NS Resource Record

from Wikipedia, the free encyclopedia

An NS-RR (Name Server Resource Record ) is a record of a DNS server and can fulfill two different functions:

  • It defines which name servers are officially responsible for this zone, or
  • it concatenates zones into a zone tree (delegation).

Comment on function 1: A zone can have further authoritative name servers for which no NS-RRs exist. Such servers are referred to as stealth servers or hidden primary .


A NS-RR has the following elements:

for which the entry is
specifies in seconds how long this RR may be valid in a cache
IN ( Internet )
NS (Name Server) list
Name of the authoritative name server for this domain

List of authoritative name servers

In each zone file there must be at least one NS-RR that indicates which name server is authoritative for this zone. The corresponding NS-RRs are usually located at the beginning of a zone file immediately after the SOA-RR .


The following NS-RRs exist in the zone file example.com :

example.com.  1800  IN  NS  names1.example.com.
example.com.  1800  IN  NS  names2.example.com.

The NS-RRs alone do not tell who is the primary and who is the secondary name server. The primary name server is listed in the SOA resource record .

Zone delegation

References to subdomains can be defined using NS-RRs. The corresponding subdomain is, so to speak, outsourced from the zone file. Such an NS-RR thus serves as a pointer that points to another name server (or to another zone file on the same server). In this context one also speaks of delegation . Resolver requests are delegated to another name server. The corresponding NS-RRs are usually entered scattered across the zone file.


The following lines exist in the zone file example.com :

zone.example.com.   1800  IN  NS  names1.example.com.
zone.example.com.   1800  IN  NS  names1.zone.example.com.

The zone zone.example.com within example.com is now delegated to the two name servers, which are therefore authoritatively responsible. It should also be noted that names1.zone.example.com lies within the zone for which it is responsible. A resolution of this name to the IP address is now not possible, since only the server itself can do the resolution. For this reason, so-called glue records are inserted, these are A or AAAA resource records that enable this assignment. In our example there would be another

names1.zone.example.com.  1800 IN A
names1.zone.example.com.  1800 IN AAAA 2001:db8::192:200 

in the higher-level zone ( i.e. example.com and not zone.example.com ).

Web links