Nameservers: a beginner's guide

An NS record ("Name Server" record) is a special type of DNS entry that tells the rest of the internet which servers are authoritative for answering questions about a particular domain. NS records sit at the very top of the DNS chain. When a resolver wants to know anything about `example.com` — its A record, its MX records, its TXT records, anything — the first thing it asks is, "who is in charge of `example.com`?" The answer is a list of NS records, and from then on the resolver only asks those servers. The NS records are the upstream switch that controls every single piece of DNS for the domain.

You should care because changing NS records is the single most consequential thing you can do to a domain, and it is also the easiest thing to break by accident. When you transfer a domain between registrars, when you switch DNS providers (from GoDaddy to Cloudflare, say), when you inherit a domain from a former employee who left without proper documentation — all of these involve NS records, and any mistake breaks the entire domain at once. There is no "only the website is broken" or "only the email is broken" — it is everything, immediately.

The five things every NS record check looks at:

• Which nameservers are listed? This is how you tell at a glance whether a domain is on Cloudflare, Route 53, Google Cloud DNS, GoDaddy, Namecheap, or somewhere else.

• Are the listed nameservers actually responding? A nameserver that exists in the NS record but doesn't answer queries is the same as no nameserver at all.

• Are all the listed nameservers in agreement? If two nameservers return different answers for the same query, you have an inconsistency that will manifest as random intermittent failures.

• Is the parent zone in sync? The NS records exist in two places — at the registrar (the "parent") and at the authoritative nameservers themselves (the "child"). They should match. Mismatches are called lame delegations and cause subtle problems.

• Are glue records correct? When a nameserver hostname is itself inside the domain it serves (`ns1.example.com` serves `example.com`), the registrar needs a glue record with the IP address. Without it, you have a chicken-and-egg problem.

Three questions an NS record check answers:

• Which DNS provider is currently authoritative for this domain?

• Did the recent registrar transfer or DNS provider migration complete cleanly, with no lame delegations?

• Are all the listed nameservers actually responding, and are they all giving the same answers?

The cost of broken NS records is total domain failure — every aspect of the domain (web, email, certificates, subdomains) stops working until the issue is fixed. The fix is sometimes hours of registrar-support back-and-forth. The prevention is checking NS records every time you make a registrar or DNS-provider change, and on a recurring schedule for any domain you actually care about. NS records and the broader domain delegation system are documented in RFC 1034 and RFC 7344.

In one sentence: List nameservers and detect [DNS (Domain Name System)](/guides/dns-lookup) provider

Retrieves nameserver records and identifies the DNS (Domain Name System) hosting provider. Returns nameserver hostnames, IP (Internet Protocol address) addresses, and provider detection for major DNS services.

Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.

Here's what's actually happening behind the scenes when you call this endpoint:

Queries NS records for a domain, resolves nameserver IP (Internet Protocol address) addresses (both A and AAAA for IPv4/IPv6), and identifies the DNS (Domain Name System) provider by matching nameserver patterns against 33+ known providers including Cloudflare, AWS Route 53, Google Cloud DNS, Namecheap, GoDaddy, and others.

If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.

Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the Nameservers tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.

Essential for DNS (Domain Name System) migration planning, competitive infrastructure analysis, and identifying provider-specific performance or security characteristics. Understanding which DNS provider a domain uses reveals whether it has access to enterprise features like DDoS protection, DNSSEC (Domain Name System Security Extensions) automation, and anycast routing.

Picture this in real life. Imagine a solutions architect. Here's the situation they're walking into: Analyze which DNS (Domain Name System) providers competitors use to understand their infrastructure choices, detect lame delegations, and assess DNS resilience. Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the Nameservers tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.

Three questions this tool answers in plain English. If any of these have ever crossed your mind, the Nameservers tool is built for you:

• Is my domain pointing to the right place right now?

• Did the DNS change I just made actually take effect everywhere in the world?

• Is anything in my DNS misconfigured in a way that could break email or break the website?

You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.

Who gets the most out of this. Founders running their own infrastructure, marketers coordinating launches, IT admins inheriting domains from a former employee, and ops engineers troubleshooting live outages. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.

What happens if you skip this entirely. Skip it and you're flying blind on the one piece of config that decides whether your website and email work at all. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.

If you're still on the fence about whether the Nameservers tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a solutions architect, a devops engineer, and a security analyst — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.

Story 1: Competitive Infrastructure Analysis

Imagine you're a solutions architect. Analyze which DNS (Domain Name System) providers competitors use to understand their infrastructure choices, detect lame delegations, and assess DNS resilience.

Why it matters: Inform architecture decisions based on industry patterns and competitor choices.

Story 2: DNS Migration Planning

Imagine you're a devops engineer. Document current nameserver configuration before migrating DNS (Domain Name System) to a new provider.

Why it matters: Ensure complete DNS (Domain Name System) migration with no orphaned records or misconfigurations.

Story 3: Vendor Assessment

Imagine you're a security analyst. Evaluate third-party vendor DNS (Domain Name System) infrastructure as part of security due diligence.

Why it matters: Identify vendors using consumer-grade DNS (Domain Name System) that may lack enterprise security features.

Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the Nameservers tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:

• Right before launching a new website or migrating to a new host.

• After making any DNS change, to confirm the new settings are live everywhere.

• When customers report that your site or email "just stopped working" out of nowhere.

• As a recurring monthly health check to catch silent misconfigurations early.

If you can see yourself in even one of those bullets, the Nameservers tool will pay for itself the first time you use it.

Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the Nameservers tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.

If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:

"Use the Nameservers tool to check example.com and explain anything that looks wrong in plain language."

The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.

If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.

There's just one piece of information you need to provide. The table below explains exactly what it is and what a real value looks like.

When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.

These tools pair naturally with Nameservers. If you're already running this check, the related ones often answer the next question that comes up:

• DNS Lookup — Query any of 22 DNS record types or ALL at once with DNSSEC validation

• DNS Propagation — Check DNS consistency across resolvers

• DNS Provider — Identify DNS hosting provider

• Zone Transfer Check — Test for DNS zone transfer vulnerability

If you're using an AI assistant through MCP (Model Context Protocol), you can ask it to run several of these in one go: "Check Nameservers and the related tools for example.com and tell me what looks off."

If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.

DNS (Domain Name System) — The internet's address book. When you type a website name, DNS turns it into the actual numeric address computers use to find each other.

IP (Internet Protocol address) — A unique number that identifies a computer on the internet, like a phone number for a server.

DNSSEC (Domain Name System Security Extensions) — A way to digitally sign DNS records so attackers can't trick your computer into looking up the wrong server.

IPv4 (Internet Protocol version 4) — The original kind of internet address — four numbers separated by dots, like 203.0.113.10. The internet has run out of new ones, which is why IPv6 exists.

IPv6 (Internet Protocol version 6) — The newer, longer kind of internet address. Looks like 2001:0db8:85a3::8a2e:0370:7334. Designed because the world ran out of IPv4 addresses.