When managing DNS infrastructure, it's common to need authoritative name servers for both a parent domain (b.c) and its subdomain (a.b.c). The key technical consideration is that these are technically separate DNS zones, though they share a hierarchical relationship.
Yes, you can absolutely host both zones on a single physical or virtual machine. Here's how it works in practice with BIND9 (the most common DNS server software):
// Named.conf configuration for both zones
zone "b.c" {
type master;
file "/etc/bind/zones/db.b.c";
};
zone "a.b.c" {
type master;
file "/etc/bind/zones/db.a.b.c";
};
For the parent domain (b.c), you need to include NS records pointing to your server for the subdomain:
; db.b.c zone file
$TTL 86400
@ IN SOA ns1.b.c. admin.b.c. (
2024010101 ; serial
3600 ; refresh
900 ; retry
604800 ; expire
86400 ; minimum TTL
)
@ IN NS ns1.b.c.
@ IN NS ns2.b.c.
ns1 IN A 192.0.2.1
ns2 IN A 192.0.2.2
; Delegation for subdomain
a IN NS ns1.a.b.c.
a IN NS ns2.a.b.c.
ns1.a IN A 192.0.2.1
ns2.a IN A 192.0.2.1
For the subdomain (a.b.c), the zone file can be simpler:
; db.a.b.c zone file
$TTL 86400
@ IN SOA ns1.a.b.c. admin.a.b.c. (
2024010101
3600
900
604800
86400
)
@ IN NS ns1.a.b.c.
@ IN NS ns2.a.b.c.
ns1 IN A 192.0.2.1
ns2 IN A 192.0.2.1
; Other records for the subdomain
www IN A 192.0.2.100
1. Single Point of Failure: While technically possible, consider running at least two name servers for redundancy
2. Performance Impact: Modern servers can easily handle multiple zones - a single instance can serve thousands of zones
3. Configuration Management: Tools like Ansible can help maintain consistency across zone files
The same principle applies to other DNS servers like PowerDNS:
# PowerDNS configuration
launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
# Zones are automatically detected from the database
# Just add both b.c and a.b.c as separate zones
If using AWS Route 53 as an example, you would:
- Create a hosted zone for
b.c - Create a separate hosted zone for
a.b.c - In the
b.czone, create NS records fora.b.cpointing to the name servers AWS provides for thea.b.czone
When managing DNS infrastructure, a common requirement is to serve both a parent domain (e.g., b.c) and one of its subdomains (e.g., a.b.c) from the same physical or virtual server. This avoids the overhead of maintaining separate machines while ensuring proper DNS resolution for both zones.
The key concept here is zone delegation. In BIND (Berkeley Internet Name Domain), you can configure multiple zones on a single server:
// named.conf example for serving both b.c and a.b.c
options {
directory "/var/named";
};
zone "b.c" IN {
type master;
file "b.c.zone";
};
zone "a.b.c" IN {
type master;
file "a.b.c.zone";
};
For proper resolution, you need to:
- Create NS records in the parent zone (
b.c) pointing to your server - Ensure glue records are properly configured at the registrar
Example zone file for b.c:
; b.c.zone file
$TTL 86400
@ IN SOA ns1.b.c. admin.b.c. (
2024031501 ; serial
3600 ; refresh
900 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS ns1.b.c.
@ IN NS ns2.b.c.
ns1 IN A 192.0.2.1
ns2 IN A 192.0.2.2
; Delegation for a.b.c
a IN NS ns1.b.c.
a IN NS ns2.b.c.
For more complex scenarios where different clients need different resolutions, you can use BIND views:
view "internal" {
match-clients { 192.0.2.0/24; };
recursion yes;
zone "b.c" {
type master;
file "internal/b.c.zone";
};
zone "a.b.c" {
type master;
file "internal/a.b.c.zone";
};
};
view "external" {
match-clients { any; };
recursion no;
zone "b.c" {
type master;
file "external/b.c.zone";
};
zone "a.b.c" {
type master;
file "external/a.b.c.zone";
};
};
When hosting multiple zones on one server:
- Monitor query rates and response times
- Consider using response rate limiting (RRL) if under heavy load
- Ensure adequate CPU and memory resources for concurrent queries
Running multiple zones increases attack surface:
- Implement TSIG for zone transfers
- Use DNSSEC for all zones
- Separate authoritative and recursive functions if possible