The point of an NS record is to tell client which name server will know for sure the actual IP address for a domain name. So for instance, the following query tells you that if you want to get an authoritative answer about facebook.com
you must ask a.ns.facebook.com
:
> dig ns facebook.com 19:58:27
; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> ns facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32063
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;facebook.com. IN NS
;; ANSWER SECTION:
facebook.com. 65000 IN NS a.ns.facebook.com.
facebook.com. 65000 IN NS b.ns.facebook.com.
;; Query time: 13 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Mar 20 19:58:40 CET 2016
;; MSG SIZE rcvd: 65
This seems cool and useful but I'm wondering why the ANSWER
section contains the hostname and not IP of the authoritative source? Wouldn't it be easier for the client to get the actual IP address of the authoritative source and not the hostname?
I mean if it gets the hostname it will have to make another query to resolve this hostname into an IP and then ask this new IP about the initial facebook.com
domain it was looking for. Isn't this inefficient?
I'd be interested in answer that points me to some paragraphs in some RFC that explains this problem.