10

The A record for hello.world.example.com can be registered

  • as the hello entry in the domain world.example.com
  • or as the hello.world entry in the domain example.com

Is there a practical difference, from the perspective of the services which resolve the name, between these two approaches?

As far as I can tell, the resolution of both of them yields the value A record (the IP) so the replies are not discernable for the client.

WoJ
  • 3,365
  • 8
  • 46
  • 75

2 Answers2

12

There will be potentially be an extra delay as creating a separate zone for the world.example.com subdomain typically also implies delegation to different authoritative name servers.

If the same authoritative nameservers are used for both the example.com and the world.example.com zones there is no performance difference.

DNS resolvers need to follow the delegation from the TLD to an authoritative name server.

When the resolver reaches authoritative name servers for the example.com domain and you have a resource record for hello.world(.example.com.) in that zone a response will sent immediately.

If the authoritative name servers for the example.com domain are also authoritative for the world.example.com sub-domain, the response for the hello.world.example.com. record will also be sent immediately.

If world.example.com is configured as separate a zone the authoritative name servers for the example.com will send a response with further delegation details and the NS record(s) of authoritative name servers for the world.example.com. zone: 

world.example.com.  IN NS ns.world.example.com.
world.example.com.  IN NS ns1.example.org.
; GLUE
ns.world.example.com. IN A 192.2.0.1

The resolver will need to follow that delegation and sent extra queries to:

  1. potentially locate those name servers (for example in the case of the ns1.example.org. NS record)
  2. query one of the authoritative name servers for the world.example.com. zone for the hello(.world.example.com.) record.
HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Thank you. So this is rather a matter of performance in the resolution (or speed / easiness of setup) more than technical differences in the response (for a client requesting a resolution, it will not make a difference, it will get an IP for `hello.world.example.com`), correct? – WoJ Feb 08 '19 at 12:02
  • Yes, either way the resolver should get a response with an ip-address for hello.world.example.com. – HBruijn Feb 08 '19 at 12:05
  • 2
    @WoJ, it's usually more a matter of administration — you'd delegate the zone if it is easier to maintain this way. The performance difference is usually negligible. – Simon Richter Feb 08 '19 at 16:09
8

Technically, as I understand DNS, only the hello part is considered the host name, the rest is the domain name. As such, it resolves the same way, in your case the DNS zone includes both the example.com and the subdomain world.example.com, it's just a matter of preference how you annotate it.

However, the only time I've ever seen records like that are for DKIM and other TXT records, for example DKIM uses [selector]._domainkeyas the record for a given subdomain or the root domain. Handy of course if you only need a couple of records for a subdomain, no need to create a separate zone for them.

Stuggi
  • 3,366
  • 4
  • 17
  • 34
  • 4
    I know that it is possible to differentiate between them (by querying the `SOA` for instance) and this is why I added the "practical" aspect of the differentiation. Your examples for DKIM are good ones of a real-life case of such entries. – WoJ Feb 08 '19 at 11:44