Norid, the .NO registry, requires that name servers are properly preconfigured before delegating the domain. This rule applies to both domain registration and modification of name servers.
If name servers are not preconfigured, registration and modifications will fail.
Norid provides a web-based tool to check the DNS setup for a domain. The test shows whether there are setup errors for one or more name servers:
https://dnscheck.norid.no/main
Once you activate the Advanced button, you can enter the name servers for the test, as shown in the picture below:
Technical name server requirements
The following requirements apply to domains to be registered by Norid:
-
At least two separate name servers
Every domain must be served by at least two separate name servers, which run on physically separate machines. -
Consistency between data in the domain name application and response from name servers
The response from the name servers specified for a domain must include the same name servers as those specified in the application. Note that both the names and the number of name servers must be the same. -
Authoritative name servers
All the name servers specified for a domain must respond authoritatively for the domain. -
Accessible name servers
Name servers must be permanently connected to the Internet, and must have a permanently assigned (fixed) IPv4 address. The name servers may also have an IPv6 address, and this too must be permanently assigned as required for the IPv4 address. The name servers must be connected to a stable and reliable infrastructure. -
Correct email information in the SOA (Start Of Authority) record
The SOA record for a domain must include a functioning email address for the administrator responsible for the operation of the name server. -
Consistent serial number in the SOA record
The serial number in the SOA record must be the same for all the specified name servers. -
Canonical name on the right-hand side in NS and MX records
On the right-hand side in an NS record the canonical name must always be used, and not an alias (CNAME). -
No IDN domain names in the host address
Host addresses that includes national characters (IDN-names) or their corresponding ACE version may not be registered in Norid's database. -
DNSSEC
Securing a domain name with DNSSEC is voluntary. For DNSSEC-secured domains, the following applies:- The DS records registered with Norid must refer to one or more DNSKEY records in the delegated zone.
- At least one of the signatures over the DNSKEY records must be generated using an algorithm that is supported by Norid.
Norid must be able to validate the correctness of the SOA and NS-records in the zone, using at least one of the DS-/DNSKEY-pairs.