I'm trying to understand DNS a bit better, but I still don't get A and NS records completely.
As far as I understood, the A record tells which IP-address belongs to a (sub) domain, so far it was still clear to me. But as I understood, the NS record tells which nameserver points belongs to a (sub) domain, and that nameserver should tell which IP-address belongs to a (sub) domain. But that was already specified in the A record in the same DNS file. So can someone explain to me what the NS records and nameservers exactly do, because probably I understood something wrong.
edit: As I understand you correctly, a NS record tells you were to find the DNS server with the A record for a certain domain, and the A record tells you which ip-address belongs to a domain. But what is the use of putting an A and an NS record in the same DNS file? If there is already an A record for a certain domain, then why do you need to point to another DNS server, which would probably give you the same information?
Some examples out of the fictitious
foo.com
zone fileA Record = "The host called
foo.com
lives at address 192.168.100.1"NS Record = "If you want to know about hosts in the
foo.com
zone, ask the name server ns1.bar.com"This is an old question, but I think the other answers aren't really touching on the source of the confusion.
NS
records at the apex follow a different set of rules thanNS
records beneath the apex.NS
records at the apex do not define a referral. Instead, they provide the authoritative definition for thoseNS
records.NS
records beneath the apex do define a referral. ThisNS
record is not considered authoritative, and neither is anA
record sharing the same name.From those rules, we can derive two different behaviors for what happens when an
A
record exists on a DNS server with the same name:NS
record does not define a referral, other data can exist alongside of it in the same zone. Since the server considers itself authoritative for both theNS
record and theA
record, there is no conflict. This is why other data commonly lives alongside theNS
records at the apex of a zone.NS
record does define a referral, then theA
record is effectively "masked" by a zone cut. ThisA
record is not authoritative, and must not show up in the answer section of an authoritative response. It can potentially be used as glue data which shows up in the additional section of the referral, but that's it.Confusing? Yeah, it is. Drop a note in the comments if you have trouble following this and I'll see what I can do.
an A record maps a name to an IP address. e.g.
states that binary.example.com. resolves to 192.168.1.42
an NS record maps a name to another nameserver, i.e. another DNS server that serves that domain. i.e. "I've no idea of the IP address of this name, but if you go ask that nameserver over there, it might know"
If you ask a DNS server that has the above 2 records for binary.example.com. (or www.binary.example.com. or foo.bar.binary.example.com). it'll tell you that you'll have to go ask 192.168.1.2 to translate those names (well, or the dns server could do that for you, or it could have the resolved names cached and return them to you.)
It is important to have both NS and A record in zone if you need to delegate sub-zone to different DNS server.
E.g. we have dns server ns1.bar.com authoritative for zone bar.com. And we need to delegate foo.bar.com to ns1.foo.bar.com. So we need to create zone foo.bar.com and put there this records:
If we won't have A record delegation won't work. Such record pairs are called glue records.
Glue records is only way for DNS system to find the exact IP of authoritative DNS server for non-root zone. If you check any domain for NS record using
dig
or see traffic dump with wireshark you'll see that there's 'additional' section in answer.when doing recursive request, e.g. www.foo.bar.com your dns client will ask for DNS authoritative for foo.bar.com zone and get answer ns1.foo.bar.com.
To go further it needs to send A request for ns1.foo.bar.com, which is served by... ns1.foo.bar.com. To break out loop, delegating DNS server should add this additional section, with A record.
Server ns1.foo.bar.com should have the same records in its zone, so it can be authoritative for foo.bar.com zone.
The NS records specify the servers which are providing DNS services for that domain name.
The A records point host names (such as www, ftp, mail) to one or more IP addresses.
NS records exist SOLELY for the purpose of defining WHICH NAMESERVERS are responsible for a particular domain.
An A record exists to "ADDRESS" a particular machine, or service.
Examples for you:
In your DNS Control Panel, you'll see some NS records, these are your NAMESERVERS, or primary machine responsible for telling the internet where stuff on your domain resides.
NS1.CP.COM NS2.CP.COM
Also inside of your DNS Panel, you'll have a domain that you own (ie. -mikesfunhouse.com) that you need to have some services, like a website on.
So what you'll do is have a Primary A record, pointing "mikesfunhouse.com" to "76.19.87.956" (obviously fake IP).
Then you'll make another record, a www record, which will redirect the subdomain "www." portion to your primary site.
In short, you use A records to convert a namespace to an IP address.
The nameserver record tells the Internet which DNS server holds the A records, so to look up an A record for a subdomain it's roughly the following process:
Lookup the nameservers for the domain -> Query the nameserver for the subdomain's A Record