Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Inconsistent name server records

Author: Government Digital Service

Inconsistent name server records

What this means

Inconsistent Name Server (NS) records can occur in 2 situations:

  1. The NS records listed at the parent name servers do not match those listed at the authoritative name servers.
  2. Different name servers provide different NS records for the same domain.

There are several issue types for this category including:

  • name server in referrals but not in NS records
  • name server in NS records but not in referrals
  • some name servers are listed by authoritative servers but not by parent ones
  • some name servers are not listed by authoritative name servers
  • NS records are different on different name servers

Why this is a problem

Inconsistent NS records can lead to several critical issues including:

  • resolution failures – DNS queries may fail if the name servers do not provide consistent information, leading to the domain being unreachable
  • intermittent connectivity – users may experience intermittent access to the domain, depending on which name server responds to their query
  • reduced performance – inoperative name servers can cause a delay in DNS resolution
  • security risks – inconsistent records can be exploited by attackers to perform DNS spoofing or hijacking
  • SEO impact – search engines may penalise domains with inconsistent DNS configurations, affecting their search rankings

How to check if the problem is there

Compare the NS records for each name server in the authoritative and delegation records.

Use dig to look up the records in each case.

Use the +trace option to see the chain of name servers supporting the domain.

Example

dig ns example.gov.uk +trace

. f.root-servers.net.
. a.root-servers.net.
. g.root-servers.net.
. e.root-servers.net.

uk. dns1.nic.uk
uk. dns2.nic.uk
uk. dns3.nic.uk
uk. dns4.nic.uk
uk. nsa.nic.uk
uk. nsb.nic.uk
uk. nsc.nic.uk
uk. nsd.nic.uk

gov.uk. dns1.nic.uk
gov.uk. dns2.nic.uk
gov.uk. dns3.nic.uk
gov.uk. dns4.nic.uk
gov.uk. nsa.nic.uk
gov.uk. nsb.nic.uk
gov.uk. nsc.nic.uk
gov.uk. nsd.nic.uk

example.gov.uk. ns1.example.com
example.gov.uk. ns2.example.com

example.gov.uk. ns1.example.com
example.gov.uk. ns2.example.com

The last two sections show the delegation records – the name server records that exist in the parent zone – and the authoritative records. These should be the same, but can be different if this issue type is present.

Compare the results to ensure consistency. You can also use a DNS propagation tool like the DNS Checker to see if there are different cached results in different places.

Next is check each individual server to see if it contains the same NS records as the others:

dig ns example.gov.uk @ns1.example.com +short

ns1.example.com
ns2.example.com

dig ns example.gov.uk @ns2.example.com +short

ns1.example.com
ns2.example.com

How to fix this

Synchronise NS records

Make sure that the NS records at the parent name servers match those at the authoritative name servers. Update the records at both the registrar and the hosting provider to ensure consistency.

Remove inconsistent entries

Remove any name servers that are listed in one place but not the other. Ensure that all listed name servers are valid and correctly configured. Make sure name servers are syncing properly.

Regular audits

Regularly audit your DNS configuration to ensure that all NS records are consistent and up-to-date.

By making sure that NS records are consistent across all name servers, you can improve the reliability, security, and performance of your domain’s DNS resolution.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now