Hi! So first, what glue records really do:
A note: I’m also going to ignore caching because it doesn’t matter, and skip a ton of other details, I’m trying to make this simple.
A user wants to visit
example.com., so they ask their DNS resolver and it does all the rest of the work to eventually return the answer.
The DNS resolver will first ask the root (
.) for info about
com., it will then ask those servers for info about
example.com. only to be told that
example.com. has a nameserver of
Now the DNS resolver needs to ask
bob.ns.cloudflare.com. for information, so again we ask the
. root, then ask
com. to help us find
cloudflare.com. And this is where we have a problem, because the answer is
ns3.cloudflare.com.. This is good to know, but we are already looking for information about
cloudflare.com., so now we have hit a loop.
This is where glue records come in. When we ask the
com. roots for
cloudflare.com., it will not only tell us
ns3.cloudflare.com., but it will also helpfully include a clue that
ns3.cloudflare.com has an A record of
126.96.36.199 (so we can now fully resolve
cloudflare.com and work backwards to answer the user).
Glue records are those hints.
You only need glue records when you are resolving a domain who’s nameservers exist as records under that same domain. Outside of this glue records are not needed or used.
So, from your description, I don’t believe glue records are actually your problem, because I believe you are pointing
domain.com. to your Cloudflare DNS servers amy and andy.
Instead, I suspect you want to first verify in your Cloudflare dashboard that you have ns1.example.com set to the correct IP, and that the record is not proxied (it must have a and not ).
If you have a Business or Enterprise account then you can configure custom nameservers such that you will need glue records, but in this case you are not going to use
amy.ns.cloudflare.com. anymore as you will use your own custom records instead. In this situation glue records are needed, and Cloudflare will give you the information that you need.
If you can post your domain name and the full hostname of one of your nameserver records I can try to take an educated guess about what is actually happening.