dnswatchdog.iodocs
Issues

Broken Delegation

The subdomain is delegated to nameservers that do not resolve.

Severity: Critical

What is DNS delegation?

DNS delegation is when a parent zone hands off responsibility for a subdomain to a different set of nameservers. For example, example.com might delegate api.example.com to a different DNS provider by creating NS records pointing to that provider's nameservers. This is common when different teams or services manage their own DNS.

What does this mean?

The NS records for this subdomain point to nameservers that do not respond to DNS queries. The delegation is broken — any DNS lookups for this subdomain (or anything under it) will fail. No records under this subdomain can be resolved.

Why this is a problem

  • All services under this subdomain are unreachable via DNS
  • It may indicate that a DNS provider account was cancelled without cleaning up the delegation
  • Broken delegations can sometimes be exploited for subdomain takeover if the nameserver names can be re-registered
  • It creates confusion for anyone trying to use or troubleshoot the subdomain

What you should do

  • If the subdomain is still needed, update the NS records to point to working nameservers
  • If the subdomain is no longer needed, remove the NS delegation records from the parent zone
  • Contact the DNS provider the delegation was pointing to and verify the account status

Dangling Subdomain

The subdomain points to a resource that no longer exists.

Delegated Subdomain

The subdomain is delegated to external nameservers.

On this page

What is DNS delegation?What does this mean?Why this is a problemWhat you should do