Multiple levels of subdomain delegation


In this (admittedly convoluted, but I encountered it at work) example, assume the zone we are authoritative for is

  • We want to delegate to two name servers, and
  • We want to delegate to a different name server,
  • The name servers for and nothing about

Our zone will look something like (assuming an $ORIGIN of

  • Delegations
shiznit IN NS ns1.shiznit
shiznit IN NS ns2.shiznit
subdomain.shiznit IN NS ns1.subdomain.shiznit
  • Glue records
ns1.shiznit IN A
ns2.shiznit IN A
ns1.subdomain.shiznit IN A (not needed, see below)

There can be a problem with the above configuration. Although BIND 9 (9.3.4-P1 in this example) will correctly following the subdomain delegation of subdomain.shiznit, it will not use the ns1.subdomain.shiznit glue record in the zone.

In other words, BIND will attempt to resolve the A record for ns1.subdomain.shiznit by querying the delegated name servers for the shiznit subdomain, ns1.shiznit and ns2.shiznit.

You must have the glue record in its parent in order for this to work; I don't know of any workaround. So to fix delegation in this example, we add the following DNS A record to the ns1.shiznit and ns2.shiznit name servers (assuming an $ORIGIN of

ns1.subdomain IN A

It would probably make the most sense to have the name servers properly delegate the subdomain.

