You can add a subdomain name to Public Zone to independently configure and manage the subdomain and its DNS records. This provides flexible, efficient, and independent control, which is ideal for scenarios where businesses require subdomain autonomy, permission delegation, or decoupling across teams.
Subdomain delegation
Typically, a primary domain name, such as example.com, is resolved by a single set of NS servers. However, the DNS standard lets you specify separate NS records for a subdomain for subdomain delegation. For example, abc.example.com can be resolved by a different set of NS servers, which makes its control and DNS resolution rules completely independent of the primary domain name. For details about primary domain names and subdomains, see domain hierarchy.
Scenarios
Distributed service isolation and O&M autonomy
For SaaS, businesses with many units or enterprise groups, each business unit may have its own O&M team that independently controls the DNS for
product.example.comwithout affecting the primary domain name or other subdomain services.The test environment
test-env.example.comcan manage DNS resolution resources independently to prevent operational errors from affecting the production primary domain name.
Decoupling across clouds, IDCs, or CDN
Government, enterprise, or finance customers typically use on-premises DNS, but the usage and maintenance costs are high. You can delegate subdomains to Alibaba Cloud DNS for separate management.
If your primary domain name uses a third-party DNS provider and a full migration to Alibaba Cloud DNS is not possible, you can migrate the subdomain to Alibaba Cloud DNS first.
Features
Type | Description |
Instance edition limits | If the primary domain name is hosted by a third-party provider and the subdomain name is hosted on Alibaba Cloud, you can attach a paid edition of Alibaba Cloud DNS to the subdomain. If the subdomain requires security protection, you must enable it separately. |
If both the primary domain name and the subdomain name use Alibaba Cloud DNS, their DNS editions must be consistent. The editions refer only to the Paid Edition and Free Edition. The specific type of paid edition is not restricted. | |
Domain name transfer between accounts | Only the DNS records of the primary domain name are transferred to the new account. The subdomain is not affected. |
DNS provider/account limits | The primary domain name and subdomain name can exist independently with different DNS providers, under different or same Alibaba Cloud accounts. |
Subdomain level limits for primary/subdomains | Free Edition: Supports up to 5 levels. For example, for the subdomain Paid Edition: Supports up to 10 levels. |
Add a subdomain name
Third-party primary domain name and Aliabab Cloud subdomain name
Go to the Alibaba Cloud DNS - Public Zone page and click the Add Domain Name button.
In the Add Domain Name dialog box, enter the subdomain name, such as
demo.example.com, and click the Verify TXT Record button.
In the registrant identity verification dialog box, copy the host record and record value.
ImportantAfter you copy the host record and record value for registrant identity verification, close this dialog box if you have not clicked the Verify button. The TXT record value for verification is valid for one day. You can attempt verification up to three times. If the verification fails three times, the TXT record value is reset. After you add the TXT record for the primary domain name, click the Verify button to perform TXT verification.
Go to your third-party provider. On the DNS settings page for the primary domain name, add a TXT record using the host record and record value provided for registrant identity verification.
Return to the dialog box from Step 3 and click the Verify button. After the verification is successful, click the Verification Successful button.
NoteThe TXT record value for verification is valid for one day before you click Verify. You can attempt verification up to three times. After three failed attempts, the TXT record value is reset.
The subdomain is added to the domain name list. View the DNS Server Address for the subdomain to access the DNS addresses assigned by the system.
(Optional) You can skip this step if the subdomain has no active DNS records. If the subdomain you are adding has active DNS records, we strongly recommend that you add all of its DNS records to Alibaba Cloud DNS.
Go to your third-party provider. On the DNS settings page for the primary domain name, add records of the NS type for the subdomain. Point these records to the DNS server addresses assigned to the subdomain by Alibaba Cloud DNS. For example, if the subdomain you want to configure is
test.example.com:Host
Type
Value
test.example.comNS
ns1.alidns.com
test.example.comNS
ns2.alidns.com
Both the primary and the subdomain name use Alibaba Cloud DNS
The primary domain name and the subdomain name can belong to the same or different Alibaba Cloud accounts.
Go to the Alibaba Cloud DNS - Public Zone page and click the Add Domain Name button.
In the Add Domain Name dialog box, enter the subdomain name and click the TXT Authorization Verification button.
In the Registrant Identity Verification dialog box, copy the Host and Value.
ImportantAfter you copy the host record and record value, keep the dialog box open. If you close it, the system will regenerate the TXT record, causing the verification to fail. After you add the TXT record to the primary domain name, click the Verify button.
Log on to the Alibaba Cloud account that owns the primary domain name. Go to the DNS Settings page in the Alibaba Cloud DNS console. Add a TXT record using the Host and Value provided for registrant identity verification.
After confirming that the TXT record has taken effect, return to the Registrant Identity Verification dialog box from Step 3 and click the Verify button.
