CNAME a domain and delegate the subdomain
August 29, 2008 1:33 PM   Subscribe

Can I CNAME a second-level domain, and delegate a subdomain to a nameserver? What if the nameserver is the same for both?

So here's my problem: I have a page at, and I want to:
1) Buy domain and forward (www.) to via CNAME.
2) Buy hosting for a subpart of the site (say,, in a host that uses cPanel (which means I should be able to delegate NS for to them).

The added complication is that I want to buy the domain and the hosting from the same company, which means the nameserver for could end up being the same as the one for

So, in summary I want to have entries like these: CNAME CNAME NS NS

And on &, the normal cpanel entries... A [myhostsip] MX [myhostsip]
blah blah blah etc etc.

My first question is - Is that a valid configuration (cnaming the second-level and delegating the third level)

My second question is: can I have both entries in & (that is, have the NS entry be a self-reference)?

Or will this self-reference make the internets asplode?

Also, if I can, will I be able to do it by just managing my DNS entries, and asking the hosting guys to put on cPanel, or will this require some black magic in part of the hosts? (which means they probably won't do, since I'm aiming for a cheap host)
posted by qvantamon to Computers & Internet (9 answers total) 2 users marked this as a favorite
The first two lines are valid.

Assuming the third line is a host entry (eg there really is a "" machine out there somewhere) that's invalid. NS entries are valid only at the domain level.

Now, there is sort of a way to do what you're trying to do. On, have this: CNAME CNAME A MX

Then set your nameserver to be a secondary of for, but have it listed as the primary nameserver in your whois entry. That gives the illusion of your nameserver being authoritative without you actually managing the domain on that machine.
posted by mark242 at 1:57 PM on August 29, 2008

; removed SOA and Retry/Refresh/etc. block    NS    NS
; can also use IN A [IP address] below@   IN CNAME IN CNAME
forum A [myhostsip]forum MX [myhostsip]
P.S. I'm not sure what's up with the doublespacing of pre tags
posted by rhizome at 2:12 PM on August 29, 2008

oops, change the forum records to "IN A" and "IN MX"
posted by rhizome at 2:13 PM on August 29, 2008

Mark242, I'm not sure what you mean by "NS entries are valid only at the domain level". It's perfectly valid, and quite common, for subdomains to be in different zones. OTOH, NS records are supposed to have domain names, not IP addresses, in them, so maybe that's what you meant?

If you have an NS record that lists a name inside the zone that it's a server for, the solution is for the containing zone to contain "glue records" (basically, put a copy of the necessary NS records in the parent zone as well). But in this case, presumably the NS records in the zone would be " NS" etc, wouldn't they? So you won't need any glue.
posted by hattifattener at 3:17 PM on August 29, 2008

Mark242. DNS is recursive, and by the time you are querying the authoritative nameservers for, there have already been two other NS records fetched. The first for the ".com" nameservers, which then provide the authoritative nameservers for "" It is perfectly valid to delegate name eservice for a subdomain of

Lines 2&3 are still wrong though, because they should be pointing to the hostnames of the delegated nameservers, rather than their IP addresses.

Of course there is the question of whether it is even necessary to delegate. If you are given an IP address or hostname for your forum host it is perfectly appropriate to have A or CNAME entries on your main nameservers.

There is another problem too. MX entries should point to a cannonical hostname (A entry), not an IP address. Also, do you intend for to have a different mail exchanger from
posted by Good Brain at 3:25 PM on August 29, 2008

Response by poster: Clarifications:
I expect cPanel to do all the lines for me (I've no preference on whether the MX is at or at, but I'd be asking the host to use the subdomain in cPanel, so I guess is what it'd end up being).

My question (rewritten) is:
I'll have two "chunks" of DNS configuration: one for (which I get because I'm paying for my domain), and one for (which is managed by cPanel because I gave it The one for has the CNAME's, the one for will have the A's and MX's.

The problem is that I don't know for sure whether the two chunks will be kept in the same nameserver.
can I have those two NS entries: NS NS

regardless of whether the two chunks are located in dns{1,2} or just the cPanel chunk?
In case they are in the same server, the NS entries are probably useless (are they?), but what will be the effect:
* zero useless queries (the query gets resolved locally and ignores the NS entries)
* one useless query (the query starts a new query on the same server, but for the subdomain, then gets what it needs)
* general brokeness (the query enters an infinite loop, or detects the loop and fails, or something of the sort)
posted by qvantamon at 3:52 PM on August 29, 2008

It is perfectly valid to delegate name eservice for a subdomain of

Yes. The OP is not talking about subdomains, they are talking about delegating service for an A record.
posted by mark242 at 5:32 PM on August 29, 2008

I think there's some confusion because you're using "subdomain" in a non-standard way. Is a host or domain? That is to say, are you planning for there to be hosts under (such as A records for and or are you just planning to run some site there?

A "domain" describes a collection of hosts and subdomains. A "subdomain" is a domain, and it describes a collection of hosts and subdomains. A "subdomain" most assuredly is not the term for "a host in my domain," but you seem to be using it that way.

If you just want an A record for the host, just use an A record. There's nothing to delegate if it's a host.
posted by majick at 8:17 PM on August 29, 2008

majick: "" is a subdomain of "". It may also name an individual host. "" is a subdomain of "com", which is a subdomain of the root domain (".").

qvantamon: the technical name for the "chunk" you're talking about is "zone" (a collection of RRs, with an SOA at the top, originating from the same place, etc.).

It is true that all the records for a given domain have to be in the same zone— you can't delegate just the A records— but it doesn't sound like that will keep you from doing what you're trying to do.

I think in most cases you'll get zero useless queries (because the client resolver doesn't query a particular zone, it queries a particular nameserver). I don't think it will cause the internet to asplode; I've done vaguely similar things myself.

If you want, you could read e.g. RFC 1034 or other DNS RFCs.
posted by hattifattener at 11:55 AM on August 30, 2008

« Older Do I need to replace parts of a breast pump after...   |   having a ball with the watchmen? Newer »
This thread is closed to new comments.