Introduction

A glue record mismatch happens when the parent zone sends visitors to a nameserver IP that no longer matches the server actually answering for that hostname. This usually shows up after moving DNS infrastructure, changing nameserver IPs, or rebuilding a self-hosted DNS cluster. The fix is to compare delegation data at the registrar with the live authoritative server configuration and update the layer that is still serving old IP information.

Symptoms

  • Some resolvers reach the domain while others time out or fail intermittently
  • DNS trace tools show the right nameserver hostname but the wrong IP address
  • The issue starts after migrating nameservers or replacing a DNS server
  • Parent zone responses do not match the IP shown in the authoritative DNS platform
  • Subdomains fail even though the zone file looks correct

Common Causes

  • The registrar still has an old host record for the child nameserver hostname
  • Nameserver IPs were changed on the DNS server but not at the registrar
  • One nameserver in the set was updated while another still points to an old address
  • Cached delegation data is masking a recent but incomplete change
  • The domain uses in-bailiwick nameservers that require glue records, but only the zone file was updated

Step-by-Step Fix

  1. Identify the exact nameserver hostnames and IP addresses the parent zone is returning for the affected domain.
  2. Compare those IPs with the actual addresses configured on the authoritative nameservers now in service.
  3. Log in to the registrar and review the registered host records or child nameserver settings, not just the visible nameserver names.
  4. Update any outdated glue record IPs so the registrar delegation matches the current DNS infrastructure.
  5. Confirm that every listed nameserver hostname resolves to the intended address and that no stale secondary node remains in the delegation set.
  6. Re-run a delegation trace from multiple public resolvers to verify the parent zone now returns the corrected glue data.
  7. Wait for resolver caches to expire before judging the change too early, especially if the previous IPs had long TTL values.
  8. Retest both the apex domain and important subdomains so you know the corrected delegation works across the full zone.
  9. Record the dependency between registrar host records and DNS server IP changes so future migrations do not leave delegation half-updated.