diff --git a/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx b/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx
index 90d5a1e89e88be5..668f86f5b47bccd 100644
--- a/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx
+++ b/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx
@@ -37,7 +37,7 @@ For the purpose of this tutorial, you will update your registrar with the DS rec
 4. Also enable **Multi-signer DNSSEC** and **Multi-provider DNS**.
 5. Go to **DNS** > **Records** and create the following records at your zone apex (meaning you should use `@` in the record **Name** field):
     - A [DNSKEY record](/dns/manage-dns-records/reference/dns-record-types/#ds-and-dnskey) with the zone signing key(s) (ZSKs) of your external provider(s).
-    - A [NS record](/dns/manage-dns-records/reference/dns-record-types/#ns) with your external provider nameservers.
+    - An [NS record](/dns/manage-dns-records/reference/dns-record-types/#ns) with your external provider nameservers.
 
 </TabItem>
 <TabItem label="API">
diff --git a/src/content/docs/ssl/edge-certificates/changing-dcv-method/troubleshooting.mdx b/src/content/docs/ssl/edge-certificates/changing-dcv-method/troubleshooting.mdx
index eae847e80198310..84e731d9a630323 100644
--- a/src/content/docs/ssl/edge-certificates/changing-dcv-method/troubleshooting.mdx
+++ b/src/content/docs/ssl/edge-certificates/changing-dcv-method/troubleshooting.mdx
@@ -52,7 +52,8 @@ Consider the following when troubleshooting:
 
 - [DNSSEC](https://www.cloudflare.com/learning/dns/dns-security/) must be configured correctly. You can use [DNSViz](https://dnsviz.net/) to understand and troubleshoot the deployment of DNSSEC.
 - Your [CAA records](/ssl/edge-certificates/caa-records/) should allow Cloudflare's partner [certificate authorities (CAs)](/ssl/reference/certificate-authorities/) to issue certificates on your behalf.
-- The HTTP verification process is done preferably over **IPv6**, so if any `AAAA` record exists and does not point to the same dual-stack location as the `A` record, the validation will fail.
+- The HTTP verification process is done preferably over **IPv6**, so if any AAAA record exists and does not point to the same dual-stack location as the A record, the validation will fail.
+- If an [NS record](/dns/manage-dns-records/reference/dns-record-types/#ns) is present for the hostname or its parent, DNS resolution will be managed externally by the DNS provider defined in the NS target. In this case, you must either add the DCV TXT record at the external DNS provider, or remove the NS record at Cloudflare.
 
 ## CA errors