[unisog] DNS delegation

Richard Johnson rdump at river.com
Thu Mar 7 05:58:11 GMT 2002

At 20:39 -0800 on 06/03/2002, Russ Harvey wrote:
> UCR is a smaller UC with a central IT department (us) that provides several
> services to the campus, including DNS. We occasionally get requests from
> other campus organizations that want to run their own DNS.

We have a single DNS presence visible to the outside world.  However, the
central DNS admin is certainly not going to be doing the daily maintenance
of each department's subdomain.

What we do is:

1) each group/department runs their own subdomain
2) central servers pull zone transfers from the subdomains
3) our in-side split DNS serves the zone alongside the departmental
4) the zone files are run through a script that translates their MX
   records to point to our externally visible anti-relay mail hubs
5) our out-side split DNS serves the translated zone to the rest of
   the world

Pretty much any group that wants to run their own sub-domain can do so, as
long as they're minimally competent enough to avoid putting underscores in
hostnames, ensure that their mail systems have MX records, etc.


More information about the unisog mailing list