HOWTO - Configure Sub-domains (a.k.a subzones)

This HOWTO is an overview of sub-domain configuration, where a sub-domain is defined as being:

You have a choice of two strategies for handing sub-domain addressing:

  1. Fully delegate the sub-domain - in this case you will need one or more name servers for the sub-domain.
  2. Create a virtual (or pseudo) sub-domain - in this case you define the sub-domain's configuration, as well as the main zone configuration, in a single name-server and zone file.

In this HOWTO we configure a virtual sub-domain i.e. the subdomain definition is included in a single zone file.

Zone Name Server Configuration

The primary name server for our domain is running BIND and has a named.conf file that defines the zone.

We received some mail which suggested that we show the explicit use of the allow-transfer statement. The samples in Chapter 6 all show this statement in use but for anyone just using this section it is not apparent.

Zone Name-Server named.conf

The named.conf file will contain statements similar to the following fragment defining the main zone as normal:

// named.conf file fragment
....
options {
    ....
    // stop everyone
    allow-transfer {"none";};
    ....
};
zone "example.com" in{
   type master;
   file "master/master.example.com";
   // explicitly allow slave
   allow-transfer {192.168.0.4;};
};

Zone Name-Server Zone Files

The file 'master.example.com' (or whatever naming convention you use) will contain our domain and sub-domain configuration with, say, a couple of name servers.

; zone fragment for 'zone name' example.com
; name servers in the same zone
$TTL 2d ; zone default TT = 2 days
$ORIGIN example.com.
@              IN      SOA   ns1.example.com. hostmaster.example.com. (
               2003080800 ; serial number
               2h         ; refresh =  2 hours 
               15M        ; update retry = 15 minutes
               3W12h      ; expiry = 3 weeks + 12 hours
               2h20M      ; minimum = 2 hours + 20 minutes
               )
; main domain name servers
              IN      NS     ns1.example.com.
              IN      NS     ns2.example.com.
; mail servers for main domain
              IN      MX 10  mail.example.com.
; A records for name servers above 
ns1           IN      A      192.168.0.3
ns2           IN      A      192.168.0.4
; A record for mail servers above 
mail          IN      A      192.168.0.5
; other domain level hosts and services
bill          IN      A      192.168.0.6
....
; sub-domain definitions
$ORIGIN us.example.com.
              IN      MX 10  mail
; record above uses blank substituition 
; and could have been written as 
; us.example.com.   IN  MX 10 mail.us.example.com.
; OR (using @ substituition)
; @ IN MX 10 mail
; A record for subdomain mail server
mail          IN      A      10.10.0.28
; the record above could have been written as 
; mail.us.example.com. A 10.10.0.28 if it's less confusing
ftp           IN      A      10.10.0.29 
; the record above could have been written as 
; ftp.us.example.com. A 10.10.0.29 if it's less confusing
....
; other subdomain definitions as required 

Additional sub-domains could be defined in the same file using the same strategy. For administrative convenience you could use $INCLUDE directives e.g.

; snippet from file above showing use of $INCLUDE
....
; other domain level hosts and services
bill          IN      A      192.168.0.5
....
; sub-domain definitions
$INCLUDE us-subdomain.sub
; other subdomain definitions as required 

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 dns records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfc's
change log