Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Name servers that do not provide A record for target domain name

Author: Government Security Group

Name servers that do not provide A record for target domain name

Impact: High
Common error ID: wxa-1004

What this means

The domain has a name server (NS) record with no A record, and therefore no IP address to find the server.

A working name server should have both an A record and a AAAA record, although it is possible for them to function with only one of these to a limited extent.

Why this is a problem

Without an A record the name server will not resolve queries for any records for the domain, and services hosted on that domain will fail.

In most cases a domain will have more than one name server, so as long as other name servers have an A record and are responding to queries there should be little impact.

Additionally, if the name server has a working AAAA record, any queries made over IPv6 will still resolve.

How to check if the problem is still there

Use dig to look up the NS records and check the A records of those name servers to see if they are still present.

Example

dig ns example.gov.uk +short

ns1.example.com
ns2.example.com

then

dig a ns1.example.com +short

192.168.0.1

If the A record provides an IP address this issue has been resolved. If it does not, or you see an ‘NXDOMAIN’ error the problem remains.

How to fix it

Add an A record for the name server(s).

Check the host name in the NS record is correct. It could be there is a typo in the host name which results in a missing A record.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now