dnswatchdog.iodocs
Issues

Delegated Subdomain

The subdomain is delegated to external nameservers.

Severity: Warning

What does this mean?

This subdomain has NS records that delegate DNS authority to external nameservers — meaning a different DNS provider or system is responsible for all records under this subdomain. The parent zone does not directly control what records exist under the delegated subdomain.

Why this is a problem

Delegated subdomains are not inherently bad — they are a normal part of DNS architecture. However, they require ongoing attention:

  • If the external nameservers become unavailable, the entire subdomain breaks
  • If the account with the external DNS provider is cancelled, the delegation becomes broken (and potentially exploitable)
  • Changes to the delegated subdomain are not visible from the parent zone, creating blind spots
  • The security posture of the delegated subdomain depends on the external provider's configuration

What you should do

  • Verify that the delegation is intentional and still needed
  • Confirm that the external nameservers are operational
  • Ensure the account with the external DNS provider is active and maintained
  • Document who is responsible for managing the delegated subdomain
  • If the delegation is no longer needed, remove the NS records and manage the subdomain directly

Broken Delegation

The subdomain is delegated to nameservers that do not resolve.

Broken DNS Redirect

The DNS redirect points to a target that is unreachable.

On this page

What does this mean?Why this is a problemWhat you should do