Overview 💥
When reviewing a Domain Inspector’s data, you may notice inconsistencies in:
DNS A Records
DNSSEC entries
Propagation mismatches
Unexpected or missing values in DataPrint
These discrepancies typically occur due to DNS misconfiguration, propagation delays, or outdated cached data in Liongard’s inspector.
This guide provides a streamlined process to verify DNS records manually and ensure the data displayed in Liongard is accurate.
Common Symptoms 👀
Symptom | Description |
A Records appear incorrect | Liongard shows an IP different from what DNS tools report |
Missing DNSSEC information | DataPrint does not show expected signatures/keys |
NS mismatch | Liongard displays different nameservers than expected |
Intermittent inconsistencies | Inspector shows fluctuating results across runs |
Steps to Remediation 🧑🏫
‼️ Before You Begin
You will need a command-line interface with the dig utility installed.
OS | dig Availability |
Linux / macOS | Preinstalled |
Windows | Install via BIND Tools or run via Windows Subsystem for Linux (WSL) |
✅ Step 1: Gather the 'A' Record from SOA
Run the following command:
dig SOA +noall +answer <domain>
Identify the first SOA record in the output.
Example SOA: pdns13.domaincontrol.com
Now query the A record directly from that SOA server:
dig A +noall +answer <domain> @<SOA_Record>
Example:
dig A +noall +answer liongard.com @pdns13.domaincontrol.com
✅ Step 2: Gather the 'A' Record from NS
Retrieve the NS records:
dig NS +noall +answer <domain>
Pick any returned NS server and query the A record again:
dig A +noall +answer <domain> @<NS_Record>
Example:
dig A +noall +answer liongard.com @pdns14.domaincontrol.com
✅ Step 3: Compare the Results
Source | Expected Result |
SOA → A Record | Should match NS query |
NS → A Record | Should match SOA query |
Liongard DataPrint | Should match both |
If SOA = NS, DNS is correctly configured. If Liongard still shows other values, the issue is usually related to caching.
✅ Step 4: Run Clear Cache + Debug Mode in Liongard
Use CCDM to force Liongard to retrieve fresh DNS data.
This forces a fresh API call and logs extended details.
📌 Tip: Include CCDM logs if opening a support ticket.
Step 5: Validate URL / Domain Entry
Ensure the Inspector was configured with a valid domain:
Good Input | Bad Input |
|
|
|
|
|
|
Incorrect formats can cause missing or wrong A-record results.
✅ Step 6: Check for DNS Propagation Issues
You may use a external DNS testing tools to verify whether the updated DNS records have fully propagated across the internet. This helps determine if inconsistencies are due to slow propagation, cache delays, or incorrect DNS configuration.
What to do:
Open any of the following DNS testing tools:
Enter the domain you are troubleshooting (e.g.,
example.com).Run the lookup.
Review the results from each tool and compare them against:
The DNS records configured at the domain registrar
Your earlier
digresultsWhat Liongard’s Domain Inspector displays
How to interpret results:
If all external tools show the correct record but Liongard does not → likely caching → run inspection in Clear Cache + Debug Mode
If different tools show mixed results → DNS propagation is still in progress.
If all tools show incorrect results → the issue is with the DNS configuration at the registrar.
If external providers differ, the issue is on the customer’s DNS host—not Liongard.
✅ Step 7: Additional Diagnostics (Optional)
Query DNSSEC
dig DNSKEY <domain>
Query SOA Serial (to confirm synchronization)
dig SOA <domain>
Check for stale caching on DNS servers
dig +trace <domain>
Contact Liongard Support 🦁
If after completing all steps:
SOA/NS match
Propagation is clean
CCDM was performed
Correct domain format is used
But Liongard’s data still appears inconsistent
Please open a ticket and include:
Domain Inspector name + Environment
Exact missing/incorrect entries
How you are viewing them (Overview, DataPrint, Metrics)
Full dig queries + responses from Step 1 & Step 2
Inspector debug logs
Our Support team is happy to help 😇
💬 Start a chat with Leo (Our AI Assistant) or connect with a live support engineer.
📧 Email: support@liongard.com
Additional Resources 🚀
Note ‼️
We sometimes link to third-party tools as optional reference material. These resources are provided for convenience only—Liongard does not control or guarantee their functionality, accuracy, or availability. Please use them at your own discretion.
Summary 🤩
Issue Detected in Inspector | Likely Cause | Verification Step (dig commands) | Fix / Next Action |
A Record in Inspector does not match expected IP | DNS misconfiguration OR stale cache in Liongard |
| • Correct DNS host records |
SOA → A Record and NS → A Record do not match | SOA desynchronization, propagation delays |
| Fix at DNS provider → wait for propagation → run Run Clear Cache + Debug Mode |
DNSSEC data missing | DNSSEC disabled or misconfigured |
| Enable DNSSEC at registrar or correct DS records |
Nameservers (NS) in Inspector are different than expected | Outdated registrar settings OR partial propagation |
| Verify registrar NS → correct → wait for propagation |
Intermittent inconsistencies across inspector runs | Cached data inside Liongard OR external DNS caching |
| Run Clear Cache → Debug → verify SOA serial number |
Inspector shows no DNS entries | Wrong domain format OR domain expired | Check input: e.g., | Fix domain format → check domain WHOIS → Run Clear Cache + Debug Mode |
Incorrect results only inside DataPrint | Cached or stale snapshot | — | Run Clear Cache + Debug Mode → Compare DataPrint from new run |
Only external tools show correct results, not Liongard | Liongard cache OR API-level caching by DNS provider | Same dig steps above | Run Clear Cache + Debug Mode → open ticket with dig outputs |