Domain Delegation
On This Page:
Note: Domain Delegation is scheduled to be deprecated soon and will be replaced with a new option in DNS Management available now. For more information, see Manage DNS Zone and look for the new option,
Allow HTTP Load Balancer Managed Records
.
Objective
This guide provides instructions on how to delegate your DNS domain to F5® Distributed Cloud Services using F5® Distributed Cloud Console (Console). Delegating your domain enables Distributed Cloud Services to manage the domain and be the authoritative domain name server for your domain. Distributed Cloud Services check the DNS domain configured in the virtual host and verifies that the tenant owns that domain.
Using the instructions provided in this guide, you can perform the following:
-
Create a delegated domain in Console
-
Update TXT and NS records in your domain records
Distributed Cloud Services perform periodic domain verification.
Prerequisites
The following prerequisites apply:
-
A Distributed Cloud Services Account. If you do not have an account, see Create an Account.
-
A DNS domain for your web application. Obtain a domain from the Internet domain registrar.
Configuration
The following image shows the workflow of delegating a domain to Distributed Cloud Services:

Configuration Sequence
Delegating your domain to Distributed Cloud Services requires you to perform the following sequence of actions.
Steps | Description |
---|---|
Create Delegated Domain | Log into Console and create a delegated domain object. |
Update Records in Your Domain | Log into your domain and update the records for Distributed Cloud Services to manage your domain. |
The following video presents the domain delegation workflow:
Create Delegated Domain
Delegating your domain for Distributed Cloud Services to manage requires you to create a delegated domain object in Console.
Note: A valid and functioning domain is a prerequisite for creating a delegated domain object in Console.
Step 1: Navigate to delegated domains.
-
Log into Console.
-
Click
DNS Management
.

- Click
Add delegated domain
.

Step 2: Create the delegated domain object with your domain name.
-
In the
Domain Name
field, enter the name for your domain per the DNS 1035 standard. Ensure that this is a valid and functional domain. -
In the
Domain Method
menu, selectManaged by Distributed Cloud
. -
Optionally, select
Enable
from theDNSSEC Mode
menu to enable DNS security. -
Click
Save and Exit
to complete creating the delegated domain object.

Note: A random TXT string is generated for the created object and the verification status is set to
DNS_DOMAIN_VERIFICATION_PENDING
.
- Click
Copy value
to copy the string for use in updating TXT records in your domain.

Update Records in Your Domain
Creating a delegated domain generates a text string for that object in Console. Update your domain records by adding a TXT record with the created string and by adding an NS record for resolving to Distributed Cloud Services as the authoritative server.
Step 1: Log into your domain and add TXT record.
-
Login to your domain.
-
Navigate to domain records.
-
Add a TXT record per the following guidelines:
-
Set the name with the name you configured for the delegated domain object in the previous chapter.
-
Set type as
TXT
and value as the TXT value of the delegated domain object created in the previous chapter.
-
Once the TXT record is added, Distributed Cloud Services periodically tries to verify the TXT record. Once a matching TXT record for the delegated domain is found, the status is set to DNS_DOMAIN_VERIFICATION_SUCCESS
. Verification is a one-time process. After the verification process is completed, the delegated domain remains in this state until the object is deleted. You can also trigger the verification from Console by navigating to your delegated domain and selecting Verify
. In the popup window that appears, click Start verification
.

Note: The domain record propagation from your host domain may take a few minutes.
If you have enabled DNSSEC
as part of the domain created, then the DNSSEC DS Record
column displays the DS record.
-
Click on the
Dnssec DS Record
column entry and then clickCopy DS Record
to copy the DS record information. -
Add the same in your DNS domain parent zone.
Step 2: Add NS record.
Distributed Cloud Services use NS1 as the managed DNS platform when delegating a domain. A zone is added for the configured and verified domain and is retained until the delegated domain persists.
Note: You must configure the parent domains with the NS records pointing to this address to resolve the delegated domain records.
Perform the following to add an NS record:
-
Login to your domain.
-
Navigate to domain records.
-
Remove the TXT record added in Step 1.
-
Add an NS record per the following guidelines:
-
Set the name with the name you configured for the delegated domain object in the previous chapter.
-
Set type as
NS
and value as one of the server names of the delegated domain object created in the previous chapter.
-
Note: The server names are displayed in the
Name Servers
field for your delegated domain object in Console.
Note: After delegating your domain to Distributed Cloud Services, the domain name created in the HTTP load balancer gets the Resource Records (RR) created for the delegated domain. For information on creating an HTTP load balancer, see Create HTTP Load Balancer.