The Purpose and Use of Delegation

Large corporate networks, and the Internet itself, consist of a large collection of IP networks and subnetworks distributed across a great many geographic sites. Each geography or business entity rules over its management domain. IP addresses are allocated within subnets, devices are allocated names, and these names are assigned to a subdomain. Each management domain administers its own name servers and retains total authority and control over the database entries. Every conceivable device with an IP address should be represented by the DNS servers. The local hostmasters update their name server database as necessary to reflect devices that are new, renamed, or renumbered.

Within a very large corporate network there could be hundreds of authoritative name servers for hundreds of subdomains. For example, a few subdomains within the domain acme.com could be east.acme.com, west.acme.com, north.acme.com, south.acme.com, and corp.acme.com. Each of these domains belong to sites that are independent business units. Their computer and network equipment are assigned IP addresses, names, and even subdomains by the local network administrators. This responsibility is delegated to them. Local network administrators also administer the local name servers, thus mirroring this delegation.

The acme.com corporate name servers at each site are generally used by all local systems. Systems located at east.acme.com use the local name servers, even if they need access to an off-site system. This works because at corp.acme.com there are root name servers that are configured with the IP addresses of all authoritative name servers for all the acme.com subdomains. Every name server at the five sites is configured to direct requests it can’t satisfy to the root name server for resolution. Such an architecture scales to the largest imaginable corporation. Clearly, the hostmasters within acme.com must work together to glue their name servers into a fully functional DNS.

Note that each of the five sites in acme.com are at liberty to assign duplicate names to their equipment. For example, each site might maintain a mail gateway named email. But there isn’t a naming conflict because the mail gateway names, when fully qualified, are unique: email.corp.acme.com, email.east.acme.com, email.west.acme.com, email.north.acme.com, and email.south.acme.com.

In practice, when the local network administrators need to change the IP address of email.west.acme.com, they update the local authoritative name servers with the new data at the same time. When the mail server email.acme.corp.com needs to forward messages to email.west.corp.com, it will use the IP address it gets from DNS, which will be the new one.