How exactly should I set up DNS to delegate authority for subdomains?
I have servers hosted at a hosting provider and they also host the DNS records for my domain names. Now I want to add subdomains that are resolved by my own DNS service. So for example:
- the hosting provider's name server knows the IP address for
econemon.com
- one of my servers knows the IP address for
ftp.econemon.com
Also,
- unknown or undefined subdomains should be routed to the same IP as the parent domain
- on failure of my DNS service, it would be great if the requests all go to the IP address that is associated with
econemon.com
, but I'm not sure how that should work.
Now, I've read through the Wikipedia articles on DNS to dust off my knowledge, but the part that leaves me confused is: how does a client know which server to ask for the IP address for ftp.econemon.com
? Does it get that information from the hoster? If so, do I have to register the subdomain there (and what would I need my name server for then)?
Solution 1:
If you want to delegate authority for a section of your domain you are going to need to add another level to the hierarchy.
When a recursive DNS server asks for the address for ftp.econemon.com it is going to go through a number of steps. First it is going to ask one of the root servers which will reply with the name servers for the .com domain (this step will likely be cached and only done infrequently). It will then ask the .com servers and they will respond with the name servers for the econemon.com domain. Finally it will ask these servers for the address record for ftp.econemon.com.
In theory you could simply add ftp.econemon.com as an NS entry in the parent zone
e.g:
services NS ns1.econemon.com. ns1 A 192.0.2.1
And then create ftp.econemon.com as a zone in your name server. But if you do it this way you will have to create a new zone per server. What you probably want to do is ask your provider to add a delegated subdomain.
e.g.:
services NS ns1.services.econemon.com. services NS ns2.services.econemon.com. ns1.services A 192.0.2.1 ns2.services A 192.0.2.2
You can then add services.econemon.com as a zone on your name servers and simply add new entries as you need them in this single zone.
If you really need the short names too it shouldn't be too much trouble to get CNAME records added such that ftp.econemon.com has a canonical name of ftp.services.econemon.com which leaves you able to change the IP address whenever you want to and allows users to use a short name.
ftp.econemon.com. CNAME ftp.services.econemon.com.
Solution 2:
You need to add a NS entry for ftp.econemon.com pointing to your own DNS server. When a client will want to resolve something.ftp.econemon.com it wil ask your provider DNS, that will answer that it can be resolved on your own server. An example:
ftp.econemon.com. IN NS myownns.econemon.com.
myownns.econemon.com. IN A YOUR_DNS_SERVER_IP
To have anything before .econemon.com. to work you can use a wildcard record (*).
Solution 3:
But for something like ftp.econemon.com you may not need to delegate anything. Something like ftp.econemon.com is usually a hostname not a subdomain. If that's the case just add an A record for it.
ftp.econemon.com. IN A 192.168.1.1
You can also add A records with dots in them e.g.:
ftp.something.econemon.com. IN A 192.168.1.3
If the DNS is bind you can use wildcards to e.g.:
*.something.econemon.com. IN A 192.168.1.3
I'm not sure that delegation is really useful unless you actually want to allow some other person or organisation to manage the sub domain.