To delegate means to give responsibility and tasks to different people. It is very similar when we are talking about DNS delegation. Each level of the DNS hierarchy will be responsible for a particular part of the domain. How exactly does DNS delegation work? Let’s find out!
DNS and DNS hierarchy
DNS (Domain Name System) is a global system for domain resolution that links domain names and their IP addresses.
It has a multi-level structure that looks like a tree, and it is called domain namespace. The levels are as follow:
- Root – the highest level that is first to respond. It will show the TLDs that should follow.
- TLD – Top-level domain. Here each TLD like .com, .eu, and so on have their authoritative name servers who can show you where the particular domain you are searching is.
- Secondary domain name – this level is responsible for the domain name. It will return an IP address, and the user can visit the site.
- Subdomain name. There could be multiple subdomains for additional features like FTP, HTTP, MAIL, etc.
DNS delegation is the process when one DNS nameserver delegates its authority to another DNS nameserver (or more DNS nameservers) for a particular part of the domain namespace.
The root servers have dedicated zones for each TLD server. On their hands, they have delegated zones to each nameserver responsible for a domain name under them.
When you first register a domain name with your registrar of choice. In the beginning, you will use this registrar’s nameservers for the authoritative server for your domain name. There are the basic DNS records for its functionality like SOA, NS, A DNS records.
The domain name was delegated to the registrar from the TLD (the extensions like .com, .co.uk, etc.).
To get the authority of the domain name, you will need to ask it from the currently authoritative for the zone, which is the registrar.
This process is called DNS delegation, and you will find it inside the registrar’s control panel with a name like “change nameserver to”, “use another DNS service”, “Add Glue records”.
You can get a 3rd party DNS service and set its nameservers for your domain name. You will need to add SOA, NS, and A records.
In case you decide to use your own server, make sure that it is connected to the Internet so it can resolve the domain for the external visitors, and also check if there is no firewall that limits the needed port like UDP port 53.
So by now, the TLD servers have delegated the responsibility about the zone of your domain name to your nameserver.
That gives you the ability to manage the DNS on this level fully. You can add additional records for mail servers like MX, PTR records, add validation and authentication records like SPF, DKIM, DMARC, and create different load balancing mechanisms.
You can also further delegate other zones to the nameservers you have. Imagine you need another host like mail.yoursite.com. You can create a master zone for mail.yoursite.com and delegate it to one or more of your nameservers.
DNS delegation is the ability to delegate the authority of a part of the domain namespace to a particular DNS server or servers. The ability to delegate authority makes DNS more functional because you can set different administrators for each zone, and also it improves the performance.