Summary
DKIM records can be aliased using CNAME records, often pointing to an ESP's servers, allowing the ESP to handle DKIM key rotation. Cloudflare and other DNS services may flatten CNAMEs to A records for proper DKIM function. NS delegation involves handing off a subdomain to another party, enabling distributed management of DNS zones and promoting service portability. Although aliasing DKIM is possible, the final destination may still be visible in DNS lookups. Implementing NS delegation can be challenging due to client DNS knowledge and action requirements. Proper planning for distributed responsibilities when utilizing NS Delegation is essential.
Key findings
- DKIM Aliasing via CNAME: DKIM records can be aliased using CNAME records, simplifying management through ESPs.
- NS Delegation Explained: NS delegation provides control of a subdomain's DNS records to a third party.
- CNAME Flattening: CNAME flattening resolves CNAMEs to A records, ensuring proper DKIM functionality.
- Benefits of NS Delegation: NS delegation enables service portability, separation of responsibilities, and distributed DNS management.
- Service Portability: Service Portability is achieved because you can switch service provider at any time by changing the DNS at your DNS provider without affecting the client.
Key considerations
- Hidden Destination: Aliasing DKIM records might not completely hide the underlying service provider in DNS lookups.
- Client Involvement: Getting clients to implement NS delegation can be challenging; ensure they understand the process.
- Proper DKIM: If you are using CNAME for DKIM make sure that the ESP manages the key rotation effectively.
- Distributing Managment: When delegating responsibilities across teams, create proper processes and documentation so each team can correctly manage their subdomains.
- Matching Subdomains: When configuring a CNAME record, the subdomain must 100% match your provider's settings in order to properly configure DKIM or SPF
What email marketers say
9 marketer opinions
DKIM records can be aliased using CNAME records, allowing ESPs to manage DKIM key rotation. NS delegation enables handing off control of a subdomain to a third party, facilitating service portability and separation of concerns. It allows a third party to manage all DNS records for that subdomain. CNAME records point a domain name to another domain name, updating automatically when the target IP address changes. CNAME flattening resolves CNAME records to A records, essential for certain DNS configurations. NS delegation separates DNS management responsibilities among different teams or organizations.
Key opinions
- DKIM Aliasing: DKIM records can be aliased using CNAME records, enabling ESPs to manage DKIM configurations.
- NS Delegation Purpose: NS delegation allows handing off control of a subdomain to a third party for independent DNS management.
- CNAME Use Case: CNAME records point a domain to another domain, ensuring automatic IP address updates.
- CNAME Flattening: CNAME flattening resolves CNAME records to A records for correct DNS configurations.
- NS Delegation Benefit: NS delegation facilitates service portability and separation of DNS management responsibilities.
Key considerations
- CNAME vs A Records: Use CNAME records when pointing to a domain name rather than a static IP address, allowing for automatic updates.
- Service Portability: NS delegation can be employed to switch between different providers without DNS changes for users.
- Delegation Management: NS delegation needs careful management to ensure the third party manages all the DNS records properly for that subdomain.
- DKIM Configuration: When using CNAME for DKIM aliasing ensure the ESP can manage DKIM key rotation effectively.
- Domain Apex: Consider CNAME flattening if a domain apex needs to point to a service providing only an IP address.
Marketer view
Email marketer from Web Hosting Talk mentions that NS delegation can be used for service portability. By delegating a subdomain to your own name servers, you can switch between different providers without requiring your users to change their DNS settings. This gives you more flexibility and control over your infrastructure.
19 Dec 2023 - Web Hosting Talk
Marketer view
Email marketer from StackExchange explains that CNAME flattening is a technique used by DNS providers to automatically resolve CNAME records to their underlying A records. This is important for certain DNS configurations, such as when a domain apex (e.g., example.com) needs to point to a service that only provides an IP address.
28 May 2022 - StackExchange
What the experts say
3 expert opinions
NS delegation involves handing off a subdomain to another party, allowing them to manage DNS records. This can separate responsibilities, but getting clients to implement NS delegation can be challenging. When aliasing DKIM records via CNAME, the ultimate destination (e.g., SendGrid) can still be visible upon record lookup.
Key opinions
- NS Delegation Definition: NS delegation gives control of a subdomain's DNS records to another entity.
- NS Delegation Purpose: NS delegation can be used to separate concerns and allow different systems to manage the zone.
- DKIM Aliasing Visibility: Aliasing DKIM records might not fully hide the underlying service provider (e.g., SendGrid).
Key considerations
- Client Implementation: Implementing NS delegation can be difficult due to client involvement and DNS knowledge.
- Record Visibility: When using CNAME records, be aware that a complete DNS lookup can reveal the final destination.
- Management of Delegated Subdomain: When delegating NS records you are handing off control of all DNS record management on the delegated subdomains.
Expert view
Expert from Email Geeks warns that getting clients to actually do NS delegation can be a pain, despite it being a better approach.
23 Feb 2023 - Email Geeks
Expert view
Expert from Email Geeks explains that if you look up the record, it will end up at SendGrid, so it is hidden but not completely. Regarding NS Delegation NS just means your team needs to manage all the DNS records for your clients. The client sets up the NS record pointing to your DNS servers, and you manage all the DNS beyond that.
7 Nov 2024 - Email Geeks
What the documentation says
6 technical articles
DKIM records can be aliased using CNAME records, pointing to ESP's servers. Cloudflare flattens these CNAMEs to A records for correct DKIM function. NS records delegate authority for a domain/subdomain to specific name servers, enabling distributed DNS management. DKIM relies on DNS to store public keys for signature verification. AWS Route 53 also supports subdomain delegation to other DNS services using NS records.
Key findings
- DKIM with CNAME: DKIM records are often implemented with CNAME records pointing to ESP servers.
- CNAME Flattening: Cloudflare automatically flattens DKIM CNAME records to A records for functionality.
- NS Delegation: NS records delegate authority of domain/subdomain to name servers, enabling distributed management.
- DKIM and DNS: DKIM relies on DNS to store public keys for signature verification.
- Subdomain Delegation on AWS: AWS Route 53 supports subdomain delegation using NS records to different DNS providers.
Key considerations
- CNAME Compatibility: Ensure your domain provider supports CNAME records when implementing DKIM.
- DNS Zone Management: NS delegation allows for distributed management which allows you to manage DNS zones accross multiple entities.
- Distributed Management: NS Delegation will require consideration of how each entity will handle DNS requirements such as TTLs, A records and more.
Technical article
Documentation from DigitalOcean shares that NS records are used to delegate a zone (domain or subdomain) to a set of name servers. When a DNS resolver queries a domain, it uses the NS records to determine which name servers are authoritative for that domain, and thus, where to find the relevant DNS records.
13 Oct 2022 - DigitalOcean
Technical article
Documentation from RFC Editor explains that Name Server (NS) records are used to delegate authority for a domain or subdomain to a specific set of name servers. This delegation allows for distributed management of DNS zones, where different parts of the domain can be managed by different entities.
15 Nov 2024 - RFC Editor
Are people using 4096-bit DKIM keys, and what is the recommended DKIM key length?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
Do DKIM selectors affect email reputation?
Does the DKIM domain need to align with the List-Unsubscribe domain?
How do I find the DKIM selector for my domain in Dmarcian or Hubspot?
How do I set up DKIM on G Suite for outgoing mail, especially when using multiple email services?
