← DNS ServersServer Type

TLD Nameservers

The second tier of DNS delegation. TLD nameservers manage the namespace beneath each top-level domain — directing resolvers to the authoritative nameservers responsible for each registered domain within that TLD.

Overview

The Registry Tier

When a recursive resolver asks a root server about thedns.guru, the root server responds with a referral to the .guru TLD nameservers. These servers are operated by the registry — the organization that manages the entire .guru namespace.

TLD nameservers hold NS (delegation) records for every registered domain in that TLD. They know which authoritative nameservers are responsible for each domain, but — like root servers — they do not hold the final A, AAAA, MX, or TXT records for individual domains. They only point resolvers to the right authoritative nameserver.

A TLD typically runs multiple nameservers for redundancy. For example, the .com TLD is served by a.gtld-servers.net through m.gtld-servers.net — 13 servers operated by Verisign.

1,500+
TLDs in root zone
370M+
Registered domains
Registry vs. RegistrarA registry operates the TLD nameservers and maintains the authoritative database of domain registrations. A registrar is an accredited reseller that interacts with the registry via EPP to register domains on behalf of customers. ICANN accredits both.
Taxonomy

Types of Top-Level Domains

TLDs fall into several categories with different governance models

gTLD

Generic TLD

Open to any registrant worldwide. The original set (.com, .net, .org, .edu, .gov, .mil) was defined in RFC 920 in 1984. Today there are over 1,200 gTLDs.

.com.net.org.info.biz.name
ccTLD

Country-Code TLD

Two-letter codes assigned to each country or territory per ISO 3166-1. Managed by the country's designated registry, which sets its own registration policies.

.us.uk.de.jp.au.br
New gTLD

New Generic TLD

ICANN's New gTLD Program (launched 2012) opened the namespace to custom extensions. Over 1,200 new gTLDs were delegated, including brand, city, and industry TLDs.

.guru.app.dev.london.bank.amazon
sTLD

Sponsored TLD

Restricted to communities or organizations meeting specific eligibility criteria. Governed by a sponsoring organization that establishes registration policies.

.edu.gov.mil.aero.coop.museum
Operators

Major Registry Operators

Who operates the nameservers for the most popular TLDs

TLD(s)Registry OperatorNameserversNotes
.com, .netVerisigna–m.gtld-servers.netLargest registry by volume. ~160M+ .com domains. DNSSEC signed.
.orgPublic Interest Registry (PIR)a0–b2.org.afilias-nst.orgNon-profit steward of .org since 2003. Acquired by Ethos Capital deal blocked by ICANN 2020.
.ukNominetnsa–nsd.nic.ukUK ccTLD. Also operates .co.uk second-level registrations directly.
.deDENICa.nic.de – f.nic.deGerman ccTLD registry, member-owned cooperative. Largest ccTLD by volume.
.guru, .app, .devIdentity Digital (formerly Donuts)Various nic.tld serversLargest new gTLD operator with 300+ TLDs in portfolio.
.ioNIC.IO / AfiliasVariousccTLD for British Indian Ocean Territory; popular with tech startups. Transfer to IANA pending.
How It Works

Domain Registration & TLD Delegation

What happens when you register a domain — from purchase to DNS delegation

Registrant selects a domain

A user searches for "thedns.guru" at a registrar (e.g., Namecheap, GoDaddy). The registrar checks real-time availability via the registry's EPP (Extensible Provisioning Protocol) interface.

Registrar submits to Registry via EPP

On purchase, the registrar sends a signed EPP <domain:create> command to the .guru registry (operated by Donuts / Identity Digital). The registry creates the domain object in its database.

Registry updates TLD zone

The registry adds NS glue records for the domain to the .guru zone file. Zone changes propagate to TLD nameservers typically within minutes. The TLD zone SOA serial is incremented.

TLD nameservers serve the delegation

Now, when any recursive resolver queries the .guru TLD nameservers for "thedns.guru NS", they receive the authoritative nameserver records for that domain — completing the delegation chain.

Root zone updated (if needed)

The root zone already has the .guru TLD delegation (added when .guru was first delegated in 2014). No root zone change is needed for individual domain registrations — only new TLD delegations require root zone updates.

Technical Detail

Glue Records — Breaking the Chicken-and-Egg Problem

How TLD nameservers resolve in-bailiwick nameserver addresses

A "glue record" is an A or AAAA record included in the additional section of a TLD's referral response when the authoritative nameserver is itself within the delegated zone.

The problem: If your domain is example.com and your nameservers are ns1.example.com, a resolver cannot look up ns1.example.com's IP without first talking to example.com's nameserver — a circular dependency.

The solution: When you register these nameservers, your registrar also submits their IP addresses ("glue") to the TLD registry. The .com TLD nameservers then include these A records in referral responses, giving resolvers the IP without needing an extra lookup.

; What .com TLD servers return for "example.com" ;; AUTHORITY SECTION: example.com. 172800 IN NS ns1.example.com. example.com. 172800 IN NS ns2.example.com. ;; ADDITIONAL SECTION (Glue Records): ns1.example.com. 172800 IN A 203.0.113.10 ns2.example.com. 172800 IN A 203.0.113.11 ; These A records are "glue" — provided by ; the TLD nameserver to break the circular ; dependency of resolving in-bailiwick NSes.
Out-of-bailiwick NSes don't need glueIf your nameservers are ns1.cloudflare.com, the .com TLD doesn't need to provide glue — the resolver can look up cloudflare.com independently.
Diagnostics

Querying TLD Nameservers

Find TLD nameservers

# Who serves the .guru TLD? dig guru NS @198.41.0.4 # Ask a .guru TLD NS about thedns.guru dig thedns.guru NS @a0.nic.guru

Find .com TLD servers

# The 13 .com TLD nameservers dig com NS @198.41.0.4 # Query a .com TLD NS directly dig example.com NS @a.gtld-servers.net

Check glue records

# Show additional (glue) section dig thedns.guru NS @a.gtld-servers.net \ +additional # Trace to see each referral step dig thedns.guru A +trace

WHOIS / RDAP lookup

# WHOIS query (registrar data) whois thedns.guru # RDAP (modern replacement for WHOIS) curl https://rdap.org/domain/thedns.guru \ | jq .nameservers

Related Topics

Root Nameserver

Root servers delegate to TLD nameservers by returning NS records for each TLD zone.

Authoritative Nameserver

TLD nameservers hold the NS glue records that point to each domain's authoritative nameservers.

Recursive Resolver

Recursive resolvers query TLD nameservers during iterative resolution after the root referral.