diff --git a/pg-act/ns/zone-add.php b/pg-act/ns/zone-add.php
index fb1fcb5..420c200 100644
--- a/pg-act/ns/zone-add.php
+++ b/pg-act/ns/zone-add.php
@@ -12,7 +12,17 @@ if ($parent_authoritatives === [])
 foreach ($parent_authoritatives as $parent_authoritative)
 	checkAbsoluteDomainFormat($parent_authoritative);
 
-$ns_records = array_column(kdig(name: $domain, type: 'NS', server: (CONF['ns']['local_only_check'] ? CONF['reg']['address'] : $parent_authoritatives[0]))['authorityRRs'], 'rdataNS');
+foreach ($parent_authoritatives as $i => $parent_authoritative) {
+	if ($i === 3)
+		output(403, sprintf(_('The %s first tried name servers failed to answer.'), $i));
+	try {
+		$results = kdig(name: $domain, type: 'NS', server: (CONF['ns']['local_only_check'] ? CONF['reg']['address'] : $parent_authoritative));
+	} catch (KdigException) {
+		continue;
+	}
+	break;
+}
+$ns_records = array_column($results['authorityRRs'] ?? [], 'rdataNS');
 if (preg_match('/^(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})\._domain-verification\.' . preg_quote(SERVER_NAME, '/') . '\.$/Dm', implode(LF, $ns_records), $matches) !== 1)
 	output(403, _('NS authentication record not found.'));