When you add another Active Directory domain to a forest, delegation records that point to the authoritative DNS servers for the new zone should be created in the parent Domain Name System (DNS) zone. Delegation records transfer name resolution authority and provide correct referral to other DNS servers and clients of the new servers that are being made authoritative for the new zone. If you are using Active Directory–integrated DNS, these DNS servers might also be the domain controllers for that domain.
You can create these DNS delegation records before you start the Active Directory Domain Services Installation Wizard, or you can have the wizard create them automatically. The wizard verifies that the appropriate records exist in the parent DNS zone after you click Next on the Additional Domain Controller Options page. If the wizard cannot verify that the records exist in the parent domain, the wizard provides you with the option to create the records automatically and continue with the new domain installation.
For example, to add a new child domain named na.contoso.com to the contoso.com forest, a delegation for the DNS subdomain (na.contoso.com) must be created in the parent DNS zone (contoso.com).
If an authoritative DNS server for the newly delegated na.contoso.com subdomain is named ns1.na.contoso.com, to make this server known to others outside of the new delegated zone two resource records must be present in the contoso.com zone to complete delegation to the new zone. These resource records include the following:
- A name server (NS) resource record to effect
the delegation. This resource record advertises that the server
named ns1.na.example.microsoft.com is an authoritative server for
the delegated subdomain.
- A host (A or AAAA) resource record—also known
as a glue record—must be present to resolve the name of the server
that is specified in the name server (NS) resource record to its IP
address. The process of resolving the host name in this resource
record to the delegated DNS server in the name server (NS) resource
record is sometimes referred to as "glue chasing."
To create a zone delegation, open DNS Manager, right-click the parent domain, and then click New Delegation. Follow the steps in the New Delegation Wizard to create the delegation.