Nameservers
free/v1/dns/nsRetrieves nameserver records, identifies the DNS hosting provider, and verifies that each delegation is actually authoritative. For every NS, sends a direct DNS query to the nameserver IP (per `dig +norec @ns.example.com SOA`), reads the AA flag, and reports whether the NS responds authoritatively for the zone — the gold-standard test for lame delegation that DoH-only tools cannot perform. Detects in-bailiwick NS hostnames and flags missing parent-zone glue. Aggregates IPv4 / IPv6 reachability per RFC 3901.
What It Does
Queries NS records for a domain, resolves each nameserver to A and AAAA, identifies the DNS provider against 33+ known patterns (Cloudflare, Route 53, Google Cloud DNS, Namecheap, GoDaddy, etc.), and probes each nameserver IP directly with a non-recursive SOA query to verify the AA (Authoritative Answer) flag is set. Detects two flavors of lame delegation: (1) NS hostname has no A or AAAA at all, and (2) NS resolves but does not respond authoritatively (i.e., the NS is no longer hosting the zone). Detects in-bailiwick nameservers that require parent-zone glue and flags missing-glue cases. Aggregates `authoritative_count`, `lame_count`, `has_ipv4`, `has_ipv6`, and `ipv6_reachable` (RFC 3901).
Why It's Useful
Lame delegation is one of the most-asked-about DNS health checks because the consequences are severe and the symptom — "domain works on origin DNS but won't resolve from new resolvers" — is hard to diagnose. Sending a direct AA-flag query is the canonical test, and most DNS tooling skips it because it requires raw DNS sockets. Glue-record detection catches the same class of registrar-side misconfiguration. IPv6 reachability is increasingly required by US federal IPv6 mandates (EO 14028) and EU public-sector procurement.
Use Cases
Competitive Infrastructure Analysis
Analyze which DNS providers competitors use to understand their infrastructure choices, detect lame delegations, and assess DNS resilience.
Inform architecture decisions based on industry patterns and competitor choices.
DNS Migration Planning
Document current nameserver configuration before migrating DNS to a new provider.
Ensure complete DNS migration with no orphaned records or misconfigurations.
Vendor Assessment
Evaluate third-party vendor DNS infrastructure as part of security due diligence.
Identify vendors using consumer-grade DNS that may lack enterprise security features.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to query nameservers forExample: example.com |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
nameservers | array | Per-NS detail: host, ips[], has_ipv4, has_ipv6, ttl, is_authoritative (AA flag from direct probe), authority_check_status, authority_check_error, is_in_bailiwick, needs_glue, has_glue |
provider | object | Detected DNS provider name, vendor, is_premium, features, and confidence |
count | number | Number of nameservers configured |
has_ipv4 | boolean | At least one NS resolves over IPv4 |
has_ipv6 | boolean | At least one NS resolves over IPv6 (RFC 3901) |
ipv6_reachable | boolean | Convenience alias for has_ipv6 — surfaces IPv6 readiness for federal / public-sector procurement audits |
authoritative_count | number | Number of nameservers that returned AA=1 to a direct SOA probe |
lame_count | number | Number of nameservers that are lame (no IPs, OR resolve but do not respond authoritatively) |
recommendations | array | Findings: NS<2 (RFC 1034), per-NS lame delegation (with cause), missing in-bailiwick glue, missing IPv6 reachability |
Code Examples
curl "https://api.edgedns.dev/v1/dns/ns" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/dns/ns?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/dns/ns',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full Nameservers guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.