Sondre
By:
Sondre

What is the point of the NS records?

October 17, 2014 3.7k views

I notice that when setting up a new domain in the DNS section, it automatically creates three NS-records for you: ns1-3.digitalocean.com. What is the point of these records?

The way I understand DNS, they are useless, and I'm sure they are there for a reason. So where am I wrong? When I register a domain and set it's name servers to ns1-3.digitalocean.com, this info is sent to the top level domain name servers. So when a user enters domain.com, it queries .com, and gets the name servers I just specified (ns1-3.digitalocean.com). domain.com is then sent to DO's name servers. It is by default set up with one A record (@ to VPS IP).

So the request has been handed to DO's name servers, and the record for the domain points to ns1-3.digitalocean.com. Isn't this a circular reference? (ns1-3.digitalocean.com queries itself because of the NS-records.)

2 comments
  • NS records exist to allow you to delegate domain or subdomain to different name servers. Whenever someone wants to know the address of example.com, or any other record associated with example.com, their DNS resolver will ask around to find out which name servers are responsible for example.com.

    If it's ns1-3.digitalocean.com, resolver will go and ask one of them for the record it needs. Digital Ocean's name server can then tell them the IP of your VPS.

    There is a problem with circular reference when the name server is itself in the domain it serves (ns1.example.com for example.com). To solve this problem, you can specify glue records, so that the root servers will insert additional information in the response about the domain, the IP addresses of its name servers.

    Another way to use NS records is to delegate a subdomain elsewhere. Say you own cooldomain.com and your friend wants to use less.cooldomain.com. You could just configure it for him but then whenever he wants to change something, you need to do it. So... you just delegate less.cooldomain.com to name servers he controls (ns1.friendsdomain.net and ns2.friendsdomain.net) where he can configure less.cooldomain.com however he pleases, including creating even.less.cooldomain.com sub-subdomain.

  • @bofh Thank you for a quick reply! Say I own and have set up a zone file (DO) on domain.com. It has an A record for @, a CNAME for www and NS ns1.other.com. If somebody queries sub.domain.com, the subdomain sub is not defined, and the request is passed on to ns1.other.com?

    There can only exist one zone file per domain on DO's name servers. This means that if somebody queries sub.domain.com, and the request is passed to ns1-3.digitalocean.com, it will not find any more information about sub.domain.com. So since it is passing on the request to itself, what good is it? If I've understood your answer correctly, NS only makes sense if it points to a different name server.

2 Answers

This question was answered by @bofh:

NS records exist to allow you to delegate domain or subdomain to different name servers. Whenever someone wants to know the address of example.com, or any other record associated with example.com, their DNS resolver will ask around to find out which name servers are responsible for example.com.

If it's ns1-3.digitalocean.com, resolver will go and ask one of them for the record it needs. Digital Ocean's name server can then tell them the IP of your VPS.

There is a problem with circular reference when the name server is itself in the domain it serves (ns1.example.com for example.com). To solve this problem, you can specify glue records, so that the root servers will insert additional information in the response about the domain, the IP addresses of its name servers.

Another way to use NS records is to delegate a subdomain elsewhere. Say you own cooldomain.com and your friend wants to use less.cooldomain.com. You could just configure it for him but then whenever he wants to change something, you need to do it. So... you just delegate less.cooldomain.com to name servers he controls (ns1.friendsdomain.net and ns2.friendsdomain.net) where he can configure less.cooldomain.com however he pleases, including creating even.less.cooldomain.com sub-subdomain.

View the original comment

Have another answer? Share your knowledge.