S E C U R E

Loading

NS Records are name server records.

NS Resource Records are records in the DNS database to determine which authorative name servers are used for the domain.

    IN    NS    ns1.mydomain.com
    IN    NS    ns2.mydomain.com

The DNS database is used to convert (sub)domain names to IP adresses. They work as a distributed telephone book. Records are kept in cache for a time (mostly 24 hours) that's why it often requires at leats 24 hours to change a domain.

DNS is an distributed system. To find an IP address of a given domain, you have to query one of the root servers first. However, not everyone needs to query root servers since most people use ISP hosted DNS server which does the resolving task on their behalf and caches the result.

NS or name server records are used for recursively resolving the required domain name. NS records are used to tell the DNS resolver which DNS server is responsible for the given zone which is basically used to redirect the resolver to the DNS server hosting the next level domain.

The DNS resolver is pre-configured with a set of 13 root server IP addresses which are permanently assigned. The resolving process for "example.com" would be as follows:

  1. DNS resolver randomly selects one root server from the pre-configured root servers list and queries it.
  2. The root servers only maintain list of top level domain (TLD) with NS records. So, the response for the query will list out NS records for "com" TLD.
  3. The resolver will read the NS records from the response and randomly pick one and repeat the same query.
  4. The "com" TLD server maintains list of NS records for the next level i.e. "example.com" and returns a new set of NS records which host the ¡§example.com¡¨ zone.
  5. The resolver will then select a NS record and repeat the same query.
  6. The "example.com" DNS server which is hosting the zone will have the IP address configured for the zone as A record and will return the record as the final response.

DNS servers are usually deployed as a cluster of two or more servers. This is to ensure that there is at least one DNS server available so that the domain name resolution does not fail in case of any downtime on one or more servers. For each zone there is a master name server and zero or more secondary servers.

Each zone hosted on a DNS server is required to have a SOA (start of authority) record. This record contains details which are used to sync the DNS server cluster. The details include the address of the master name server, the responsible person¡¦s email address, a serial number and a few retry settings.

When any record in the zone is updated, the SOA record serial number is incremented. This serial number is used by secondary name servers to know that the zone is updated and that the changes must be synced using zone transfer mechanism. Once the zone transfer is complete, all the secondary name servers will have same copy of the records.

So, in short, NS records are used to redirect DNS resolver to the next DNS server that is hosting the next level zone. And, SOA record is used by cluster of DNS servers to sync latest changes from the master to secondary servers.




Share: