What Is an NS Record

Learn how NS records delegate DNS authority to nameservers. Includes examples for the DNScale dashboard and API.

An NS (Name Server) record specifies which DNS servers are authoritative for a domain or subdomain. NS records are fundamental to how DNS delegation works, enabling the hierarchical structure of the Domain Name System.

How NS Records Work

NS records tell DNS resolvers which servers can answer queries for a domain:

example.com.    86400    NS    ns1.dnscale.eu.
example.com.    86400    NS    ns2.dnscale.eu.

When a resolver needs information about example.com, it asks the servers listed in the NS records.

Types of NS Records

Zone Apex NS Records

Every DNS zone must have NS records at the apex (root) pointing to its authoritative nameservers:

example.com.    86400    NS    ns1.dnscale.eu.
example.com.    86400    NS    ns2.dnscale.eu.

Subdomain Delegation

Delegate a subdomain to different nameservers:

; Main zone uses DNScale
example.com.         86400    NS    ns1.dnscale.eu.
example.com.         86400    NS    ns2.dnscale.eu.
 
; Subdomain delegated to different nameservers
dev.example.com.     86400    NS    ns1.devteam.example.
dev.example.com.     86400    NS    ns2.devteam.example.

Common Use Cases

Standard Zone Configuration

example.com.    86400    NS    ns1.dnscale.eu.
example.com.    86400    NS    ns2.dnscale.eu.

Subdomain Delegation to Different Provider

Delegate a subdomain to AWS Route 53:

aws.example.com.    3600    NS    ns-123.awsdns-12.com.
aws.example.com.    3600    NS    ns-456.awsdns-34.net.
aws.example.com.    3600    NS    ns-789.awsdns-56.org.
aws.example.com.    3600    NS    ns-012.awsdns-78.co.uk.

Internal Subdomain Delegation

Delegate internal domains to corporate nameservers:

internal.example.com.    3600    NS    dns1.corp.example.com.
internal.example.com.    3600    NS    dns2.corp.example.com.

Record Format

Field	Description	Example
Name	Domain or subdomain	`@` (apex), `subdomain`
Type	Record type	`NS`
Content	Nameserver hostname	`ns1.dnscale.eu.`
TTL	Time to live (seconds)	`86400`

Adding an NS Record

Using the Dashboard

Navigate to your zone in the DNScale dashboard
Click Add Record
Configure the record:
- Name: Enter subdomain name or @ for apex
- Type: Select NS
- Value: Enter the nameserver hostname
- TTL: Set the cache duration (default: 86400 for NS)
Click Create Record

Using the API

Create an NS record for subdomain delegation:

curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "subdomain",
    "type": "NS",
    "content": "ns1.other-provider.com",
    "ttl": 86400
  }'

Delegate a subdomain to multiple nameservers:

# First nameserver
curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "aws",
    "type": "NS",
    "content": "ns-123.awsdns-12.com",
    "ttl": 3600
  }'
 
# Second nameserver
curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "aws",
    "type": "NS",
    "content": "ns-456.awsdns-34.net",
    "ttl": 3600
  }'

API Response:

{
  "status": "success",
  "data": {
    "message": "Record created successfully",
    "record": {
      "id": "encoded-record-id",
      "name": "subdomain.example.com.",
      "type": "NS",
      "content": "ns1.other-provider.com.",
      "ttl": 86400,
      "disabled": false
    }
  }
}

Glue Records

When a nameserver is within the zone it serves, you need glue records (A/AAAA records for the nameserver):

example.com.        86400    NS      ns1.example.com.
example.com.        86400    NS      ns2.example.com.
ns1.example.com.    86400    A       192.0.2.1
ns2.example.com.    86400    A       192.0.2.2

Without glue records, DNS resolution would create a circular dependency.

Best Practices

Always have multiple NS records - At least 2 nameservers for redundancy, ideally on different networks
Use long TTLs - NS records should have long TTLs (86400 seconds = 24 hours) since they change rarely
NS targets must not be CNAMEs - Nameservers must resolve directly via A/AAAA records
Keep parent and child zones in sync - NS records at the registrar must match your zone's NS records
Geographic diversity - Use nameservers in different locations for resilience
Don't modify apex NS without care - Changing apex NS records incorrectly can break your entire domain

NS Records vs Registrar Nameservers

Setting	Purpose	Where to Configure
Registrar NS	Tell the TLD where to find your domain	Domain registrar
Zone NS	Declare authoritative servers within the zone	DNS provider (DNScale)

Both must match for proper DNS resolution.

Testing NS Records

Verify your NS records with dig:

# Query NS records
dig NS example.com
 
# Check authoritative response
dig NS example.com @ns1.dnscale.eu
 
# Verify subdomain delegation
dig NS subdomain.example.com +trace

A - IP address for glue records
AAAA - IPv6 address for glue records
SOA - Start of Authority (zone metadata)
System Records - Why apex NS records are protected from modification

Conclusion

NS records are the backbone of DNS delegation, determining which servers are authoritative for your domains and subdomains. While apex NS records are typically managed automatically by DNScale, understanding NS records is essential when delegating subdomains or integrating with multiple DNS providers. DNScale makes subdomain delegation straightforward through its intuitive interface and API.