I'm trying to understand how (or if) a DNS server differentiates between a sub-domain setup as a zone and one setup as a record within a domain zone on the same server.
Say I were to create a DNS zone on a DNS server for a domain e.g. example.com.
What is to stop someone from creating another zone, test.example.com, on the same server and 'hijacking' that sub-domain of the domain?
When a DNS request is made to the name server for test.example.com, will the DNS server return:
- The main A record of the test.example.com zone or
- The test.example.com A record in the example.com zone
(and if the A record for test.example.com doesn't exist in example.com will it return no such record or continue onto the zone of test.example.com)
Is there any way of preventing the sub-domain zone from responding without moving the domains to their own unique name server? How do the likes of ZoneEdit and Amazon's Route53 handle this?
(If a sub-domain was hosted on a separate server the master zone for example.com would have to delegate the sub-domain to that separate server, correct? (as per this Technet article).)
No comments:
Post a Comment