This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
we have discovered that Azure DNS provides different name servers when you add a child domain. so when adding multiple child domains we would need to add roughly 16 name servers to our registrar in order for resolution to work.
We have used nslookup to test this out. If we use the parent domain name server and try to resolve a child domain it does not work. When we switch the name server to match the child domain name server and do the same nslookup it works. now that would make sense but when you have 6 child domains with 4 name servers we are looking at adding 24 domain names with our registrar. is this expected behavior?
Hello @jpcapone ,
Could you please provide an update on this post?
Kindly let us know if the below helps or you need further assistance on this issue.
Regards,
Gita
You do not need to add any child domains to your registrar, you only need to add the top level domain. When you create any child domains you need to add NS records for it to the top level Azure DNS zone for them to be resolvable, you do not need to add them at your registrar.
ok so to be more specific i have provided the results of an nslookup using the Azure DNS zones. I don't see how internet traffic will hit the subdomain when only using the name servers of the parent domain when i get results like i have listed below.
Take Note that the information listed below has been obfuscated to help clarify the situation.
This is the expected result - when resolving the parent domain name using it's name servers:
nslookup somewhere.com ns1-01.azure-dns.com
Server: ns1-01.azure-dns.com
Address: 192.168.1.1
Name: somewhere.com
Address: 192.168.1.2
When I use the same name server and try to resolve the child domain the name servers of the child domain are returned
nslookup sub.somewhere.com ns1-01.azure-dns.com
Server: UnKnown
Address: 10.1.1.1
Name: sub.somewhere.com
Served by:
- ns1-02.azure-dns.com
sub.somewhere.com
- ns2-02.azure-dns.net
sub.somewhere.com
- ns3-02.azure-dns.org
sub.somewhere.com
- ns4-02.azure-dns.info
sub.somewhere.com
If i switch the nameserver to any of the name servers listed specifically for the sub domain i get the expected result
nslookup sub.somewhere.com ns2-02.azure-dns.net
Server: ns2-02.azure-dns.net
Address: 10.1.1.2
Name: sub.somewhere.com
Address: 192.168.5.5
As mentioned, you need to create NS records in your somwhere.com domain for each of the subdomains you create, which reference the name servers for the subdomain. This is how DNS works, when someone queries subdomain.somwhere.com the request will be sent to the somewhere.com zone which will then pass it on to the subdomain.somwhere.com nameservers, because it knows where they are due to the NS record. Have a look here to get more details on how NS records work.
I am familiar with how DNS works and I am also used to receiving an IP address when I do an nslookup and thats not happening. Why dont the results look like whats listed below. You see that i nslookup the parent domain and then the child. Please help me understand what I am missing.
nslookup jwts.me
Server: nowayout.jwtsolutions.co
Address: 10.17.181.1
Non-authoritative answer:
Name: jwts.me
Address: 173.59.20.208
nslookup overseerr.jwts.me
Server: nowayout.jwtsolutions.co
Address: 10.17.181.1
Non-authoritative answer:
Name: overseerr.jwts.me
Address: 173.59.20.208
Hello @jpcapone ,
It’s by-design that parent and child zones are on different nameservers (this is intentional). What’s interesting with your explanation is that you are evidently registering sub-zones (the child zones) at your registrar. This is non-standard and doesn’t embrace the hierarchical nature of DNS. Typically, the second-level domain is registered with the registrar (you are doing this), and then subzones/child zones are delegated from the parent zone and not the registrar. As in, the parent zone has 4 NS records in the parent zone for each child zone, one per child-zone nameserver. See Azure DNS delegation overview | Microsoft Learn for more information.
Also, it’s atypical to query a nameserver directly. The DNS resolver is designed to query by namespace. If you query your resolver (like 1.1.1.1 or your ISP resolver IP) to resolve a particular namespace, the correct nameserver will be determined and queried without the client having to figure out which nameserver to query for which name.
In summary, the query behavior described by you is correct and expected, though you might want to review delegating subdomains.
I have replicated this setup in my lab and below are the screenshots for your reference:
I have a domain "msazurelabs.tk" in a DNS registrar and so I created the same domain in Azure delegated this domain to Azure DNS as below:
Azure DNS zone (Parent zone):
Added Azure DNS NS records to registrar:
Now, I have created a child zone "child.msazurelabs.tk" in Azure under "msazurelabs.tk" and you can see it's NS records are already updated in the parent zone:
Child zone in Azure DNS:
Nameservers of child zone updated in parent zone as a NS record:
So, now I try to resolve both parent domain and child domain without any nameserver in the query and I receive the A records configured in them respectively as below (IP addresses configured as A records are for testing purpose only):
Could you please remove the configured child zone nameservers from your registrar and make sure that the parent zone in Azure portal has the child zone's NS records added to it and try again?
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.