Dear DNS administrators
If you administer a DNS server, please... know the rules and follow them!
NS records must be a valid, fully-qualified domain name (FQDN). They should (I think "must," but I haven't taken the time to be sure) match the nameservers listed in your whois/root-delegate record.
Your SOA record must point to a valid, FQDN nameserver that is the primary authority for the domain's records. That's what start-of-authority means.
These aren't just courtesy... using invalid information in your NS or SOA records will cause problems for caching name servers, and will result in users who cannot reliably reach your site. And they don't have to run a "broken" caching DNS server themselves... BIND9 gets confused by caching invalid NS records, returning a valid response on early attempts, but later returning "host not found" responses because it can't reach the invalid NS server. (Because it cached the NS record, not the root-delegate information.... your broken DNS record told it that record was authoritative, after all.)
If you are the DNS admin for a hosting service and you publish broken DNS records for your customers, and then argue with the person who points it out to you that "everything works fine"... you deserve to be fired. I will suggest that your customers find a more reliable hosting service.
Oh... and your SOA record better have a valid, properly-formatted contact in it. And keep your primary and secondary in sync... they shouldn't return conflicting information for days and days.
Long story short, if you don't understand DNS, keep your paws off of it, and don't you dare put "DNS administration" on your resume. Find a mentor who can review your work before you commit it to a public server. Set up a private server and practice on it. Read "DNS & BIND" for gosh sakes. It wouldn't hurt you to skim the relevant RFCs.
And never forget: Just because your DNS server _lets_ you do it does not mean that it is safe or valid to do it. Your DNS server is stupid (even BIND9, yes) about the rules and will let you do many evil things without a hint of complaint.
If you're using BIND9, use named-checkconf and named-checkzone. Get dnswalk and run it against your nameserver.
I'm not a DNS expert. There are a lot of little nooks and crannies that I've not explored or needed to use. But dammit, NS, MX, SOA, A, and CNAME records.... these are the basics, folks. If you can't play by the rules, please don't play at all.
Because you have wasted far too much of my day.
This has been a public service announcement. Thank you for listening.