Create a Zone Delegation

Applies To: Windows Server 2008, Windows Server 2008 R2

You can divide your Domain Name System (DNS) namespace into one or more zones. You can delegate management of part of your namespace to another location or department in your organization by delegating the management of the corresponding zone. For more information, see Understanding Zone Delegation.

When you delegate a zone, remember that for each new zone that you create, you will need delegation records in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers that are being made authoritative for the new zone.

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477.

Creating a zone delegation

  • Using the Windows interface

  • Using a command line

To create a zone delegation using the Windows interface

  1. Open DNS Manager.

  2. In the console tree, right-click the applicable subdomain, and then click New Delegation.

  3. Follow the instructions in the New Delegation Wizard to finish creating the new delegated domain.

Additional considerations

  • To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

  • All domains (or subdomains) that appear as part of the applicable zone delegation must be created in the current zone before delegation is performed as described here. As necessary, use DNS Manager to first add domains to the zone before you complete this procedure.

To create a zone delegation using a command line

  1. Open a command prompt.

  2. Type the following command, and then press ENTER:

    dnscmd <ServerName> /RecordAdd <ZoneName> <NodeName> [/Aging] [/OpenAcl] [<Ttl>] NS {<HostName>|<FQDN>}
    
Parameter Description

dnscmd

Specifies the name of the command-line tool for managing DNS servers.

<ServerName>

Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.)

/RecordAdd

Required. Specifies the command to add a resource record.

<ZoneName>

Required. Specifies the fully qualified domain name (FQDN) of the zone.

<NodeName>

Required. Specifies the FQDN of the node in the DNS namespace for which the start of authority (SOA) resource record is added. You can also type the node name relative to the ZoneName or @, which specifies the zone's root node.

/Aging

If this command is used, this resource record is able to be aged and scavenged. If this command is not used, the resource record remains in the DNS database unless it is manually updated or removed.

/OpenAcl

Specifies that new records are open to modification by any user. Without this parameter, only administrators may modify the new record.

<Ttl>

Specifies the Time To Live (TTL) setting for the resource record. (The default TTL is defined in start of authority (SOA) resource record).

NS

Required. Specifies that you are adding a name server (NS) resource record to the zone that is specified in ZoneName.

<HostName>|<FQDN>

Required. Specifies the host name or FQDN of the new authoritative server.

To view the complete syntax for this command, at a command prompt, type the following command, and then press ENTER:

dnscmd /RecordAdd /help

Additional considerations

  • To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.