Of course you can. Any node in the namespace below the zone apex can be a delegation point.
To clarify your question: To the rest of Internet you have, for example:
;; pioto.org. zone
@ IN A 66.39.110.116
newpair IN A 66.39.110.116
creandus IN A 66.39.110.116
But on your LAN, because you're so excited about all of these 1990s innovations and want to start experimenting with them, you want to have:
;; pioto.org. zone
@ IN A 192.168.100.1
@ IN AAAA FEC0:0100::1
newpair IN A 192.168.100.2
newpair IN AAAA FEC0:0100::2
_http._tcp IN SRV 10 10 80 @
_http._tcp.newpair IN SRV 10 10 80 newpair
This is a simple exercise in split-horizon DNS service. Configure an internal content DNS server with the second set of data, and perform the prune-and-graft operation in the appropriate manner, using either stub zones with properly separate servers or views.
Letting parts of the external DNS database be visible internally is — with properly separated content and proxy servers — a simple exercise in delegation on the content server:
;; pioto.org. zone, continued
creandus IN NS NS1.PAIRNIC.COM.
creandus IN NS NS2.PAIRNIC.COM.
If you have a combined DHCP-plus-content-DNS service on your router, that knows about leased IP addresses and hostnames, or if you have Microsoft's DNS and DHCP servers on a Windows Server machine, then getting the IP addresses from the combined server is also an exercise in delegation:
;; pioto.org. zone, modified
newpair IN NS a.ns.newpair ;; replaces the A and AAAA records
a.ns.newpair IN A 192.168.1.1 ;; IP address of the DHCP+DNS server
The only things that you cannot do are …
- … use external data for
pioto.org.
itself. The zone apex cannot be delegated.
- … retrieve
A
and AAAA
resource records from different content DNS servers.
Further reading