How do I know if my domain name has a dangling DNS record?

If we detect a vulnerability, you’ll receive an email with an explanation and instructions. You can also check your nameserver settings yourself via your registrar or hosting provider.

What’s the difference between a nameserver and a domain name?

A domain name is the address of your website (e.g. example.be). A nameserver is like a directory that tells where the domain should point. If the nameserver points to a domain that no longer exists, it creates a risk.

Can my domain name really be taken over?

Yes — indirectly. If a malicious party gains control over a nameserver linked to your domain, they can redirect traffic or even intercept emails. The functions of your domain can be hijacked.

My domain name isn’t actively used. Do I still need to do something?

Yes. Even if your domain isn’t actively used, outdated DNS settings can still pose a risk. Ask your registrar to remove the nameserver settings.

What if I plan to cancel my domain name soon?

Don’t just let your domain expire. Follow our tips to retire your domain name safely.

What does DNS Belgium do?

We manage all .be domain names and regularly check for vulnerabilities. We inform you and your registrar, but the actual changes must be made through your hosting provider or registrar.

What will happen from August 2025?

Starting at the end of August, we may bring more public attention to this issue via our website and the media. We’re giving you the opportunity to act before this information becomes public.

What are dangling DNS records?

Ghost DNS records or “dangling DNS records”?

A ghost DNS record is a technical issue where a nameserver points to a domain that is no longer registered. This may sound abstract, but it can have serious consequences for the security of your domain name.

The DNS settings may appear to be working, but in reality, they point to domains (nameserver records) that no longer exist. This poses a risk because someone else could register those domains and gain control over your domain name. Technically, this is known as a ‘dangling DNS record’.

Technical insight

In the domain name system, name server records delegate responsibility for a domain or subdomain to a specific name server. These records are typically found in the DNS zone file and follow a format like: dnsbelgium.be IN NS ns1.notregistered83u48.net. This line tells resolvers that DNS queries for dnsbelgium.be should be sent to ns1.notregistered83u48.net.

If notregistered83u48.net is not registered, this creates a security risk. An attacker could register notregistered83u48.net and configure ns1.notregistered83u48.net to point to their own infrastructure. As a result, they can potentially intercept, modify or spoof DNS responses for dnsbelgium.be.

What can go wrong?

If someone gains control over a nameserver linked to your domain name, they could:

Redirect traffic to a fake website
Spread phishing or malware via your domain
Intercept emails sent to your domain
Damage your or your organisation’s reputation

It’s like placing a signpost to a location, but someone else takes over the destination and turns it into something dangerous — without you noticing.

How do dangling DNS records arise?

They often occur when:

A nameserver record points to a domain that has since expired. If this domain is re-registered by a third party, they could potentially gain control over your (sub)domain name.
A domain name is no longer actively used, yet still has nameservers associated with it.
When a domain name is cancelled, no thorough removal of all references to the cancelled domain is effectuated.

💡 Our advice: do not link nameservers to a domain name that you do not actively manage or use.

How can you prevent dangling DNS records?

Depending on your situation, there are two possible actions:

You still actively use your domain name
Contact your hosting provider or registrar and ask for secure and up-to-date nameserver settings. This ensures your domain name remains correctly and safely connected to your website or email.
You no longer actively use your domain name
Ask to have the current nameserver settings removed. You keep ownership of the domain name but eliminate the risk of misuse.
On our website, you’ll also find tips on how to safely retire a domain name.

Frequently asked questions

: If we detect a vulnerability, you’ll receive an email with an explanation and instructions. You can also check your nameserver settings yourself via your registrar or hosting provider.
: A domain name is the address of your website (e.g. example.be). A nameserver is like a directory that tells where the domain should point. If the nameserver points to a domain that no longer exists, it creates a risk.
: Yes — indirectly. If a malicious party gains control over a nameserver linked to your domain, they can redirect traffic or even intercept emails. The functions of your domain can be hijacked.
: Yes. Even if your domain isn’t actively used, outdated DNS settings can still pose a risk. Ask your registrar to remove the nameserver settings.
: Don’t just let your domain expire. Follow our tips to retire your domain name safely.
: We manage all .be domain names and regularly check for vulnerabilities. We inform you and your registrar, but the actual changes must be made through your hosting provider or registrar.
: Starting at the end of August, we may bring more public attention to this issue via our website and the media. We’re giving you the opportunity to act before this information becomes public.

Still have questions? Our support team is here to help: support@dnsbelgium.be

Understanding the Domain Name System and DNS records

The Domain Name System (DNS) is a crucial component of the internet. It ensures that to visit a website we don't need to remember the complicated IP address.

Read more