Domain Name System (DNS)

The HRZ operates the central nameserver/DNS servers of TU Darmstadt.

General information

Names for computers or services are converted (resolved) into numerical addresses (IP addresses) and vice-versa. This resolution of names is done by using special computers called name servers. This is where the information generated from the computer registration is stored.

HRZ operates central at TU Darmstadt:

2 autoritative nameservers 3 resolvers

Every domain representative at TU Darmstadt can apply for an alias/CName or an MX record under his domain. New names ending with “” require prior approval by the staff unit “Corporate Communications”. A web address must always begin with “www.”.

After submitting the form, the request will first be checked for plausibility and then approved (if necessary) by the staff unit “Corporate Communications”.

ATTENTION: Only domain administrators can request an alias/name with the tool!

Reference to internal servers

Alias entries in which both the “target host” with a registered TU host name and the alias to be entered are within the area of responsibility of a domain registrant, can be requested by domain administrators using the tool for alias administration at

Reference to external servers

The applicant fills in an application form and sends it to the HRZ. The HRZ makes the entry and forwards the form with the relevant information to the HRZ management for countersigning and archiving.

Please note the following:

According to the 'Data processing on order' (paragraph 5 of the form), in the case of data processing on order, a binding agreement should be concluded between the applicant and the external service provider, which should be sent by after signing. In addition, both parties must keep records of the processing activities.

If you have any questions regarding data protection, please contact the .

The central nameservers of TU Darmstadt are operated by HRZ.

If an institute wants to operate its own nameservers, some points must be taken into account during configuration.

Please refer to the following checklist for information on setting up decentralised nameservers.

DNSSEC (Domain Name System Security Extensions) ensures the authenticity and integrity of DNS data.

DNSSEC validation is supported by the three name servers/resolvers ns1, ns2 and ns3. When using the SSID eduroam on the campus of TU Darmstadt, these three resolvers are normally accessed. If the resolvers you use yourself can validate DNSSEC, you can check by visiting

The domain and (almost) all subordinate domains are signed with DNSSEC. You can check this on the page Less technical and easier to use is the DNSSEC/TLSA Validator Browser Plugin (see It shows an icon for DNSSEC or TLSA (Transport Layer Security Association) at the right end of the URL line.

New domains and sub-domains at TU Darmstadt are automatically signed with DNSSEC if it is technically possible. Exceptions are e.g. domains or sub-domains whose authoritative name servers are not operated by HRZ. The activation of DNSSEC for a new domain or sub-domain should normally be completed within 3-5 working days.