What is DNS Delegation

What is DNS Delegation?

In physical terms, delegation is very similar to how a manager delegates responsibility for tasks to his employees. The results are the same, but more than one person was involved in the process. The supervisor receives the work request and directs it responsibility to another employee and either the employee or the supervisor returns the work results. This is all with the caveat that the work the employee is doing is actually correct and is exactly what the original requester asked for (or that the requester actually asked for something that was valid at all!).

It's pretty similar with DNS delegation. When the name servers are asked for the location to find authorization for the zone, delegate this function often on separate name servers (actually in the vast majority of cases) you actually delegate the response to other name servers). The first time you register a domain, say our domain. Often this is done through a third party called a registrar. It is common for registrars to set up their name servers for delegation and serve a standard zone of those name servers. This standard zone contains the basic requirements for making this zone available on the Internet (the records, and) associated with these NS records.

If you want to take control of the domain of the domain yourself, you must ask the registrar to delegate the domain to your name server instead. Different registrars reference these processes in different ways, such as "change name servers," "use third-party DNS," "add glue records," and so on. The mechanism underneath remains the same. In general, you specify 2 or more "Name Server Names" (e.g. and) and the IP addresses where and are located. You then process the request and the delegation is directed by your registrar to the name servers you specified.

Technically, at this point you need to make sure that your nameservers are up and that the domain with a minimum operate one (beginning of the authorization data record). , 1 or more records and the records (the IPs) from which these NS records are resolved:

(I chose some value for the SOA values, the names for the NS records, and the IPs that these name servers resolve to). These must all reflect the zone for which you are serving.

This DNS service must be from all over be visible on the Internet and must not be protected by a firewall (ie port 53 udp and tcp inbound must be permitted). Your service provider is also not allowed to block this port (which some providers block incoming traffic destined for these ports).

In my original comparison, the name servers are the DNS managers who delegate the zone to the name servers (the employees) for the basic zone information (, <) bereitzustellen="" rq18="">,). They can also all serve additional records, e.g. B. Mail server records or possibly a record for your address.

If that name server doesn't do the job, returns incorrect results, or if a third party (firewall / ISP) is blocking the work, you don't have a working DNS and the delegation breaks.

It may also be worth noting that the domain does NOT need to be delegated to name servers in the same domain. Hence, both and could be valid name servers that could have delegated to them. Provided that both name servers served the domain.