{"id":4614,"date":"2025-08-18T11:49:43","date_gmt":"2025-08-18T11:49:43","guid":{"rendered":"https:\/\/geekmungus.co.uk\/?p=4614"},"modified":"2025-08-19T13:59:13","modified_gmt":"2025-08-19T13:59:13","slug":"dns-delegation-and-adding-a-record-what-happens-when-all-admins-have-gone","status":"publish","type":"post","link":"https:\/\/geekmungus.co.uk\/?p=4614","title":{"rendered":"DNS Delegation and Adding a Record &#8211; What happens when all admins have gone?"},"content":{"rendered":"\n<p>Today we had a bit of a stop and think moment with a delegated domain; it was a good thought experiment to walk though.<\/p>\n\n\n\n<p>So let&#8217;s say you have a sub-domain <strong>thing.example.com<\/strong> of the domain <strong>example.com<\/strong>. The <strong>thing.example.com<\/strong> has been delegated by the administrators of <strong>example.com <\/strong>to a 3rd party who will manage the namespace for the sub-domain <strong>thing.example.com<\/strong> themselves on their own Name Servers.<\/p>\n\n\n\n<p>To facilitate the above the administrators of example.com have added a couple of Name Server records (NS) records into example.com domain as below to delegate that domain to AWS Route53 (for example):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>NS       thing       ns-169.awsdns-21.com\n\nNS       thing       ns-245.awsdns-21.com<\/code><\/pre>\n\n\n\n<p>No problem so far.<\/p>\n\n\n\n<p>However we then got a request. The administrators of the subdomain <strong>thing.example.com<\/strong> are no longer available, so we need you (the administrators of <strong>example.com<\/strong>) to add a record into the sub-domain, can you do that?<\/p>\n\n\n\n<p>After a bit of thought the answer is of course&#8230;..NO<\/p>\n\n\n\n<p>The sub-domain (<strong>thing.example.com<\/strong>) has been delegated to someone else, i.e. the authority for that part of the DNS &#8220;tree&#8221; has been delegated to someone else to manage.<\/p>\n\n\n\n<p>Therefore us (as the administrators of the parent domain <strong>example.com<\/strong>), the only thing we can do is remove the delegation, but if we did that we&#8217;d need to know what records were in that sub-domain so we could add them to our Name Servers, or stuff would stop working.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p>When you delegate a sub-domain to a 3rd party, you as the parent domain administrators have no control over the records within the delegated sub-domain (zone), that &#8220;authority&#8221; is owned by to whomever you have delegated the domain too.<\/p>\n\n\n\n<p>Ergo, if someone wants say an A Record adding to the sub-domain, you as a the parent domain administrator can&#8217;t do this only the sub-domain administrator can!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today we had a bit of a stop and think moment with a delegated domain; it was a good thought experiment to walk though. So let&#8217;s say you have a sub-domain thing.example.com of the domain example.com. The thing.example.com has been delegated by the administrators of example.com to a 3rd party who will manage the namespace &#8230; <a title=\"DNS Delegation and Adding a Record &#8211; What happens when all admins have gone?\" class=\"read-more\" href=\"https:\/\/geekmungus.co.uk\/?p=4614\" aria-label=\"Read more about DNS Delegation and Adding a Record &#8211; What happens when all admins have gone?\">Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":4327,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,8],"tags":[],"class_list":["post-4614","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dns","category-infoblox"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/4614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4614"}],"version-history":[{"count":2,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/4614\/revisions"}],"predecessor-version":[{"id":4616,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/4614\/revisions\/4616"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/media\/4327"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}