.com TLD + Cloudflare NS = Faster DNS resolution?

Hi guys,

I don’t have the technical knowledge to understand this, but I’m sure many of you do!


1. According to this article from DZone…

… glue records reduce the number of lookups.

For domain names, which do not use subdomains of the same domain as authoritative nameservers, glue records help in reducing the number of lookups by providing the IP addresses for the authoritative name servers.


2. We know that Cloudflare nameservers are .COM …

;; AUTHORITY SECTION:
medium.com.		172800	IN	NS	kip.ns.Cloudflare.com.
medium.com.		172800	IN	NS	alina.ns.Cloudflare.com.

… and that they are perfectly configured as glue records*.

*for .com domains

;; ADDITIONAL SECTION:
kip.ns.Cloudflare.com.	172800	IN	A	173.245.59.128
kip.ns.Cloudflare.com.	172800	IN	AAAA	2400:cb00:2049:1::adf5:3b80
alina.ns.Cloudflare.com. 172800	IN	A	173.245.58.61
alina.ns.Cloudflare.com. 172800	IN	AAAA	2400:cb00:2049:1::adf5:3a3d

3. So DNS resolution for this TLD should be faster…

Because fewer lookups will be needed since the domain and nameservers are .COM and fortunately Cloudflare has set up the glue records (IPv4 + IPv6) for all *.ns.Cloudflare.com.

; <<>> DiG 9.8.3-P1 <<>> NS medium.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28302
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;medium.com.			IN	NS

;; AUTHORITY SECTION:
medium.com.		172800	IN	NS	kip.ns.Cloudflare.com.
medium.com.		172800	IN	NS	alina.ns.Cloudflare.com.

;; ADDITIONAL SECTION:
kip.ns.Cloudflare.com.	172800	IN	A	173.245.59.128
kip.ns.Cloudflare.com.	172800	IN	AAAA	2400:cb00:2049:1::adf5:3b80
alina.ns.Cloudflare.com. 172800	IN	A	173.245.58.61
alina.ns.Cloudflare.com. 172800	IN	AAAA	2400:cb00:2049:1::adf5:3a3d

;; Query time: 31 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Thu May 16 02:41:16 2019
;; MSG SIZE  rcvd: 168

… but what does it mean in practice?

  • How could we measure the supposed gain?
  • Does anyone know of any practical tests already done?
  • How to compare DNS resolution speed between domains from ≠ TLDs?

Thank you for your attention! :nerd_face:

Glue records are only necessary if a domain uses nameservers whose hostnames refer back to the same domain.

As for timing, I wouldnt not really focus on that.

1 Like

Hi @sandro,
Thanks for your attention, but I’m looking for an answer to this question.

I think DNS performance is relevant and by the way it’s Speed Week! :rocket:.

That is not really Cloudflare specific but a general “how much fastered are glued nameserver resolutions”. I’d probably take this to StackExchange.

I guess this should summarise it, considering you didnt believe me :wink:

Hi @sandro, let’s recap:

I asked if any member knows how to analyze the described scenario in order to measure the gains; if anyone is aware of any practical tests already done; and finally how to compare the DNS resolution speed of two different TLDs, considering their particularities.


:one:In your first response you talked about glue records being mandatory only for vanity nameservers (which is not related to this topic) and concluded by saying that you would not focus on that for time (which seems to be a personal opinion without any justification):


:two:So I responded by thanking and clarifying that I am looking for an answer to my specific question:


:three: Then you told that my topic is not specific to Cloudflare and that it should be on StackExchange:


:four: Now you’re telling that a discussion that happened 8 years ago proves that I should believe you:


Please allow truly interested users to participate.

This is not about believing. It’s about being consistent (and never forgetting the good neighborliness).

How did I not allow others to participate? So far nobody has.

Whether the discussion is eight years old or not does not really matter in this regard. Glue records in non-mandatory scenarios simply do not make much sense. Of course you are free to still add them, but that wont make much of a difference performance-wise and that latter point is the reason for your question, is it not?

I am afraid I can only re-iterate that I would take this topic to another more applicable forum as the topic here is somewhat off-topic.

I don’t know what that means. A TLD is .com .net or .org. Cloudflare doesn’t provide authoritative NS for any TLD today that I am aware of.

Fewer than what? Cloudflare hosts over 16 million domains, odds are ~= 100% that any major public DNS resolver has already looked up alina.ns.Cloudflare.com and had the answer in cache (TTL is 2 days) so even if you are looking up a .io domain, the recursive resolver in use doesn’t need to query for the answer if alina.ns.Cloudflare.com is returned as a nameserver for the zone.

That discussion seems accurate. I’m not aware of any changes to the RFCs which would change the answer. You can run “time dig NS example.domain @a.gtld-servers.net +trace” which will tell you how long a particular lookup took, but there is so much variability there outside whether or not the zone has glue records that I’m not sure how meaningful the data would be… and since that’s not how a public resolver gets the data (as it ignores items which may already be in cache) the data gleaned from testing is likely not a real world representation.

Hi @cscharff,
Thanks for the clarifications!


It was a typing error and should be: “… domains under this TLD

As I understood, at least 1 lookup less since it would not be necessary to check the nameservers’ IPs due to the existence of the glue records.

Good to know.


Below is the response I received from a Cloudflare team member on an old support ticket. That’s what made me believe there was some benefit in opting for .com domains:

… I see we put glue records on .com just to improve the performance but technically this does affect the DNS resolution process.

So we can conclude that using .com domains - the only TLD that would give us glue records - does not bring any performance benefit to DNS resolution?

As a practical matter I think this is true (for really any TLD). We do > 1.5M DNS queries per second on the Cloudflare’s authoritative DNS infrastructure so any reasonable public resolver is going to have foo.ns.Cloudflare.com cached saving the lookup Glue records would address.

1 Like

Thank you very much for your attention!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.