Multiple levels of subdomain delegation
In this (admittedly convoluted, but I encountered it at work) example, assume the zone we are authoritative for is example.org.
- We want to delegate shiznit.example.org to two name servers, ns1.shiznit.example.org and ns2.shiznit.example.org.
- We want to delegate subdomain.shiznit.example.org to a different name server, ns1.subdomain.shiznit.example.org.
- The name servers for shiznit.example.org know nothing about subdomain.shiznit.example.org (this can be a problem with the glue record; see below).
Our example.org zone will look something like (assuming an $ORIGIN of example.org):
shiznit IN NS ns1.shiznit shiznit IN NS ns2.shiznit subdomain.shiznit IN NS ns1.subdomain.shiznit
- Glue records
ns1.shiznit IN A 192.168.1.100 ns2.shiznit IN A 192.168.1.101 ns1.subdomain.shiznit IN A 192.168.1.102 (not needed, see below)
There can be a problem with the above configuration. Although BIND 9 (9.3.4-P1 in this example) will correctly following the subdomain delegation of subdomain.shiznit, it will not use the ns1.subdomain.shiznit glue record in the example.org zone.
In other words, BIND will attempt to resolve the A record for ns1.subdomain.shiznit by querying the delegated name servers for the shiznit subdomain, ns1.shiznit and ns2.shiznit.
To make this work, you can either:
- Place the glue record in its parent. i.e., add the following DNS A record to the ns1.shiznit and ns2.shiznit name servers (assuming an $ORIGIN of shiznit.example.org).
ns1.subdomain IN A 192.168.1.102
- Configure subdomain.shiznit as a forward or stub zone.
It probably makes the most sense to have the shiznit.example.org name servers properly delegate the subdomain.shiznit.example.org subdomain.