After the TXT verification is successful, click the Verification Successful button. The subdomain is automatically added to the domain name list. Click the subdomain name to go to its DNS Settings page. Alibaba Cloud DNS automatically syncs the DNS records for the subdomain from the primary domain name. For more information about the synchronization rules, see Synchronization rules for subdomain DNS records when both the primary domain name and the subdomain name use Alibaba Cloud DNS.
The subdomain is added to the domain name list. View the DNS Server Address for the subdomain to access the DNS addresses assigned by the system.
If DNS records for the subdomain already exist under the primary domain name, they will be affected after the subdomain is hosted. You must delete these DNS records from the primary domain name and configure them on the subdomain's DNS Settings page. Ignore this step if no such records exist.
ImportantThe Alibaba Cloud DNS editions for the primary domain name and the subdomain must match. For example, if the primary domain name uses a paid edition of Alibaba Cloud DNS, the subdomain must also be attached to a paid edition. If the primary domain name uses a paid edition, you must attach the subdomain to a paid edition after you add the subdomain, and then add NS records for the primary domain name.
Retrieve a subdomain name
If a subdomain has been added for independent management by another Alibaba Cloud account, you can use the Retrieve Domain Name feature to transfer its management permissions and DNS records to your account.
Go to the Alibaba Cloud DNS - Public Zone page and click the Add Domain Name button.
In the Add Domain Name dialog box, enter the subdomain name and click the Retrieve Domain Name button.
In the Registrant Identity Verification dialog box, copy the Host and Value.
NoteAfter you copy the host record and record value for identity verification, keep the dialog box open. If you close it, the system will regenerate the TXT record, causing the verification to fail. After you add the TXT record for the primary domain name, click the Verify button, and then click Verification Successful. Confirm To Add Domain Name.
After the registrant identity is verified, the subdomain and its DNS records are automatically added to the account that initiated the retrieval.
Delete a subdomain name
If you no longer need to manage a subdomain separately, you can delete it. All DNS records for the subdomain will be permanently deleted and cannot be recovered.
Before you unregister, delete, or transfer a domain name, especially for a domain registered with and hosted by Alibaba Cloud, we recommend that you first change the domain's DNS servers (NS records) to servers other than those of Alibaba Cloud DNS. Otherwise, after the domain name is deleted or released, it might be re-registered by another party and added to Alibaba Cloud DNS. This poses security threats such as abuse, impersonation, and phishing.
On the Alibaba Cloud DNS - Public Zone page, click the Delete button in the Actions column.
Appendix
Synchronization rules for subdomain DNS records when both the primary domain name and the subdomain name use Alibaba Cloud DNS
After you add a subdomain, if DNS records for the subdomain already exist under the primary domain name, these records are automatically synced to the new subdomain. However, any DNS records added to the primary domain name for the subdomain after the subdomain has been added are not synced. The following examples describe the rules:
Example 1: Scenario without wildcard DNS
The primary domain name is a.com. You want to host the DNS for the subdomain c.b.a.com independently. The existing DNS settings for the subdomain under the primary domain name are as follows:
Type | Host | Line | Value |
A | c.b | Default | 1.1.XX.XX |
The DNS records for the subdomain c.b.a.com are synced as follows:
Type | Host | Line | Value |
A | @ | Default | 1.1.XX.XX |
Example 2: Wildcard DNS scenario 1
The primary domain name is a.com. You want to host the DNS for the subdomain c.b.a.com independently. The existing DNS settings for the subdomain under the primary domain name are as follows:
Type | Host | Line | Value |
A | d.c.b | Default | 1.1.XX.XX |
A | *.c.b | Default | 2.2.XX.XX |
The DNS records for the subdomain c.b.a.com are synced as follows:
Type | Host | Line | Value |
A | d | Default | 1.1.XX.XX |
A | * | Default | 2.2.XX.XX |
Example 3: Wildcard DNS scenario 2
The primary domain name is a.com. You want to host the DNS for the subdomain c.b.a.com independently. The existing DNS settings for the subdomain under the primary domain name are as follows:
Type | Host | Line | Value |
A | *.b | Default | 1.1.XX.XX |
The DNS records for the subdomain c.b.a.com are synced as follows:
Type | Host | Line | Value |
A | * | Default | 1.1.XX.XX |
A | @ | Default | 1.1.XX.XX |
Example 4: Wildcard DNS scenario 3
The primary domain name is a.com. You want to host the DNS for the subdomain c.b.a.com independently. The existing DNS settings for the subdomain under the primary domain name are as follows:
Type | Host | Line | Value |
A | *.b | Default | 1.1.XX.XX |
A | * | Default | 2.2.XX.XX |
The DNS records for the subdomain c.b.a.com are synced as follows:
Type | Host | Line | Value |
A | * | Default | 1.1.XX.XX |
A | @ | Default | 1.1.XX.XX |
In this case, the @ record is resolved based on the longest match principle. The effective DNS record synced to the subdomain is the one with the host record *.b from the primary domain name.