Is it possible to create a separate subscription for a subdomain?

Follow

Comments

5 comments

  • Avatar
    Jorge Salazar

    Hi Julian,

     

    Is there any benefit in terms of security to have a subdomain in a different subscription?

     

    I am asking this because I was wondering if a website gets hacked, would be the hacker able to access the subdomain if it is created inside the same subscription rather than in a different one?

    Regards,

    Jorge

     

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Jorge,

    In case of using separate subscriptions, each domain will have it's own system user. In one subscription there's the same system user for all subdomains.

    As a result, if all subdomains are in the same subscription, gaining access to subscription user will provide access to all subdomains, which may be considered as less secure.

    However, the common practice is to have subdomains in the same subscription.

    The following steps are usually sufficient:
    https://support.plesk.com/hc/en-us/articles/115000626925-How-to-secure-a-Plesk-server

    0
    Comment actions Permalink
  • Avatar
    Robin Labadie

    Well, this article is lacking two pieces of information:

    - This way of adding a subdomain counts as a domain addition regarding your Plesk license.
    - You need to manually disable the subdomain's DNS zone, then add the subdomain to your domain's DNS zone.

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    @Robin Labadie I'm agree with the first point, it should be noted. Regarding the second one - it is not required, the separate zone file will be created in bind, just check it - fully resolvable. 

    0
    Comment actions Permalink
  • Avatar
    Robin Labadie

    Lev Iurev

    I've just tested again and I think I've found the reason why it doesn't work in some cases. Upon testing, DNS resolution was working from a server but not another.

    It's because my domain has DNSSEC enabled (classic method, within Plesk and my registrar), and this method breaks DNSSEC for the said subdomain. Therefore, client DNS servers (the ones used to query) that verify DNSSEC keys will show a failure, and others will just work normally.

    So it could be noted that if this method is applied on a domain that uses DNSSEC, it is still required to disable the newly created (sub)domain's DNS zone and manually add the corresponding to the main DNS zone. :)

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request