NS-Records (Authoritative name server)

NS-records identify the DNS servers responsible (authoritative) for a zone.

A zone should contain one NS-record for each of its own DNS servers (primary and secondaries).

This is mostly used for zone transfer purposes (notify messages).

These NS-records have the same name as the zone in which they are located.

The more important function of the NS-record is delegation.

Delegation means that part of a domain is delegated to other DNS servers.

For example, all ".com" sub-names (such as "example.com") are delegated from the "com" zone.

The "com" zone contains NS-records for all ".com" sub-names (a lot!).

You can delegate sub-names of your own domain name (such as "subname.example.com") to other DNS servers the same way.

To delegate "subname.example.com", create NS-records for "subname.example.com" in the "example.com" zone.

These NS-records must point to the DNS server responsible for "subname.example.com", for example, "ns1.subname.example.com" - or a DNS server somewhere else like "ns1.othername.net".

An NS-record identifies the name of a DNS server - not the IP-address.

Because of this, it is important that an A-record for the referenced DNS server exists (not necessarily on your DNS server, but wherever it belongs), otherwise there may not be any way to connect with that DNS server.

If an NS-record delegates a sub-name ("subname.example.com") to a DNS server with a name in that sub-name ("ns1.subname.example.com"), an A-record for that server (""ns1.subname.example.com") must exist in the parent zone ("example.com").

This A-record is called a "glue record", because it doesn't really belong in the parent zone, but is necessary to locate the DNS server for the delegated sub-name.

To create a new NS-record, right-click a zone in the left list in the DNS Records window, and select "New NS-record" from the pop-up menu.

This record type is defined in RFC1035.

 Comments
Gravatar
15 Apr 2019 20:44 UTC
Ryan
Is it possible to use an NS record to delegate an entire domain? For instance, let's say the authoritative name server for example.com is ns1.e.com. On ns1.e.com, can I have "example.com NS someoneelse.com" in order to delegate all name services for example.com to someoneelse.com?

Why would I do such a thing? I can think of a few reasons:
1. I can update ns1.e.com, but the person that registered example.com quit and took their domain registrar credentials with them.
2. We want to use a third-party reverse proxy and that third party wants to be able to update the IP addresses for example.com. However, we want to to be able to stop using their service a a moment's notice. It would be easier to update an NS record on ns1.e.com than to update the name server setting at the domain registrar.
JH Software
26 May 2019 20:00 UTC
JH Software
Hi Ryan.
Unfortunately no.
It is only possible to delegated sub-names - not the root of the zone.
This is just how the DNS protocol works.
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)
Connect