Section 4.6. Subdomains and Delegation

4.6. Subdomains and Delegation

It's rare to find an organization running its own DNS that is small enough to not take advantage of subdomains and delegation . By delegation, I mean letting one group, whether logical or physical, administer a section of an organization's network. Let's take a look at an example.

Perhaps my company has two offices: one in Boston and the other in Charlotte, North Carolina. Although I have an overarching domain name, mycompany.com, I might want to delineate these two locations within my networkI can call all machines in Boston with the north.mycompany.com domain suffix and all machines in Charlotte with the south.mycompany.com domain suffix. Because the respective IT groups at each location have a better sense of which machines are going in and out of the network at their own offices than a central group of administrators at the headquarters site, the decision was made to let each office's group administer DNS within each subdomain. To make this happen, there are three steps to follow: first, the overarching domain's DNS zone needs to be told there will be a subdomain that will be administered elsewhere. Second, the overarching (in technical terms, the "root" but not the ultimate TLD-root) nameserver needs the address of the subdomain's nameserver for its records. And finally, the subdomain's nameserver needs to be installed and configured.

4.6.1. Delegating a Domain

Inside the DNS Management snap-in, right-click the zone that is the parent of the subdomain you want to create (e.g., mycompany.com), and select New Delegation from the pop-up menu. The New Delegation Wizard appears; click past the introductory screen to the Delegated Domain Name Screen. Here, simply enter the subdomain you want to create and delegate in the top box. The bottom box will expand to show the full domain name of what you entered. Click Next to move on. On the next screen, enter the name of the subdomain you'd like to delegate, and click Next.

The Name Servers screen appears, as shown in Figure 4-15.

Figure 4-15. Identifying delegated nameservers

On this page, insert the fully qualified domain name and IP address of the nameservers, which will be responsible for the new domain. Just click Add to enter these on the New Resource Record screen which will appear. When you're finished, click OK, and then click Next. Click Finish to complete the wizard. The newly delegated domain will appear in the DNS Management snap-in, but it will be grayed out to indicate its delegated status.

How does this process modify the actual zone files within the DNS service? For one, it adds new NS records to the parent domain to indicate the server responsible for a particular subdomain. For example, if I were delegating the fully qualified subdomain north.mycompany.com with a nameserver at dns1.north.mycompany.com, the resulting record would look like this:

 north NS dns1.north.mycompany.com 

Next, the delegation wizard adds an A record to the parent zone so that it can find the new nameserver via its IP address, like this:

 dns1.north A 192.168.1.105 

This A record is known as a glue record because that A record is the only way DNS and requesting clients would know the IP address of the delegated nameserverafter all, the primary zone no longer holds information on and controls that zone. The A record eliminates that problem and provides a direct way to get in touch with that delegated nameserver.

4.6.2. Creating the Subdomain

Logically, creating the subdomain you've just delegated is very simple. From the delegated server, inside the DNS Management snap-in, you can right-click the Forward Lookup Zones folder and choose New Zone. From there, just follow the instructions in the "Creating a Forward Lookup Zone" section earlier in this chapter.