When you add another Active Directory domain to a forest, delegation records that point to the authoritative DNS servers for the new zone should be created in the parent Domain Name System (DNS) zone. Delegation records transfer name resolution authority and provide correct referral to other DNS servers and clients of the new servers that are being made authoritative for the new zone. If you are using Active Directory–integrated DNS, these DNS servers might also be the domain controllers for that domain.

You can create these DNS delegation records before you start the Active Directory Domain Services Installation Wizard, or you can have the wizard create them automatically. The wizard verifies that the appropriate records exist in the parent DNS zone after you click Next on the Additional Domain Controller Options page. If the wizard cannot verify that the records exist in the parent domain, the wizard provides you with the option to create the records automatically and continue with the new domain installation.

For example, to add a new child domain named na.contoso.com to the contoso.com forest, a delegation for the DNS subdomain (na.contoso.com) must be created in the parent DNS zone (contoso.com).

If an authoritative DNS server for the newly delegated na.contoso.com subdomain is named ns1.na.contoso.com, to make this server known to others outside of the new delegated zone two resource records must be present in the contoso.com zone to complete delegation to the new zone. These resource records include the following:

  • A name server (NS) resource record to effect the delegation. This resource record advertises that the server named ns1.na.example.microsoft.com is an authoritative server for the delegated subdomain.

  • A host (A or AAAA) resource record—also known as a glue record—must be present to resolve the name of the server that is specified in the name server (NS) resource record to its IP address. The process of resolving the host name in this resource record to the delegated DNS server in the name server (NS) resource record is sometimes referred to as "glue chasing."

To create a zone delegation, open DNS Manager, right-click the parent domain, and then click New Delegation. Follow the steps in the New Delegation Wizard to create the delegation.


Table Of Contents