NS Record
A DNS Name Server (NS) record is a type of DNS resource record that designates which name servers are authoritative for a particular domain or zone. NS records act as signposts that direct DNS queries to the servers holding the authoritative DNS zone file for a domain. They are essential for DNS delegation, allowing different parts of the DNS hierarchy to be managed by different name servers.
How it works
NS records tell recursive DNS resolvers where to find the authoritative source of DNS information for a domain. When a resolver needs to look up a domain name, it follows a chain of NS records starting from the root DNS servers, through the TLD (Top-Level Domain) servers, and finally to the authoritative name servers specified in the domain's NS records.
Every domain must have at least two NS records (though four is typical) pointing to authoritative name servers that store the domain's DNS records. Here's how the process works:
**DNS Resolution Path:**
1. A recursive resolver receives a query for
www.example.com
2. It queries a root server, which returns NS records for the .com TLD servers
3. The resolver queries a .com server, which returns NS records for example.com
4. The resolver queries one of example.com's authoritative name servers (specified in its NS records)
5. The authoritative server responds with the requested DNS information
**DNS Delegation:**
NS records enable DNS delegation, where authority for a subdomain can be delegated to different name servers. For example, the owner of example.com might create NS records for shop.example.com that point to different name servers, allowing that subdomain to be managed independently. This is done by inserting NS records in the parent zone that specify which name servers are authoritative for the child zone.
**Glue Records:**
When NS records point to name servers within the same domain they're authoritative for (e.g., example.com's NS records point to ns1.example.com), 'glue records' (A or AAAA records for the name servers) must be included to prevent circular dependencies. Without these, the DNS system would be stuck in an endless loop.Key Points
- Every domain must have at least two NS records for redundancy (typically 2-4 name servers)
- NS records specify which name servers are authoritative for a domain or subdomain
- They enable DNS delegation, allowing different zones to be managed by different servers
- Glue records (A/AAAA records) are required when NS records point to name servers within the same domain
- Changes to NS records can take 24-48 hours to propagate globally
Common Use Cases
- Domain Name Server Assignment: Specifying which name servers (e.g., ns1.cloudflare.com, ns2.cloudflare.com) are authoritative for your domain's DNS records
- Subdomain Delegation: Delegating control of a subdomain (like
api.example.com) to different name servers, allowing it to be managed independently from the main domain - DNS Provider Migration: When switching DNS providers, you update NS records at your domain registrar to point to the new provider's name servers
- Geographic Distribution: Using multiple geographically distributed name servers (specified via NS records) to improve DNS query response times worldwide
code Example Configuration
| Type | Host / Name | Value / Points to | TTL |
|---|---|---|---|
| NS | @ | ns1.example.com | 86400 |
| NS | @ | ns2.example.com | 86400 |
| NS | subdomain | ns1.otherprovider.com | 86400 |
| A | ns1 | 192.0.2.1 | 86400 |
* Domains typically have multiple NS records pointing to different name servers for redundancy. Glue records provide IP addresses when needed.
Frequently Asked Questions
How many NS records should a domain have?expand_more
A domain must have at least two NS records for redundancy, but best practice is to have 2-4 NS records pointing to different name servers. Having multiple name servers ensures that if one becomes unavailable, others can still respond to DNS queries. More than 4-5 NS records typically provides diminishing returns and can actually slow down DNS resolution.
What are glue records and when are they needed?expand_more
Glue records are A or AAAA records for name servers that prevent circular dependencies in DNS. They're needed when a domain's NS records point to name servers within the same domain. For example, if example.com uses ns1.example.com as its name server, you need a glue record providing ns1.example.com's IP address. Without it, resolvers would need to query example.com to find its name server's IP, but they can't query example.com without knowing where its name server is - creating an impossible circular dependency.
Can I use different name servers for different subdomains?expand_more
Yes, this is called DNS delegation. You can create NS records for a subdomain that point to different name servers than the main domain uses. For example, example.com might use Cloudflare's name servers, while shop.example.com could have NS records pointing to Shopify's name servers. This allows different teams or services to independently manage different parts of your domain's DNS.
What is a lame delegation?expand_more
A lame delegation occurs when NS records point to name servers that don't actually serve authoritative data for the domain. This can happen when NS records aren't updated after migrating DNS providers, or when name servers are misconfigured. Lame delegations cause DNS resolution failures and should be avoided by ensuring all NS records point to properly configured, authoritative name servers.
Where do I update my domain's NS records?expand_more
You update NS records at your domain registrar (where you purchased the domain), not at your DNS hosting provider. The registrar controls the NS records that are published in the TLD zone (.com, .org, etc.). Once you update NS records at your registrar to point to your DNS provider's name servers, the DNS provider then manages all other record types (A, CNAME, MX, etc.) for your domain.