[dns-operations] subzone delegation best practice

Sue Steffen lilycrown at gmail.com
Tue Sep 25 18:19:35 UTC 2018

I would like to get the opinions of this list concerning subzone
delegations to 3rd parties.

We have a very recognizable zone name, xyz.com, We have many publicly
facing URL's and the usual email protection records DKIM, SPF, DMARC.  We
are very concerned about protecting our brand.

We also have a multitude of 3rd party vendors providing various niche
services.    These vendors want to have subzones delegated to them so they
can manage their own email-related records an such.  Most of them we have
setup with their own domains to use on our behalf ( like xyz-them.com,
xyz-those.com, etc).   We constantly get requests to use a subzone off of
our main zone for these vendors (like them.xyz.com, those.xyz.com).

Is it preferable to have 3rd parties use an entirely separate zone, thus
protecting the reputation of our primary zone?  I worry about a mistake by
a vendor causing our main zone to be blacklisted.

Or is it preferable to use subzones off of the main zone, thus giving the
public comfort that they are clicking a link or receiving an email from a
valid xyz.com site?

How does your firm handle 3rd party delegations?

Thanks for your thoughts,

Sue Steffen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180925/af661dad/attachment.html>

More information about the dns-operations mailing list