NS Record (Nameserver Record) (NS Record)

Security Glossary - DNS

Definition: NS records specify which nameservers are authoritative for a domain. They delegate DNS resolution to specific servers that hold the actual DNS records for the domain. Every domain must have at least two NS records for redundancy, and they are set at the domain registrar to delegate authority to your DNS provider.

Why NS Record Is Important

NS records are the foundation of DNS delegation. They determine which servers answer queries for your domain. If your NS records point to unreachable servers, your entire domain becomes unresolvable - no website, no email, no services.

Having at least two NS records on different networks is critical for redundancy. If one nameserver goes down, the other continues serving DNS queries. Major DNS providers like Cloudflare, Route 53, and Google Cloud DNS automatically provide multiple geographically distributed nameservers.

NS record changes take time to propagate because they are cached by upstream DNS resolvers and the parent zone (the TLD nameservers). When migrating DNS providers, you should set up all records at the new provider before changing NS records at the registrar. This prevents a period where the new nameservers are authoritative but missing records.

Checking Your Setup

A DNS health checker verifies your NS records are correctly configured and that all listed nameservers are responding. It checks that the NS records at the registrar match the NS records in your DNS zone, and that all nameservers return consistent responses.

Check DNS Health

Common Questions About NS Record

How many NS records should I have?
At minimum two, but three or four is better for redundancy. They should be on different networks so that a single network outage does not take down all nameservers. Most managed DNS providers give you four nameservers automatically.
Can I change my NS records without downtime?
Yes, if done carefully. First, set up all DNS records at the new provider. Then change the NS records at your registrar. Keep records at the old provider active until propagation completes (24-48 hours). Lower TTLs on your NS records before migration to speed propagation.
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.