Code, Docs & Tools
BIND: how to delegate a sub-domain to another nameserver
Introduction
In most of the cases, the DNS configuration for a domain is included in a single zone file and handled by an unique authoritative nameserver (master + slaves).
Sometimes there could be the need to delegate a sub-domain to other nameservers.
Zone configuration
There are different formats that are totally equivalent (with or without the usage of the $ORIGIN directive, using or not unqualified names).
This format could help to keep things clear, but indeed it's just a matter of tastes.
$TTL 3600
$ORIGIN domain.com.
@ IN SOA ns1.nameserver.com. admin.nameserver.com. (
2017090101 ; Serial
10800 ; Refresh
1800 ; Retry
1209600 ; Expire
3600 ; Negative Cache TTL
)
@ IN NS ns1.nameserver.com.
@ IN NS ns2.nameserver.com.
@ IN A 1.2.3.4
www IN A 1.2.3.4
$ORIGIN ext.domain.com.
@ IN NS ns1.anothernameserver.com.
@ IN NS ns2.anothernameserver.com.
This zone file defines for the domain domain.com the authoritative nameservers ns1.nameserver.com and ns2.nameserver.com (usually the server itself and its slaves). The zone includes also the configuration for the name www, as an example.
Then, it sets for the sub-domain ext.domain.com the authoritative nameservers ns1.anothernameserver.com and ns2.anothernameserver.com.
Example
When a client asks for test.ext.domain.com, it initially contacts ns1.nameserver.com or ns2.nameserver.com, since they are the authoritative nameservers for the zone domain.com.
The nameserver returns ns1.anothernameserver.com and ns2.anothernameserver.com as authoritative nameservers to resolve the sub-zone ext.domain.com.
So the client contacts one of these two nameservers, that will return the IP address for test.ext.domain.com.