Small Printed Circuit Board

Code, Docs & Tools

BIND: how to delegate a sub-domain to another nameserver

Introduction

In most of the cases, the DNS configuration for a domain is included in a single zone file and handled by an unique authoritative nameserver (master + slaves).

Sometimes there could be the need to delegate a sub-domain to other nameservers.

Zone configuration

There are different formats that are totally equivalent (with or without the usage of the $ORIGIN directive, using or not unqualified names).

This format could help to keep things clear, but indeed it's just a matter of tastes.

$TTL 3600 $ORIGIN domain.com. @ IN SOA ns1.nameserver.com. admin.nameserver.com. ( 2017090101 ; Serial 10800 ; Refresh 1800 ; Retry 1209600 ; Expire 3600 ; Negative Cache TTL ) @ IN NS ns1.nameserver.com. @ IN NS ns2.nameserver.com. @ IN A 1.2.3.4 www IN A 1.2.3.4 $ORIGIN ext.domain.com. @ IN NS ns1.anothernameserver.com. @ IN NS ns2.anothernameserver.com.

This zone file defines for the domain domain.com the authoritative nameservers ns1.nameserver.com and ns2.nameserver.com (usually the server itself and its slaves). The zone includes also the configuration for the name www, as an example.

Then, it sets for the sub-domain ext.domain.com the authoritative nameservers ns1.anothernameserver.com and ns2.anothernameserver.com.

Example

When a client asks for test.ext.domain.com, it initially contacts ns1.nameserver.com or ns2.nameserver.com, since they are the authoritative nameservers for the zone domain.com.

The nameserver returns ns1.anothernameserver.com and ns2.anothernameserver.com as authoritative nameservers to resolve the sub-zone ext.domain.com.

So the client contacts one of these two nameservers, that will return the IP address for test.ext.domain.com.