What does DNS Lame Delegation error mean in my mail logs?
Environment: Cisco Email Security Appliance (ESA), all versions of AsyncOS
Lame delegation/referral is when an NS record points to an incorrect host. This can be caused when a zone is delegated to a server that has not been properly configured to be authoritative for the zone. This will cause resolvers to direct queries to servers that will not respond authoritatively, if at all. This causes unnecessary network traffic and extra work for servers.
Lame delegation/referral also happens when a domain is registered but only has one or no DNS servers, so random DNS servers are specified to act as place-holders even though none of these servers have a zone defined for the domain in question. If you see this message about your own server, you should take steps to correct this immediately. If the domain-name in question is not yours, do a WHOIS look up to determine the owner, and contact them to change it immediately (they are causing additional traffic on your Internet connection and additional processing for your DNS servers). If the domain-name is yours, add the zone to your server immediately.
Lame delegation/referrals can cause potentially serious problems for web visitors and for delivery of mail. If only one of the servers to which the zone is delegated in fact has authoritative data for the zone, then if that server should become unavailable, the zone effectively can not be located from the net. It does not matter if there are other servers that have authoritative data for the zone, because they are not listed in the delegation.