January 28, 2022

How to point different subdomains to different DNS providers

I own a few different domains, and sometimes I like to manage DNS records in different ways. I manage my top level DNS records in Digital Ocean, but once in a while do some things on AWS or GCP, and want the ability to use services like Route53 (AWS) or Cloud DNS (GCP) to manage records for services in those public clouds.

If you're looking to do something similar, here's how to do it by adding custom NS records for custom subdomains.

The Basics

You'll first need to find where you're managing your top level DNS records. My domain registrar points my domains to digital ocean's nameservers.

dig +short NS ryderdamen.com
# The results of dig +short NS ryderdamen.com
ns2.digitalocean.com.
ns3.digitalocean.com.
ns1.digitalocean.com.

I'm comfortable managing the DNS records for my site here. But say I wanted to manage the records for gcp.ryderdamen.com and all subdomains of that subdomain like hello.gcp.ryderdamen.com, whatsgood.gcp.ryderdamen.com within Google Cloud Platform. To do that, I simply need to create NS records pointing to Google Cloud Platform's Cloud DNS nameservers, for the gcp.ryderdamen.com subdomain.

Creating a zone in Cloud DNS

I first create a zone in Cloud DNS, with the subdomain I'm looking to control records for gcp.ryderdamen.com.

Once that zone has been created, I'm given two default records by Google: - a SOA record - a NS record

The SOA record contains some metadata about the zone, but we're after the NS record. By clicking into it, we can see that it points to the following addresses.

# The nameservers that Google has given us
ns-cloud-c1.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c4.googledomains.com.

These are the nameservers that we'll need to point our subdomain for.

At this point, we've simply created a zone for gcp.ryderdamen.com - no traffic is able to reach this zone, since we haven't provisioned records in the upstream ryderdamen.com zone yet - we'll do that now.

Provisioning our Upstream NS Records

We'll now head back to the parent zone (mine is hosted in Digital Ocean) and provision our NS records to point the specific subdomain to Google's Cloud DNS service.

I'm doing this with terraform, but you can add these records in any way you like. The type of record is "NS", the name is the subdomain representing the zone you created, and the value is each of the nameserver values we got from Google above.

# Terraform resources to create NS records for the gcp.ryderdamen.com subdomain
locals {
  gcp_cloud_dns_ns_records = [
    "ns-cloud-c1.googledomains.com.",
    "ns-cloud-c2.googledomains.com.",
    "ns-cloud-c3.googledomains.com.",
    "ns-cloud-c4.googledomains.com.",
  ]
}

resource "digitalocean_record" "rd_gcp_ns_records" {
  count  = length(local.gcp_cloud_dns_ns_records)
  domain = "ryderdamen.com"
  type   = "NS"
  name   = "gcp"
  value  = local.gcp_cloud_dns_ns_records[count.index]
  depends_on = [
    digitalocean_domain.top_level_domains,
  ]
}

Testing It Out

Once we've provisioned these, we can test out our different name servers with the dig command.

When we run dig to look for NS records on our top level domain, we see digital ocean nameservers as we did before.

dig +short NS ryderdamen.com
# The results of dig +short NS ryderdamen.com
ns2.digitalocean.com.
ns3.digitalocean.com.
ns1.digitalocean.com.

When we run dig on the GCP subdomain however...

dig +short NS gcp.ryderdamen.com
# Results of dig +short NS gcp.ryderdamen.com
ns-cloud-c1.googledomains.com.
ns-cloud-c4.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c2.googledomains.com.

We are pointed to the Cloud DNS nameservers.

We'll now add a testing subdomain of the gcp subdomain just to be sure...

# These commands create an A record pointing to 10.0.0.1 
# for testing.gcp.ryderdamen.com with Cloud DNS
gcloud beta dns record-sets transaction start \
    --zone="gcp-ryderdamen-com"

gcloud beta dns record-sets transaction add 10.0.0.1 \
    --name="testing.gcp.ryderdamen.com." \
    --ttl="300" \
    --type="A" \
    --zone="gcp-ryderdamen-com"

gcloud beta dns record-sets transaction execute \
    --zone="gcp-ryderdamen-com"

and test to make sure we can see that record:

dig +short testing.gcp.ryderdamen.com
10.0.0.1

Success!

In Summary

Adding NS records to a subdomain allow you to manage that subdomain's DNS records elsewhere, using a different Cloud or DNS service like Digital Ocean, Route53, or Cloud DNS. It's easily set up, and you don't need to provision wildcard records, all subdomains or the subdomain provisioned will automatically use the nameservers you define.

Let's Work Together

I solve problems with DevOps, Developer Relations, IoT, and Artificial Intelligence.