Delegate an Azure DNS subdomain using Azure PowerShell
You can use Azure PowerShell to delegate a DNS subdomain. For example, if you own the contoso.com domain, you may delegate a subdomain called engineering to another separate zone that you can administer separately from the contoso.com zone.
If you prefer, you can also delegate a subdomain using the Azure portal.
Note
Contoso.com is used as an example throughout this article. Substitute your own domain name for contoso.com.
If you don’t have an Azure subscription, create a free account before you begin.
Azure Cloud Shell
Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.
To start Azure Cloud Shell:
| Option | Example/Link |
|---|---|
| Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell. |  |
| Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. |  |
| Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. |  |
To use Azure Cloud Shell:
Start Cloud Shell.
Select the Copy button on a code block (or command block) to copy the code or command.
Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.
Select Enter to run the code or command.
Prerequisites
To delegate an Azure DNS subdomain, you must first delegate your public domain to Azure DNS. See Delegate a domain to Azure DNS for instructions on how to configure your name servers for delegation. Once your domain is delegated to your Azure DNS zone, you can delegate your subdomain.
Create a zone for your subdomain
First, create the zone for the engineering subdomain.
New-AzDnsZone -ResourceGroupName <resource group name> -Name engineering.contoso.com
Note the name servers
Next, note the four name servers for the engineering subdomain.
Get-AzDnsRecordSet -ZoneName engineering.contoso.com -ResourceGroupName <resource group name> -RecordType NS
Create a test record
Create an A record in the engineering zone to use for testing.
New-AzDnsRecordSet -ZoneName engineering.contoso.com -ResourceGroupName <resource group name> -Name www -RecordType A -ttl 3600 -DnsRecords (New-AzDnsRecordConfig -IPv4Address 10.10.10.10)
Create an NS record
Next, create a name server (NS) record for the engineering zone in the contoso.com zone.
$Records = @()
$Records += New-AzDnsRecordConfig -Nsdname <name server 1 noted previously>
$Records += New-AzDnsRecordConfig -Nsdname <name server 2 noted previously>
$Records += New-AzDnsRecordConfig -Nsdname <name server 3 noted previously>
$Records += New-AzDnsRecordConfig -Nsdname <name server 4 noted previously>
$RecordSet = New-AzDnsRecordSet -Name engineering -RecordType NS -ResourceGroupName <resource group name> -TTL 3600 -ZoneName contoso.com -DnsRecords $Records
Test the delegation
Use nslookup to test the delegation.
Open a PowerShell window.
At command prompt, type
nslookup www.engineering.contoso.com.You should receive a non-authoritative answer showing the address 10.10.10.10.
Next steps
Learn how to configure reverse DNS for services hosted in Azure.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for