Does DNS allow third parties to register subdomains?

Short answer: No, third parties can't register a subdomain without authorization from the owner of the domain.

DNS is a hierarchical system, ordered from right to left in the hostname. Whoever has a given domain name registered controls the authoritative name servers for that domain. This means that all queries (that aren't answered from cache) for that domain or one of its subdomains will be directed to that organization's DNS servers, giving them full control over all subdomains. They can, of course, choose to delegate this control to someone else if they wish.

For example, if I were to register, if someone queries (and no cache is involved,) what would happen is this:

Their DNS server would first ask the root servers for the first domain from the right, i.e. com. They would be returned a DNS NS record telling them the authoritative name server for com.

Their DNS server would then submit a request to the com authoritative name server that it discovered from the previous request for It would again get an NS record response telling it the authoritative nameserver for

Their DNS server would now submit a request to's authoritative name server for Since I would own, I would have full control over this authoritative name server. It would either be a server that I myself own or one that is hosted by a third party on my behalf. The only subdomains that could possibly be returned (authoritatively) for this domain are the ones I myself have created records for on that authoritative name server. The only way for someone else to register a subdomain of would then be for them to ask me to set it up for them, since I own the authoritative name server for and all requests for its subdomains would be funneled through my server.

If I did want to delegate control of some subdomain to someone else, I would do it exactly the same way my registrar delegated control of to me: with an NS record. By adding an NS record for to's authoritative name server, I can authoritatively direct requests for and any of its subdomains to the name server listed in that NS record, which would be controlled by the organization to whom I delegated control of that subdomain. I could revoke this delegation at any time by removing or altering that NS record.

By the way, 'www' is not treated specially by DNS. It's just another host name in its domain's authoritative DNS server. It's only by convention that we put the host (A or AAAA) record for that organization's web server there. The A record for and both most likely lie on the same server:'s DNS server.

Note: This answer has intentionally simplified things a bit for the case of someone requesting a DNS record from the Internet. If a request for a domain comes from within the domain's organization, the request will likely be resolved directly by the organization's name servers without going up the chain to, the TLD's name servers, etc. In this case, a host name could potentially even resolve to something different than what it would resolve to from the Internet, if the organization so chooses.

Welcome to Security!

The case of educational/government intitutions is a particular case of subdomaining. Basically ICANN, who rules the Internet top names, delegated maangement of the .au TLD to Australian government (to make it simply simple). But since .edu and .gov (et similia) are owned by US for historical reasons, Australia, like some other countries, had no choice than to manage its own dedicated Educational subdomain under .au. Other examples are, etc. that made similar choices.

If you use whois Linux tool you can find interesting information. I have summarized its output

:~> whois au
% IANA WHOIS server
% for more information on IANA, visit
% This query returned 1 object

domain:       AU

organisation: .au Domain Administration (auDA)
address:      Lv 17
address:      1 Collins St
address:      Melbourne VIC 3000
address:      Australia

:~> whois
Domain Name: EDU.AU
Registry Domain ID: D407400000002449554-AU
Registrar WHOIS Server:
Registrar URL:
Last Modified:
Registrar Name: Afilias Australia Pty Ltd

:~> whois
Domain Name: SYDNEY.EDU.AU
Registry Domain ID: D407400000000057080-AU
Registrar WHOIS Server:
Registrar URL:
Last Modified: 2018-07-17T00:59:06Z

Each subject in the chain is responsible for allowing parties to register subdomains. For example, if your Science department wants to register a subdomain, they must inquire Education Services Australia.

Experiment: try to register on GoDaddy: they are not allowed to sell you that

Experiment 2: offers me to register for 41 AUD. Looks like too public in my opinion as you may claim yourself to be an educational institution in Australia if you can just pay for a domain.

Comment: the site shows a "Eligibility details" step of registration, where probably I won't be able to register an Australian educational domain because I lack authority to register under eu. I haven't bothered trying to push the wizard forward.

Experiment 3 (which answers the security question) does NOT allow me to register because

Requires applicant to have national interests and resposibilities or be recognized and delivering services in more than one state or territory

Example domain search


You can never apply for your favourite sub-sub domain at a public registrar, because technical reasons require you to pass through the owner of the level-minus-one domain. DNS is hierarchical.

But if the organization owning your third or fourth level domain (like in the example) flaws in filtering domain applications, that is their own organizational problem and is not a flaw in the DNS system.

The DNS registrars only care about the registration of the primary domain, i.e. They don't care about any sub-domains like or and similar. These are in full control of the organisation which owns the primary domain, which also might decide to delegate control over these domains or some of these domains to other parties.

Note that a primary domain is not necessarily the domain.toplevel but it is domain.publicsuffix where publicsuffix can be things like com but also For more information about these see