0

I'm on a network that owns somedomain.com with a large intranet, we use their DNS server to resolve domains like abc.somedomain.com.

I was wondering if I am allowed to host a dns server on dns.xyz.somedomain.com (i.e. registered with their toplevel dns), would I be able to resolve only the xyz subdomains? Or could I add my own tier 3 domains like myname.somedomain.com? Assuming the tier3 is not already in use.

Improve this question

2 Answers 2

Reset to default
2

Whether the internet will expect your server to resolve other "tier 3" domains

No, it won't.

DNS delegations act on subtrees, and normally they're all-or-nothing1: the administrators will not register your server for "all subdomains that we don't have" – they'll register it only for the specific level 3 names you asked for.

So if the parent domain's administrators delegate your server for xyz.⌷.com, then your DNS server is allowed to provide responses for that specific level-3 domain and any of its subdomains (i.e. level-4 or deeper), but not for its sibling level-3 domains.

(The same server can host xyz.⌷.com and abc.⌷.com, but it needs a separate "registration" for each of those domain names.)

Delegations at other levels work exactly the same way.

1 (It is perhaps technically possible to set up a "wildcard" delegation, but nobody does that. RFC 4592 says "inclusion of wildcard NS RRSets in a zone is discouraged, but not barred.")

Whether you can use your server to resolve domains which it doesn't host

The short answer is "it depends on your configuration".

There are two different functions of DNS servers:

  • An authoritative server, which answers for specific domains directly from its database;

  • A recursive resolver, which provides answers based on what it receives from other servers. (It can talk to a single upstream resolver, or it can directly talk to authoritative servers.)

The same server can perform both functions: it can provide authoritative responses for domains X and Y, while providing recursive replies for everything else. This is somewhat common on intranets, and indeed your intranet DNS server sounds like it's performing both functions.

So if your DNS server directly hosts xyz.⌷.com, that will not prevent it from being used to resolve the rest of ⌷.com or any other domain – it'll just forward the queries "up" to the correct server.

Improve this answer
1

If I am allowed to host a DNS server on dns.xyz.example.com (i.e. registered with their toplevel DNS), would I be able to resolve only the xyz subdomains? 

DNS servers can typically resolve whatever domains they have records for. The basic issue is directing a given client request to that DNS server.

So, for instance:

myname.example.com.    3600  IN  A    1.2.3.4

could be hosted on dns.xyz.example.com and potentially be resolvable. But if requests for myname.example.com weren't directed at that DNS server (e.g. they were directed at dns.example.com instead, which had no entry for the myname subdomain) then requests for that domain would likely fail.

Improve this answer
2
  • Would their toplevel dns be more likely to forward to external dns (and 404) or to all known intranet DNS servers? In a typical corporate environment.
    – jiggunjer
    Commented Apr 8, 2020 at 9:16
  • 1
    @jiggunjer: I'm not sure if "more likely" actually makes sense... it's not exclusively one of those options, but rather a bit of "both" and a bit of "neither". The central DNS server won't just fling the same request to all intranet servers and hope that one of them knows the answer. Either it recognizes the domain because it was told exactly which DNS servers are supposed to handle it (and forwards the query only to those servers), or it doesn't recognize the domain at all (and forwards the query to external DNS).
    – grawity_u1686
    Commented Apr 8, 2020 at 16:06

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .