How to Check DNS Delegation Correctly

DNS delegation is the handoff from a parent zone to the authoritative nameservers for a child zone. In practice, that usually means the registry or parent zone publishes NS records that tell resolvers which nameservers are authoritative for the domain.

Delegation problems happen when the parent and child disagree, when glue is missing, or when the listed nameservers do not answer consistently.

• Parent-zone NS records for the domain
• Child-zone NS records returned by the authoritative servers
• SOA responses from each authoritative nameserver
• Glue records for in-bailiwick nameservers
• Whether every listed nameserver is reachable and authoritative

A healthy delegation is not just about the right server names appearing in DNS. It also requires those servers to respond correctly and consistently.

• Parent NS records do not match the child zone's NS records
• An old nameserver was removed in one place but not the other
• Glue records are missing or point to the wrong address
• One authoritative server is serving a stale zone with an older SOA serial
• A listed nameserver does not answer authoritatively for the zone

Start with the parent view of the zone, then query each authoritative nameserver directly. Compare the NS set and SOA serial from each one. If the nameservers are in-bailiwick, also confirm that the necessary glue addresses exist and resolve correctly.

If a domain behaves inconsistently across resolvers, delegation mismatches and stale nameservers are strong suspects.

This is one reason delegation bugs are so frustrating: the zone can look fine from one path and broken from another, depending on which nameserver or cache a resolver encounters first.

• Matching parent and child data usually indicates the delegation itself is sound
• NS mismatches suggest registrar or zone configuration drift
• SOA serial mismatches often indicate one server has not been updated
• Missing glue can break resolution for in-bailiwick nameservers
• Unreachable or lame nameservers can cause intermittent failures and slow lookups

A delegation check is especially important after registrar changes, DNS provider migrations, or nameserver replacements. Those are the moments when parent and child data are most likely to drift apart.

• Delegation Checker
• Glue Record Checker
• What Are Glue Records?