0

I have two completely separate tenants in Azure. PROD tenant hosts a zone in Azure DNS. I want to delegate a subdomain (sub-zone) to a DEV tenant also running Azure DNS. Is this supported? If yes - how do I do it?

If this isn't supported, then what would be a sane and secure way to grant users in DEV tenant to edit DNS records for that subdomain in the PROD tenant?

Konrads
  • 870
  • 2
  • 20
  • 40

1 Answers1

0

Yes, it is possible.

Public DNS knows nothing about accounts, tenants, providers, etc. You can have DNS servers in different Azure tenants, different cloud providers, etc. Delegation is managed by DNS resource records pointing to other public DNS servers.

Create/configure a DNS server to serve the child zone. Make note of the DNS server's IP addresses. Then create NS (Name Server) resource records in the parent DNS server.

It is that simple. I am leaving out advanced features such as DNSSEC, but that is a whole topic to itself.

John Hanley
  • 4,754
  • 1
  • 11
  • 21
  • It's a more specific question I'm afraid - when you register a domain with Azure DNS, it is tied to that tenant's DNS configuration. Registering subdomain as zone even with glue records will still point back to the original tied-up Azure tenant. It's an Azure thing – Konrads Aug 06 '23 at 02:28
  • @Konrads - Do you have a link that I can read? – John Hanley Aug 06 '23 at 03:00