Networking - DNS - Stealth Nameservers

Stealth Nameservers (or hidden nameservers) are mismatched/conflicting nameservers which exist at root level against of nameservers in the domain.

To illustrate this, when the parent servers are asked about a domain for NS records at root level they provide:

ns0.domain.com
ns2.domain.com
ns3.domain.com

but when the nameservers of the domain are queried for the NS records, they are not the same for example

ns0.domain.com
ns2.domain.com
ns.example-dns.net

ns.example-dns.net and ns3.domain.com are both hidden and known as 'stealth nameservers'. Although there is nothing wrong in it, it is advisable not to have any stealth nameservers both at root level and in your dns server.

You can use the dig command to lookup NS records at root server level.

dig +trace @K.root-servers.net example.com NS

and to ask one of the nameservers of the domain.

dig @ns0.domain.com example.com NS

Look for any NS mismatch between the two queries. If there is a nameserver missing at root level, add the missing nameserver to your domain registrar. If the nameserver missing at domain level, add the nameserver to the zone file of the domain and update all your secondary nameservers.