DNS NS Record

What is a NS Record?

A DNS NS record (Name Server record) specifies the authoritative name servers for a domain or subdomain. These are the servers that hold the actual DNS records for the domain and are responsible for answering queries about it. NS records are fundamental to the hierarchical structure of the DNS system.

When a recursive resolver needs to find the IP address for a domain, it follows the chain of NS records from the root servers down through the TLD (Top-Level Domain) servers to the domain's authoritative name servers. For example, resolving example.com involves querying root servers for .com NS records, then querying .com servers for example.com NS records, and finally querying the domain's name servers for the actual A/AAAA records.

Every domain must have at least two NS records pointing to different name servers for redundancy. If one name server becomes unavailable, the other can still answer queries. Many organizations use managed DNS services like Cloudflare, AWS Route 53, or Google Cloud DNS, which provide highly available name server infrastructure. NS records can also be used to delegate subdomains to different name servers, allowing separate teams to manage different parts of the DNS zone.

Syntax & Examples

The syntax of a DNS NS record specifies the authoritative name servers:

example.com.    86400    IN    NS    ns1.example.com.
example.com.    86400    IN    NS    ns2.example.com.

The TTL for NS records is typically set high (86400 seconds = 24 hours) because name server changes are infrequent. For subdomain delegation, NS records specify separate name servers:

sub.example.com.    86400    IN    NS    ns1.subprovider.com.
sub.example.com.    86400    IN    NS    ns2.subprovider.com.

If the name servers are within the same domain (e.g., ns1.example.com for example.com), glue records (A records for the NS hostnames) must be registered at the parent zone to avoid circular dependencies.

How to Query NS Records

To query NS records using dig, run: dig example.com NS. For concise output: dig +short example.com NS. To see the full delegation chain from root, use: dig +trace example.com. This shows every NS delegation from the root servers down to your domain's authoritative servers. To query the registrar-level NS records (which may differ from zone NS records): dig example.com NS @a.gtld-servers.net.

With nslookup, use: nslookup -type=NS example.com. On Windows PowerShell: Resolve-DnsName -Name example.com -Type NS. To verify that all name servers are responding correctly, query each one individually: dig @ns1.example.com example.com A and dig @ns2.example.com example.com A. All authoritative servers should return identical results.

Related Record Types

Frequently Asked Questions

What is a DNS NS record?

A DNS NS (Name Server) record specifies which name servers are authoritative for a domain. These servers hold the actual DNS zone data and respond to queries about the domain. Every domain requires at least two NS records for redundancy, pointing to different name servers.

How many NS records should a domain have?

A domain should have at least two NS records for redundancy, but many organizations use three or more. Having name servers in different geographic locations and on different networks improves resilience. Major DNS providers typically assign 2-4 name servers from their globally distributed infrastructure.

What are glue records?

Glue records are A records for name servers that exist within the domain they serve. For example, if example.com uses ns1.example.com as a name server, there's a circular dependency — you need to resolve ns1.example.com to find the name server, but you need the name server to resolve it. Glue records break this cycle by storing the IP directly at the parent zone.

Can I delegate a subdomain to different name servers?

Yes, NS records can be used to delegate a subdomain to entirely different name servers. This is common in large organizations where different teams manage different subdomains. For example, dev.example.com could be delegated to an internal DNS server while example.com uses an external DNS provider.

How long does it take to change name servers?

Changing name servers (at the registrar level) typically takes 24-48 hours to fully propagate, because NS records often have high TTL values and registrar updates involve parent zone changes. During the transition, both old and new name servers should be configured to serve correct records to avoid downtime.