NS Resource Record
An NS-RR (Name Server Resource Record ) is a record of a DNS server and can fulfill two different functions:
- It defines which name servers are officially responsible for this zone, or
- it concatenates zones into a zone tree (delegation).
Comment on function 1: A zone can have further authoritative name servers for which no NS-RRs exist. Such servers are referred to as stealth servers or hidden primary .
construction
A NS-RR has the following elements:
- domain
- for which the entry is
- TTL
- specifies in seconds how long this RR may be valid in a cache
- protocol
- IN ( Internet )
- service
- NS (Name Server) list
- server
- Name of the authoritative name server for this domain
List of authoritative name servers
In each zone file there must be at least one NS-RR that indicates which name server is authoritative for this zone. The corresponding NS-RRs are usually located at the beginning of a zone file immediately after the SOA-RR .
example
The following NS-RRs exist in the zone file example.com :
example.com. 1800 IN NS names1.example.com. example.com. 1800 IN NS names2.example.com.
The NS-RRs alone do not tell who is the primary and who is the secondary name server. The primary name server is listed in the SOA resource record .
Zone delegation
References to subdomains can be defined using NS-RRs. The corresponding subdomain is, so to speak, outsourced from the zone file. Such an NS-RR thus serves as a pointer that points to another name server (or to another zone file on the same server). In this context one also speaks of delegation . Resolver requests are delegated to another name server. The corresponding NS-RRs are usually entered scattered across the zone file.
example
The following lines exist in the zone file example.com :
zone.example.com. 1800 IN NS names1.example.com. zone.example.com. 1800 IN NS names1.zone.example.com.
The zone zone.example.com within example.com is now delegated to the two name servers, which are therefore authoritatively responsible. It should also be noted that names1.zone.example.com lies within the zone for which it is responsible. A resolution of this name to the IP address is now not possible, since only the server itself can do the resolution. For this reason, so-called glue records are inserted, these are A or AAAA resource records that enable this assignment. In our example there would be another
names1.zone.example.com. 1800 IN A 192.168.7.200 names1.zone.example.com. 1800 IN AAAA 2001:db8::192:200
in the higher-level zone ( i.e. example.com and not zone.example.com ).
Web links
- Resource Records RR (English)