to me I keep forgetting the trend is to shove everything into big centralized DNS servers as it is something I would never do at least not as a primary.

[toast0]

Afaik, those glue records are held at your TLD's registry and served by the tld nameservers, not the root servers.

It might be nice to get a zone transfer for every tld, but that's not possible for the public. (I understand there's some way to get many of them, but $$$$)

[Bender]

I run my own name servers. I never use the name servers of a registry. I can see the glue records of my name servers in the root servers. In fact the reason I left NetworkSolutions (web.com) was that their interface to update the root servers broke and there was nobody left that knew how to fix it. I'm sure they must have fixed it by now but I was being impatient only waiting 3 weeks.

I should add that I have been adding name servers to the root servers since 1998. I've just never managed one of the root servers and I guess nobody on HN has either.

[toast0]

I'm pretty sure you're confused.

If you query your domain at the root servers, they will refer you to the tld servers, run by your registry.

Then when you query your domain at the tld servers, they return your selected nameservers along with their addresses, if in their bailiwick.

[Bender]

Im not confused at all. For your recursive servers to know how to get the name servers they have to have a hints file, that tells them what to use for the tld, then from the group of root servers associated with that TLD you get the glue (name servers) assocociated with the domain, then you query the authoritative name servers for that domains resources you were requesting. Every name server has a glue record in the root servers. I can manually walk you through it with dig if you would like.

I need to clean up the formatting a bit but this is a walk through. [1] I think I know where your confusion is but I will wait for your reply.

[1] - https://blawg.nochan.net/b/Internet-Crap/20260530-DNS-Recurs...

[toast0]

> from the group of root servers associated with that TLD you get the glue (name servers) assocociated with the domain

Those are not root servers. They are tld servers, run by the registry for the tld your domain is under.

The root servers serve the root. Root hints just tell you where those are. The zone file you listed has the whole root zone.

a.root-servers.net is a root server.

a.gtld-servers.net is a tld server (controlled by verisign, iirc?). several tlds use gtld-servers, but that doesn't make them root servers.

[Bender]

TLD servers are just another level of root servers. Each TLD does have a primary registrar that manages them however they provide access to thousands of registrars to manage the glue records at that layer. They are still collectively part of the root servers even if they are not under the domain root-servers.net. My registrar does not manage them. Nobody here is on a regisrar that manages the TLD root servers. The only permission my registrar and most registrars have is to update glue records for the domains their domain clients own and to add their domains. I and every DNS admin I've ever know collectively refers to all levels of the root and TLD servers as root servers. Even if that is technically incorrect that is how we have always referred to them. I think that distinction would primarily mater for people that worked at one of the high level registrars that manages the anycast clusters of tld root servers. At least I think that is where the confusion started. This was fun we should do this again. I updated the blawg to add (TLD) in reference to root servers.