Comparing Glue Requirements IPv4 vs IPv6 Registries

In the domain name system (DNS), glue records are essential components that facilitate the resolution of domain names when a domain’s authoritative name servers are located within the same zone as the domain itself. Glue records are typically A or AAAA records published at the parent zone to prevent circular dependencies during DNS resolution. As the internet transitions from IPv4 to IPv6, the requirements and behavior surrounding glue records have evolved. Comparing glue requirements across IPv4 and IPv6 registries reveals subtle but significant differences that domain operators must understand to maintain consistent, reliable domain resolution in a dual-stack world.

Under IPv4, glue records are relatively straightforward. When a domain, such as example.com, uses a nameserver like ns1.example.com, the registry for the .com TLD requires an A record to be submitted as glue. This A record must specify the IPv4 address of the nameserver. Without it, a recursive resolver trying to find ns1.example.com would first query the .com zone for example.com, only to be told that the nameserver is ns1.example.com—a host whose resolution also requires querying example.com, leading to a circular dependency. Glue records inserted at the parent solve this issue by providing the IP address needed to break the loop and continue resolution.

With the advent of IPv6 and the use of AAAA records for nameservers, glue requirements extend to encompass IPv6 addresses. When a domain’s nameservers are specified using hostnames that reside within the domain itself, and those hostnames resolve to IPv6 addresses, registries now require the submission of AAAA glue records in addition to A records. This ensures that resolvers which prefer or exclusively use IPv6 can complete the resolution process without stalling. However, the implementation of IPv6 glue handling varies more significantly across TLD registries than IPv4, due in part to the newer adoption curve and different infrastructure readiness levels.

Some registries enforce strict glue policies for both A and AAAA records, rejecting domain registrations or updates if glue is missing for in-zone nameservers. Others are more lenient and accept delegations without requiring glue, assuming the child zone is configured to allow out-of-bailiwick resolution or that resolvers will fall back to IPv4. This inconsistency poses a challenge for domain administrators attempting to standardize deployments across TLDs, as each registry’s glue policy must be individually researched and adhered to.

In many registries, particularly in generic top-level domains (gTLDs) like .com, .net, and .org, glue records are stored and managed via host objects. These host objects can have both A and AAAA records associated with them. When registering a domain or updating its delegation, the registrar submits the host object details to the registry, including both IPv4 and IPv6 addresses. The registry then includes the appropriate glue in the TLD zone. For IPv6, this requires that the domain owner ensure not only that their nameservers are dual-stack but also that the registrar’s control panel or API supports the submission of AAAA records for glue, which is not universally available among lower-tier or budget registrars.

IPv6 glue records also introduce new considerations in DNSSEC-enabled environments. The inclusion of glue at the parent zone must align with the delegations and authoritative data at the child zone. Although glue records are not signed in DNSSEC, discrepancies between glue data and authoritative data can lead to resolution failures or misbehavior in validating resolvers. This risk is compounded when registrars or registries cache old AAAA glue records that are no longer valid, leading to potential blackholing of DNS traffic for IPv6-only clients. Therefore, keeping glue records accurate and synchronized with current infrastructure is vital.

Reverse DNS and PTR delegation further complicate the picture. While glue records themselves are a forward-resolution mechanism, domain owners using IPv6 need to coordinate reverse delegation with upstream providers, often requiring custom reverse zones in ip6.arpa. Unlike IPv4, where glue requirements are primarily handled at the registry level, IPv6 reverse mappings often involve ISPs or RIR-delegated address space, making glue-style delegation less centralized and more reliant on multi-party coordination.

Registry requirements around glue also intersect with operational policies regarding address assignments. In the IPv4 world, where addresses are more limited, nameservers are often hosted on shared infrastructure using common IP addresses. In IPv6, the abundance of addresses allows each domain or service to have unique IPs, but this requires registries and registrars to support the increasing volume and complexity of AAAA glue submissions. Some registries impose limits on the number of host objects or glue records per domain to mitigate database size and lookup latency, which may affect domains with large numbers of nameservers or custom redundancy configurations.

From a resolver perspective, glue records must be trusted only within the scope of their use. Whether for A or AAAA records, recursive resolvers treat glue as hints rather than authoritative data and will attempt to verify glue information by querying the authoritative zone. This behavior ensures that stale glue does not override correct current data, but it also means that inaccurate or missing AAAA glue can delay or prevent resolution for IPv6 clients if fallback to IPv4 is not available or desirable. Therefore, glue records must be both present and correct for optimal IPv6 resolution performance.

Overall, the differences in glue requirements between IPv4 and IPv6 reflect broader trends in the DNS ecosystem. While the core concept remains the same—providing IP address information to avoid resolution loops—the operational context and technical considerations are more complex for IPv6. Domain owners must account for registry-specific policies, registrar capabilities, DNSSEC implications, and resolver behavior. Properly managing AAAA glue records alongside their A counterparts is a critical step in ensuring that domains are fully reachable in a dual-stack internet and that they meet the expectations of both users and automated systems that rely on consistent and secure DNS resolution. As IPv6 continues to expand, adherence to best practices in glue record management will become a defining factor in domain reliability and accessibility.

In the domain name system (DNS), glue records are essential components that facilitate the resolution of domain names when a domain’s authoritative name servers are located within the same zone as the domain itself. Glue records are typically A or AAAA records published at the parent zone to prevent circular dependencies during DNS resolution. As…