1. DNS/ManagedDNS/NS1


Preventing lame delegation hijacking


When you set the TLD delegation for a zone to NS1 and that zone is not managed by NS1, this is known as lame delegation.

Lame delegation can occur regardless of whether you have ever configured your domain on NS1.

Lame delegated domains are often vulnerable to hijacking if you do not update the TLD delegation to point to the correct provider.

These hijacked domains can be used for any purpose while still appearing to be owned and controlled by their registrants.

1.1. controls

NS1 has controls in place to prevent lame delegation hijacking.

To enhance zone ownership security in the Managed DNS platform, NS1 puts a hold (creates this zone in an internal account) on zones delegated to NS1 name servers but that did not previously exist in the platform.

This hold prevents any hijacking of these zones by malicious actors between the delegation and zone creation steps.

NS1 recommends that you create zones within the platform before you delegate them to avoid risk and to prevent zone collision interruptions.

As a best practice, you should always ensure that your TLD delegations are current and that they point to the correct provider.


NS1’s controls can make it appear as though a zone already exists on NS1’s platform, creating a “zone collision.” To fix this issue, contact NS1 support to investigate and free up the zone for creation in your account.

Moin2Qmail: DNS/ManagedDNS/NS1 (last edited 2021-07-25 05:27:21 by ToshinoriMaeno)