[dns-operations] subzone creation policy & maintenance

Matthew Richardson matthew-l at itconsult.co.uk
Wed May 25 16:44:38 UTC 2022

Sue Steffen:-
>We have created numerous subzones and delegated them to AWS private hosted
>zones for our ‘move to the cloud’ efforts.  This has resulted in a sprawl
>of subzones.  Does anyone else have thoughts on how to manage the number of
>zones?  How do you maintain currency on them – like identifying ones that
>are abandoned and should be removed?

Our systems have monitoring on all zones, which basically checks that all
the delegated DNS servers give authoratitive responses and that the SOA
serial number is in sync.

Where a zone is delegated, this would also be added to this monitoring,
which catches the situation where the delegation has gone lame.

Depending on the size of the zone/organisation, some record keeping as to
who is responsible for each delegated zone might be prudent.

For registered domains, there are also monitoring checks to ensure that the
delegation does not get changed, which also catches expiries.

Hope this helps.

Best wishes,

More information about the dns-operations mailing list