Alibaba Cloud DNS:Subdomain management

Subdomain delegation

Typically, an entire root domain, such as example.com, uses a single set of NS servers for resolution. However, DNS standards allow you to specify separate NS records for a subdomain. This practice is known as "subdomain delegation". For example, abc.example.com can be resolved by a different set of NS servers. This makes the subdomain's control and DNS resolution rules completely independent of the root domain. For more information about root domains and subdomains, see Domain hierarchy.

Scenarios

Distributed service isolation and O&M autonomy

• For organizations with Software as a Service (SaaS) offerings, multiple lines of business, or distinct enterprise groups, each business often has its own Operations and Maintenance (O&M) team. These teams can independently control the DNS for a subdomain, such as product.example.com, without affecting the root domain or other subdomains.

• You can manage DNS resources for a staging environment, such as test-env.example.com, independently. This prevents accidental changes from affecting the production root domain.

Decoupling across clouds, IDCs, or multi-platform CDNs

• Government, enterprise, or finance customers often use self-managed DNS. However, the associated use and maintenance costs are high. These customers can delegate a subdomain to Alibaba Cloud DNS for independent management.

• If a root domain's DNS servers are hosted by a third-party provider and a full migration to Alibaba Cloud DNS is not feasible, you can migrate a subdomain to Alibaba Cloud DNS as an initial step.

Root domain with a third-party DNS provider and subdomain with Alibaba Cloud DNS

1. Go to the Alibaba Cloud DNS - Public Authoritative Zone page and click the Add Zone button.

2. In the Add Zone dialog box, enter the subdomain, such as demo.example.com, and click the Verify TXT Record button.

   

3. In the Registrant Identity Verification dialog box, copy the host record and record value.

   

4. Go to your third-party DNS provider. On the DNS settings page for the root domain, add a TXT record using the copied host record and record value.

5. Return to the Registrant Identity Verification dialog box and click the Verify button. This action verifies the TXT record.

   Important

   To verify the domain registrant's identity, copy the Hostname and Record Value. You can then close the dialog box if you have not clicked the Verify button. The TXT record value for verification is valid for one day. If you click Verify, you have a maximum of three verification attempts. If verification fails three times, the TXT record value is reset. After you add the TXT record for the primary domain name, click the Verify button to complete the TXT verification.

6. The subdomain is added to the domain name list. In the subdomain's entry, find the DNS Server IP Address to obtain the DNS addresses assigned by the system.

   

7. (Optional) If the subdomain has no active DNS records, you can skip this step. If the subdomain you are adding has active DNS records, you must first add all of its existing DNS records in Alibaba Cloud DNS.

8. Go to your third-party DNS provider. On the DNS settings page for the root domain, add NS records for the subdomain. Point these records to the DNS server addresses that Alibaba Cloud DNS assigned to the subdomain. For example, if your subdomain is test.example.com:

   Host Record	Record Type	Record Value
   test	NS	ns1.alidns.com
   test	NS	ns2.alidns.com

Both root domain and subdomain use Alibaba Cloud DNS

The root domain and subdomain can belong to different Alibaba Cloud accounts or the same Alibaba Cloud account.

1. Go to the Alibaba Cloud DNS - Public Authoritative Zone page and click the Add Zone button.

2. In the Add Zone dialog box, enter the subdomain and click the Verify TXT Record button.

3. In the Registrant Verification dialog box, copy the Hostname and Record Value.

   Important

   To verify the domain registrant's identity, copy the Hostname and Record Value. You can then close the dialog box if you have not clicked the Verify button. The TXT record value for verification is valid for one day. If you click Verify, you have a maximum of three verification attempts. If verification fails three times, the TXT record value is reset. After you add the TXT record for the primary domain name, click the Verify button to complete the TXT verification.

4. Log on to the Alibaba Cloud account that owns the primary domain name, go to the DNS Settings page of Cloud DNS, and add a TXT record using the Hostname and Record Value provided for registrant identity verification.

5. After the TXT record takes effect, return to the Registrant Verification dialog box and click the Verify button.

6. After the TXT verification is successful, the subdomain is added to the domain name list. Click the subdomain to go to its DNS Settings page. Alibaba Cloud DNS automatically syncs the DNS records for this subdomain from the root domain to the new subdomain entry. For more information about the synchronization rules, see Synchronization rules for DNS records when both root domain and subdomain use Alibaba Cloud DNS.

7. The subdomain is added to the domain name list. In the subdomain's entry, find the DNS Server IP Address to obtain the DNS addresses assigned by the system.

   

8. If the root domain contains DNS records for the subdomain, those records will be affected when you host the subdomain separately. You must delete the subdomain's DNS records from the root domain and re-configure them on the subdomain's DNS Settings page. If the root domain has no such records, you can ignore this step.

   Important

   The root domain and subdomain must use the same edition of Alibaba Cloud DNS. For example, if the root domain uses a Paid Edition, the subdomain must also be bound to a Paid Edition. If the root domain uses a Paid Edition, first add the subdomain, then bind it to a Paid Edition, and finally add the NS records to the root domain.

Recover a subdomain

If a subdomain has already been added for independent management by another Alibaba Cloud account, you can use the Recover Subdomain feature to reclaim management rights and the associated DNS records for your current account.

1. Go to the Alibaba Cloud DNS - Public Authoritative Zone page and click the Add Zone button.

2. In the Add Zone dialog box, enter the subdomain and click the Retrieve Zone button.

3. In the Registrant Verification dialog box, copy the Hostname and Record Value.

   Important

   To verify the domain registrant's identity, copy the Hostname and Record Value. You can then close the dialog box if you have not clicked the Verify button. The TXT record value for verification is valid for one day. If you click Verify, you have a maximum of three verification attempts. If verification fails three times, the TXT record value is reset. After you add the TXT record for the primary domain name, click the Verify button to complete the TXT verification.

4. After the registrant identity verification is successful, the subdomain and its DNS records are automatically transferred to the account that initiated the recovery.

Delete a subdomain

If you no longer want to manage a subdomain independently, you can delete it. All DNS records under the subdomain will be deleted and cannot be recovered.

1. On the Alibaba Cloud DNS - Public Authoritative Zone page, click Delete in the Actions column.

   

Synchronization rules for DNS records when both root domain and subdomain use Alibaba Cloud DNS

After you add a subdomain, if the root domain already has DNS records for that subdomain, those records are automatically synced to the new subdomain entry. However, any DNS records for the subdomain that you add to the root domain after adding the subdomain entry will not be synced. The following examples illustrate the detailed rules: