Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Name servers with invalid domain names

Author: Government Security Group

Name servers with invalid domain names

Impact: High
Common error ID: wxa-1007

What this means

A name server (NS) for the domain has an invalid name. This generally means there was a typo when the NS record was created. Name servers must use a valid domain that can only contain letters (a-z, A-Z), numbers (0-9), and hyphens (-).

Any other characters like spaces, underscores, or special symbols would make the domain name invalid. They cannot start or end with a hyphen, have consecutive hyphens, or exceed 63 characters per label (separated by dots).

Valid domains can also contain letters used in internationalised domain names (IDN), but these characters are not used in .uk. Nominet maintain a list of IDN characters for use in .cymru and .wales.

Why this is a problem

A name server with an invalid domain cannot be resolved and respond to queries. There is no risk of domain hijack, as the domain name is invalid and can’t be registered, but it could cause service issues, and is an indicator of poor domain hygiene.

How to check if the problem is still there

Review the NS records for the domain.

Example

dig ns example.gov.uk +short

ns1.example.com
ns2example

The second record above ns2example is invalid and will not work.

How to fix it

Correct or remove any invalid name server records from your DNS.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now