Alibaba Cloud DNS:Subdomain management

Subdomain delegation

Typically, an entire primary domain, such as example.com, uses a single set of NS servers for DNS resolution. However, the DNS standard allows you to specify separate NS records for a subdomain. This practice is called Subdomain Delegation. For example, the subdomain abc.example.com can be resolved by a different set of NS servers, making its control and DNS resolution rules completely independent of the primary domain. If you are unfamiliar with primary and subdomains, see Hierarchical structure of domain names.

Use cases

Isolate distributed services and enable autonomous operations

• For Software as a Service (SaaS), companies with multiple business lines, or corporate groups, each business unit has its own operations and maintenance (O&M) team to independently manage the DNS for a subdomain like product.example.com without affecting the primary domain or other subdomains.

• A testing environment, such as test-env.example.com, can manage its DNS resources separately to prevent accidental changes from affecting the primary domain's production environment.

Decouple services across multiple clouds, IDCs, or CDN platforms

• Government or financial institutions often use self-managed DNS, which has high maintenance costs. They can delegate a subdomain to Alibaba Cloud DNS for simplified management.

• If your primary domain uses a third-party DNS provider and you cannot migrate the entire DNS service to Alibaba Cloud DNS for specific reasons, first migrate a subdomain to Alibaba Cloud DNS.

Use a third-party primary domain and Alibaba Cloud subdomain

1. Navigate to the Alibaba Cloud DNS - Public Zone page and click Add Zone.

2. In the Add Zone dialog box, enter the subdomain, such as demo.example.com, and click Verify TXT Record.

   

3. In the Registrant Identity Verification dialog box, copy the Hostname and Record Value.

   

4. Go to your third-party DNS provider. On the DNS settings page for your primary domain, add a TXT record using the Host and Value that you copied.

5. Return to the dialog box from Step 3 and click Verify. After the TXT record is verified, the subdomain is successfully added.

   Important

   After you copy the Hostname and Record Value, you can close the dialog without verifying immediately. The TXT record value remains valid for 1 day. After you click Verify, up to 3 verification attempts are allowed. If all 3 attempts fail, the TXT record value will be reset. Add the TXT record under the primary domain first, and then click Verify to complete TXT verification.

6. The subdomain is added to the domain list. Find the subdomain and view its assigned DNS server addresses in the DNS Server IP Address column.

   

7. (Optional) Skip this step if the subdomain does not have any active DNS records. If the subdomain you are adding has existing DNS records, add all of them to Alibaba Cloud DNS.

8. Navigate to your third-party DNS provider. On the DNS settings page for your primary domain, add NS records for the subdomain that point to the assigned Alibaba Cloud DNS server addresses. For example, if your subdomain is test.example.com:

   Host	Type	Value
   test	NS	ns1.alidns.com
   test	NS	ns2.alidns.com

Use Alibaba Cloud DNS for both the primary and subdomains

The primary and subdomains can belong to the same or different Alibaba Cloud accounts.

1. Navigate to the Alibaba Cloud DNS - Public Zone page and click Add Zone.

2. In the Add Zone dialog box, enter the subdomain and click Verify TXT Record.

3. In the Registrant Verification dialog box, copy the Hostname and Record Value.

   Important

   After you copy the Hostname and Record Value, you can close the dialog without verifying immediately. The TXT record value remains valid for 1 day. After you click Verify, up to 3 verification attempts are allowed. If all 3 attempts fail, the TXT record value will be reset. Add the TXT record under the primary domain first, and then click Verify to complete TXT verification.

4. Log in to the Alibaba Cloud Account that owns the primary domain. Navigate to the DNS settings page and add a TXT record using the provided Hostname and Record Value.

5. After you confirm that the TXT record has taken effect, return to the Registrant Verification dialog box from Step 3 and click Verify.

6. After the TXT record is verified, the system automatically adds the subdomain to the domain list. Click the subdomain name to open its DNS settings page. Alibaba Cloud DNS automatically synchronizes the existing DNS records for the subdomain from the primary domain to the subdomain. For synchronization rules, see DNS record synchronization rules when using Alibaba Cloud DNS for both domains.

7. The subdomain is added to the domain list. Find the subdomain and view its assigned DNS server addresses in the DNS Server IP Address column.

   

8. If the primary domain has DNS records for the subdomain, delegating the subdomain will affect those records. Delete the DNS records from the primary domain and configure them on the subdomain page. If the primary domain does not have any records for the subdomain, you can ignore this step.

   Important

   The primary domain and the subdomain must use the same edition of Alibaba Cloud DNS. For example, if the primary domain uses a Paid Edition, the subdomain must also be bound to a Paid Edition. Add the subdomain, bind it to a Paid Edition, and finally add the NS records in the primary domain.

Retrieve a subdomain

If another Alibaba Cloud Account already manages a subdomain independently, you can use the Retrieve Domain Name feature to transfer its management and DNS records to your current account.

1. Navigate to the Alibaba Cloud DNS - Public Zone page and click Add Zone.

2. In the Add Zone dialog box, enter the subdomain and click Retrieve Zone.

3. In the Registrant Verification dialog box, copy the Hostname and Record Value.

   Important

   After you copy the Hostname and Record Value, you can close the dialog without verifying immediately. The TXT record value remains valid for 1 day. After you click Verify, up to 3 verification attempts are allowed. If all 3 attempts fail, the TXT record value will be reset. Add the TXT record under the primary domain first, and then click Verify to complete TXT verification.

4. After you pass the registrant Identity Verification, the system automatically adds the subdomain and its DNS records to your account.

Delete a subdomain

If you no longer need to manage a subdomain independently, you can delete it. All DNS records for the subdomain are permanently deleted and cannot be recovered.

1. On the Alibaba Cloud DNS - Public Zone page, find the subdomain and click Delete in the Actions column.

   

Synchronization rules for DNS records when both primary domain and subdomain use Alibaba Cloud DNS

After you add a subdomain, if the primary domain already has DNS records for that subdomain, those records are automatically synced to the new subdomain entry. However, any DNS records for the subdomain that you add to the primary domain after adding the subdomain entry will not be synced. The following examples illustrate the detailed rules: