Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
As a developer using IONOS Cloud to host your application, you want to automate the entire infrastructure deployment process, including configuring DNS records.
To automate the infrastructure deployment, including DNS records, ensure that you install Terraform on your local machine or CI/CD environment. It streamlines the provisioning process, improves consistency, and reduces manual configuration errors.
Next, configure the IONOS Provider in Terraform, including your authentication credentials; define infrastructure resources for your application, such as virtual servers, networks, and load balancers; configure DNS records for your application; and initialize and apply the Terraform configuration to create the infrastructure.
Terraform provisions the defined resources and sets up the DNS records accordingly. It eliminates the operational overhead and security considerations that control DNS resources residing with a central team. You can also move away from manual, error-prone changes to automation with all its benefits.
IONOS Cloud ensures that the DNS records correctly resolve to the server's IP address and that the application is accessible through the browser. A consistent approach to change management also makes rolling back to previous states easy.
By following these steps, you can manage your infrastructure as code, ensuring reproducibility and easier maintenance of resources consistently and efficiently. The integration with IONOS Cloud DNS allows the dynamic configuration of DNS records to match the infrastructure deployment, minimizing downtime and reducing manual configuration tasks.
Imagine you have a web application hosted on a Managed Kubernetes (K8s) cluster provided by IONOS, which also offers Managed Kubernetes and DNS services. Your application is accessible via Ingress, but the service's IP address is dynamic. You want the domain to automatically point to the current IP address and ensure that Reverse DNS is properly configured.
To enable automatic DNS record updates for a dynamic IP address in a Managed Kubernetes environment while using Ingress and ensure that the application remains accessible at its domain name, you need to deploy the application within the Kubernetes cluster and provision the cluster with the necessary resources.
Following provisioning, deploying an Ingress Controller, and setting up and configuring cloud DNS is crucial. IONOS, the DNS provider, processes the cloud DNS settings, allowing for better reputation and accessibility of the web application.
You can test the deployment by modifying the Ingress resource to verify that ExternalDNS updates the corresponding DNS records correctly. For example, upon changing the service or a host. ExternalDNS automatically updates the DNS record whenever the Ingress resource changes, ensuring the application remains accessible via its domain name without manual intervention.
IONOS Cloud is compatible with any Kubernetes deployment. This compatibility ensures your application users have a seamless experience with minimal disruptions or manual interventions.
By leveraging Ingress and Cloud DNS capabilities, you can ensure that your application remains consistently accessible under its domain name, providing a smooth experience for end users while reducing administrative overhead. For more information, see ExternalDNS for Managed Kubernetes.
The Cloud DNS offers the following key capabilities:
High Availability: The IONOS Cloud DNS infrastructure is designed with redundancy at every level, including multiple DNS servers, network links, power sources, and data centers. This redundancy ensures that if one component fails, another can take over and continue to provide service without interruption.
Fully Managed Service: The DNS infrastructure provides the service as a SaaS model.
Automation: The Cloud DNS API lets you automatically create, update, and delete DNS zones and records.
Global Network: With a distributed network of DNS servers, IONOS provides faster resolution times by serving requests from the nearest location, reducing latency and improving DNS lookup performance.
Fast Propagation: Changes to DNS records propagate quickly, minimizing downtime during updates or migrations.
Access Control for Zones: You can assign permissions based on the roles and responsibilities, thus controlling access to the zone records.
Security: Enhanced security measures, including DDoS protection and DNSSEC, help to protect your domain from attacks and ensure the integrity of the DNS records.
Custom DNS Records: You can create various DNS records, such as A
, AAAA
, CNAME
, MX
, and TXT
, tailored to your specific requirements.
Prerequisite: You need administrative privileges to create and assign user privileges by using the Cloud API.
To set user privileges using the Cloud API for managing DNS zones and records, follow these steps:
Authenticate to the Cloud API using your API credentials.
Create a user using the POST /cloudapi/v6/um/users
endpoint.
Set the following required parameters for the user: user's name
, email address
, and password
.
Create a group using the POST /cloudapi/v6/um/groups
endpoint.
Set accessAndManageDns privilege to true
.
Assign the user to the created group using POST /cloudapi/v6/um/groups/{groupId}/users
endpoint and provide the user ID in the header.
Result: The Access and Manage DNS privilege is granted to the user.
Cloud DNS has a new group privilege called Access and manage DNS. The privilege must be enabled for a group so that the group members inherit this privilege through group privilege settings. Once the privilege is granted, contract users can view the Cloud DNS API.
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to manage DNS zones and records, follow these steps:
In the DCD, open Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the target group name from the Groups list.
Select the Access and manage DNS checkbox in the Privileges tab.
Result: The Access and manage DNS privilege is granted to all the members in the selected group.
You can revoke a user's Access and manage DNS privilege by removing the user from all the groups that have this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Access and manage DNS for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user, and the privileges that were set up for the user before being an administrator will then be in effect.
Note: Only contract administrators, owners, and users with Access and manage DNS privilege can create and manage DNS zones and records. You can set user privileges in the or the .
To create a zone, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS.
Info: The Public Zones section displays the DNS zones already created.
Click Create your first DNS zone in the Public Zones tab to open the Create Primary Zone window.
Info: If you have already created your first zone, but want to configure additional zones, click Create Zone to open the Create Primary Zone window.
Enter the following details in the Create Primary Zone window:
Enabled/Disabled: Set the status to either Enabled (Default) or Disabled.
Name: Enter an appropriate name for your DNS zone.
Description (Optional): Enter an appropriate description for your DNS zone.
Note: When a zone is disabled, its corresponding SOA record is removed, and the zone is no longer associated with IONOS nameservers.
Click Create Zone to create the DNS zone.
The success message for creation provides you the option to copy the IONOS nameservers to configure the domain at your registrar. Alternatively, you can also proceed to create records within the created zone.
Result: Your DNS zone is now created.
After creation, you can view the list of zones and manage them as required.
To view a list of the zones, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Result: A list of all zones with the following details are displayed: — DNS ZONES: Displays the name of the zone. — STATES: Displays the state of the respective zone. — Available: Indicates that the zone is available and healthy. — Provisioning: Indicates that the zone is being created or updated. — Destroying: Indicates that the zone is being deleted. — Failed: Indicates that an error occurred during creation, update or deletion. — ENABLED/DISABLED: Indicates if the zone is currently enabled or disabled. — ACTIONS: Select the three dots to perform the following operations: — Details & Records: Select to view the details of the respective zone and manage its records. — Copy Zone UUID: Copy the UUID of the zone. — Copy endpoint HREF: Copy the Cloud DNS API HREF of the zone. It is especially useful when using the Cloud DNS API for advanced DNS management.
To view details of a given zone, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select the zone to view its details. Alternatively, you can also select Details & Records in the ACTION column to view the details.
In the Details & Records window, select Zone Details.
Result: The following information is displayed in Zone details: — Zone Name: Displays the name of the zone. — Status: Indicates if the zone is Available. — Available: Indicates that the zone is available and healthy. — Provisioning: Indicates that the zone is being created or updated. — Destroying: Indicates that the zone is being deleted. — Failed: Indicates that an error occurred during creation, update or deletion. — Enabled: Displays Yes if the zone is Enabled or No when it is Disabled. — UUID: Displays the UUID of the zone. Click Copy if you want to copy it to the clipboard. — Creation date: Displays the creation date and time of the zone. — Last modified: Displays the last modified date and time of the zone. — Nameservers: Displays the nameservers of the zone. Click Copy if you want to copy it to the clipboard. — Description: Displays the description of the zone.
To update details of a given zone, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select a zone to update its details.
In the Details & Records window:
click Zone Details to view the details. You can click Copy to copy the UUID and the Nameservers to the clipboard.
click Edit zone to make the following changes:
Toggle Enabled/Disabled to enable or disable the zone status.
You can also update the Description (Optional).
Click Update Zone.
Result: The details of your zones are updated.
To delete a given zone, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Delete a zone using the following options:
Delete multiple zones either in bulk or individually by selecting respective checkboxes and clicking Delete.
Select Delete Primary Zone from the ACTIONS column to delete the respective DNS zone.
Click on the specific zone and in the Details & Records window, click Edit zone. Click Delete Zone.
Click Delete in the Delete primary zone confirmation dialog box.
Result: Your zone is deleted.
A DNS zone is mandatory to create a record. For more information, see for detailed instructions.
You must be a contract administrator, owner, or a user with Access and manage DNS privilege to create and manage DNS zones and records. You can set user privileges in the or via the .
To create a record, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select the appropriate zone in the DNS ZONES column to create records. Alternatively, click Details & Records in the ACTIONS column.
Click Create Record in the Details & Records window.
Enter the following details in the Create Record window:
Enabled/Disabled: Set it to either Enabled (by default) or Disabled.
Name: Enter an appropriate name for your DNS record. Leaving the name field empty will result in the creation of an Apex record. You can also provide *
to create a wildcard DNS record.
TTL: Enter an appropriate Time-To-Live (TTL) setting in seconds for your DNS record. The default value is 3600 seconds.
Type: Select one of the following record types: A
, AAAA
, MX
, CNAME
, TXT
, NS
, SRV
, ALIAS
, CAA
, CERT
, DS
, SOA
, HTTPS
, LOC
, OPENPGPKEY
, RP
, SMIMEA
, SSHFP
, SVCB
, TLSA
, and URI
.
Content: Enter the content appropriate to the selected record type.
Preview: Ensure that the details of the record to be created are accurate.
Click Save to create the DNS record.
Result: Your DNS record is now created.
After creation, you can view the list of records of a zone and manage them as required.
To view a list of the records, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select the appropriate zone in the DNS ZONES column to view the records associated with it. Alternatively, click Details & Records in the ACTIONS column.
Result: A list of all records in a zone is displayed. You will see the following details:
— FQDN: Displays the FQDN of the record.
— TYPE: Displays the type of the record: A
, AAAA
, CNAME
, ALIAS
, MX
, NS
, SOA
, SRV
, TXT
, CAA
, SSHFP
, TLSA
, SMIMEA
, DS
, HTTPS
, SVCB
, OPENPGPKEY
, CERT
, URI
, RP
, and LOC
.
— CONTENT: Displays the content of the record type.
— STATE: Displays the state of the respective record.
— Available: Indicates that the record is available and healthy.
— Provisioning: Indicates that the record is being created or updated.
— Destroying: Indicates that the record is being deleted.
— Failed: Indicates that an error occurred during creation, update or deletion.
— ENABLED/DISABLED: Indicates if the record is currently enabled or disabled. You can also toggle the button to enable or disable a record.
— ACTIONS: Select the three dots to perform the following operations:
— Details and Edit: View and update the details of the respective record.
— Copy Record UUID: Copy the UUID of the record.
— Copy endpoint HREF: Copy the Cloud DNS API HREF of the record. It is useful when using the Cloud DNS API for advanced DNS management.
You can view or edit the record details or delete them if they are no longer needed.
To view details of a given record, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select the appropriate zone in the DNS ZONES column to view the associated records. Alternatively, click Details & Records in the ACTIONS column.
Select the appropriate record from the FQDN column to view its details. Alternatively, click Details & Edit in the ACTIONS column.
To update the details of a given record, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select the appropriate zone in the DNS ZONES column to view the records associated with it. Alternatively, click Details & Records in the ACTIONS column.
Select the appropriate record from the FQDN column to view its details. Alternatively, click Details & Edit in the ACTIONS column.
From the Update Record view, you can do the following:
enable or disable the record.
update the TTL, Type or Content of the record as required.
Click Save.
Info: You can click x Delete record to delete the respective record.
Result: The details of your record are updated.
To delete a given record, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Public Zones tab.
Select the appropriate zone in the DNS ZONES column to view the records associated with it. Alternatively, click Details & Records in the ACTIONS column.
You can choose one of the following options to delete records:
From the Details & Records window, delete zone records either in bulk or individually by selecting respective checkboxes and clicking Delete.
Click on the specific record and in the Update Record window, click Delete record.
Select Delete Record to delete the respective record.
Click Delete in the Delete record(s) confirmation dialog box.
Result: Your record is deleted.
Note: Only contract administrators, owners, and users with "accessAndManageDns" privilege can create and manage DNS zones and DNS records via API. You can also set User privileges in the .
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a DNS zone with , follow this step:
Perform a POST request with the domain or subdomain, a description of your DNS zone (optional), and the DNS zone status (enable), true or false.
Result: On a successful POST request, you receive a response containing the DNS zone UUID, Name Servers, and the request status.
202 Successful operation
To retrieve the quota of DNS zones, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
A maps a public IP address and a domain name. A reverse DNS lookup zone contains the attributes that instruct Cloud DNS to perform a Pointer (PTR) lookup against DNS servers to find the domain name mapped to the IPv4 or IPv6 addresses.
For more information about IPv6 configuration in the DCD, see .
Note:
Reverse DNS lookup is supported only for the following:
Public IPv6 addresses assigned to your VDCs.
Reserved IPv4 addresses.
The IPv4 address must be from a reserved IP range. To reserve an IPv4 address, follow these steps:
In the DCD go to the Menu > Network > IP Management.
Enter a name and the number of IPv4 addresses.
Select a region where you want your IPv4 addresses to be reserved.
Select Reserve IP to reserve the IPv4 address.
Select OK to confirm the reservation.
For a reverse DNS record, you can use an IPv6 address that belongs to any of the /56 IPv6 blocks assigned to the VDC and has a prefix length of /128. For example, consider the IPv6 address 2001:db8:1234:5678::1/128, which belongs to a 2001:db8:1234:5678::/56 block. For more information, see .
You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
You must be a contract administrator, owner, or a user with Access and manage DNS privilege to create and manage PTR records. You can also set User privileges via the .
Before creating a Reverse DNS record, it is recommended to create an A or AAAA record for the IP address you want to use for the reverse DNS record. For more information, see .
Sub-users can create Reverse DNS records for IPv4 addresses only if the user group they belong to has access to the concerned reserved IP block. For more information, see .
To create a PTR record for a reverse DNS, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS.
Select the Reverse DNS tab and click Create PTR Record to create records.
Enter the following details in the Create PTR record window:
IP Version: Choose either IPv4 or IPv6 address based on the need.
IP Address:
If you have chosen an IPv4 version, your reserved IPv4 addresses will appear in the drop-down list. Select an IPv4 address from the reserved list of addresses.
For an IPv6 version, specify an IPv6 address and ensure that it belongs to any of the /56 IPv6 blocks assigned to the VDC and has a prefix length of /128.
Name: Enter a name or a sub-domain that must be mapped to the IP address.
Description (Optional): Enter an appropriate description for your reverse DNS zone.
Click Create PTR Record to create the PTR record.
Result: Your PTR record creation is successful.
To view a list of PTR records, do the following:
In the DCD, go to Menu > Network > Cloud DNS > Reverse DNS tab.
You can update the domain or sub-domain name associated with the PTR record or the description of the PTR record. Follow these steps to update a PTR record:
In the DCD, go to Menu > Network > Cloud DNS > Reverse DNS tab.
You can follow either of these options to update a record:
Select the corresponding IP address from the IP ADDRESS column.
Select Details & edit from the drop-down list in the ACTIONS column.
Modify the Name and Description, if necessary.
Select Update PTR record to save the changes.
To delete a PTR record, follow these steps:
In the DCD, go to Menu > Network > Cloud DNS > Reverse DNS tab.
Click Delete from the ACTIONS column to delete the corresponding PTR record.
Alternatively, to delete a specific PTR record, you can also do the following:
Select the corresponding IP address from the IP ADDRESS column or select Details & edit from the drop-down list in the ACTIONS column.
Click Delete in the Update PTR record window.
Select Delete in the Delete PTR record? dialog box to confirm deletion.
Result: The selected PTR record is successfully deleted.
The lets you manage DNS zones and records programmatically using conventional HTTP requests.
Prerequisite: To start using the Cloud DNS API, you need a domain name. If you do not have one already, get a domain name and register it with a domain registrar.
On successful registration of the domain name, you can now assign more users with the privilege to manage DNS zones and records via the API. By default, only contract owners and administrators have permission to use the Cloud DNS API.
To set user privileges via the API, see .
On assigning user privileges, continue with the following API How-Tos:
If you already have a primary zone hosted elsewhere, you can to improve reliability, redundancy, load balancing, and performance.
Additionally, try the following features for your primary zones hosted in Cloud DNS:
Similar to creating a DNS zone, you need to provide the UUID of the DNS zone to host the new record.
Note: DNS records are further categorized into various record types, each with unique specifications. For more information, see .
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a DNS zone of Type A, follow this step:
Perform a POST request with these details:
corresponding UUID of the DNS zone,
name of the subdomain; example: www
record type; in this case: A,
content or destination of the A record in the form of an IPv4 address; example: 1.1.1.1
TTL you need (minimum 60 seconds and maximum 86.400 seconds), and
status of the DNS record (enable), true or false.
Result: On a successful POST request, you receive a response with the DNS record having the UUID assigned.
Info: If you want to create a Wildcard DNS record, you need to provide “*” as the name of your DNS record to match the requests for all non-existent names under your DNS zone name.
202 Successful operation
To retrieve the quota of DNS records, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
IONOS Cloud DNS lets you publish zones of your domains and subdomains on public Name Servers. You can create and manage DNS for your IPv4 and IPv6 addresses to enable lookups. You can manage the public DNS zones, their associated zone records, and PTR records via the and the .
The following operations can be performed only via the API:
import and export DNS zone files
create secondary DNS zones
enable DNSSEC keys for DNS zones
With IONOS Cloud Domain Name System (DNS), you can publish your domain names to the global DNS. The feature is built around the concept of DNS zones and records that can be managed through both the and the including an option to grant additional users with privileges to manage these DNS zones and records.
DNS: Refers to a system that converts domain names into IP addresses. The DNS translates domain names into numeric IP addresses that computers can understand and use to access websites or other internet resources.
Name Servers: Name Servers or DNS Servers are parts of the computer's DNS infrastructure and store DNS records for a particular domain name. They provide information about the IP address or other resources associated with a domain name. When you request access to a domain, your device queries the domain's name servers to resolve the corresponding IP address.
DNS Zone: A DNS zone is an administrative unit that contains DNS records for a specific domain. It specifies the authoritative DNS servers for that domain and their IP addresses.
DNS Record: A DNS record is a set of instructions stored on DNS servers that maps domain names to IP addresses and vice versa. They are used to help route internet traffic, provide email services, and facilitate other internet functions. DNS records come in various formats, such as Address (A), IPv6 Address record (AAAA), Canonical Name (CNAME), Mail Exchange (MX), Text (TXT), and so on. Every DNS record has a type (name and number), an expiration time (time to live (TTL)), and type-specific information.
Reverse DNS: Reverse DNS is a method of resolving an IP address to a domain name. It is the opposite of the standard DNS lookup, which resolves a domain name to an IP address. You can verify the authenticity of an IP address by checking whether the hostname associated with the IP address matches the expected domain. Reverse DNS operates through PTR (Pointer) records, which are special DNS records.
PTR records: A PTR record contains a hostname associated with an IP address. It is a crucial tool for security and spam prevention. Network administrators and email servers rely on reverse lookups to verify the legitimacy of incoming connections. For instance, email servers use reverse DNS to authenticate the sender's IP address against its claimed domain, effectively filtering out suspicious or fraudulent emails. In short, reverse DNS with PTR records provides a robust layer of verification and security by accurately matching IP addresses with hostnames, thereby ensuring the reliability and trustworthiness of network connections.
Secondary DNS Zone: A secondary DNS zone is a read-only copy of a primary DNS zone. It holds the same DNS records for a domain and helps distribute the load and ensure redundancy. If the primary DNS server experiences issues, the secondary zone can still provide accurate DNS information, ensuring continuous availability for domain name resolution.
DNSSEC Keys: DNSSEC keys are cryptographic keys used to enhance the security of the DNS. DNSSEC keys are generated as pairs: a private key and a corresponding public key. The private key is kept secure, while the public key is shared in DNS records. These keys are crucial for validating DNS responses, preventing tampering, and ensuring the security of DNS information.
Time-to-live (TTL): TTL is a DNS record setting that specifies how long a DNS resolver should cache the results of a query before querying the DNS server again for updated information.
Domain Registrar: A domain registrar is a company or an organization that manages the registration of domain names on the Internet. The Internet Corporation for Assigned Names and Numbers (ICANN) accredited registrars are responsible for ensuring the accuracy and validity of domain name registrations. Domain registrars include IONOS, Strato, Fasthosts, Arsys, Home.pl, and World4You.
A forward DNS lookup zone converts a name to an IP address or another name. You can use it when you want to resolve a domain name. In the following example, a user sends a domain to the DNS server to find its IP address. The DNS server looks for the relevant IP address mapped to the respective domain and returns the IP address. The forward zone contains all the records of domain names to their IP addresses.
Similarly, you can use a reverse DNS lookup to convert an IP address to a domain name. The DNS server finds the mapped domain name and returns the respective domain name to the user. A reverse DNS lookup zone contains all the records of IP addresses to their domain names.
Reverse lookup zones can be helpful for troubleshooting issues. For example, businesses can use spam filters to track and block IP addresses with a failed reverse DNS lookup or if the lookup contains suspicious keywords.
Similar to retrieving a DNS zone, you need to provide the UUID of the DNS zone that you want to export.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To export an existing zone at IONOS Cloud DNS in a BIND format, follow this step:
Perform a GET request providing the zoneId of your zone.
Result: On a successful GET request, you receive the BIND file with the DNS zone having the UUID assigned.
200 Successful operation
The exported zone file is in BIND format, a widely used format supported by most DNS software, including the BIND DNS server.
The file includes all record types associated with the selected zone, including SOA record, NS record, Service (SRV) record, and configuration information such as TTL values.
An example of a file in BIND format with an updated SRV record is as follows:
Prerequisite: Before creating a secondary DNS zone with IONOS Cloud DNS, ensure that the primary zone is capable of establishing a zone transfer with the secondary DNS server; this means port 53 is open for TCP and UDP connections.
To create a secondary zone on the IONOS Cloud DNS, follow this step:
Perform a POST request to the /secondaryzones
endpoint by providing the zoneName
, description
, and primaryIps
for the IP address of the primary nameserver.
Note: For sending DNS notify messages, Cloud DNS uses following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
Result: On a successful POST request, you receive a response containing the secondary DNS zone UUID, Name Servers, primaryIps, and the request status.
202 Accepted
To retrieve information about all the secondary zones, follow this step:
Send a GET request to the /secondaryzones
endpoint.
Result: On a successful GET request, you receive a response containing all secondary DNS zones.
200 OK
To retrieve information about a specific secondary zone, follow this step:
Send a GET request to the /secondaryzones/{secondaryzoneId}
endpoint.
Result: On a successful GET request, you receive a response containing the secondary DNS zone UUID, Name Servers, primaryIps, and secondary zone status.
To retrieve records information about a specific secondary zone, follow this step:
Send a GET request to the /secondaryzones/{secondaryzoneId}/records
endpoint.
Result: On a successful GET request, you receive a response containing the secondary DNS zone records information: status,content, type, priority, TTL and name.
To modify the description of a secondary zone or update the IP addresses of its primary nameserver, follow this step:
Send a PUT request to the /secondaryzones/{secondaryzoneId}
endpoint.
Result: On a successful PUT request, you receive a response containing the secondary DNS zone metadata with the new updated properties.
202 Accepted
Note: The creation of a secondary zone initiates zone transfer. In case of disrupted network connectivity at this time, you can initiate the zone transfer manually between the primary and secondary (i.e. secondary name server could not access primary nameserver on port 53) zones.
To initiate zone transfer from the primary zone to the secondary zone, follow this step:
Send a PUT request to the /secondaryzones/{secondaryzoneId}/axfr
endpoint.
Note: For sending DNS notify messages, Cloud DNS uses following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
Result: On a successful PUT request, you receive an HTTP response 200 OK.
200 OK
To check zone transfer status, follow this step:
Perform a GET request to /secondaryzones/{secondaryzoneId}/axfr
endpoint.
Result: On a successful GET request, you receive a response for AXFR communication status for each of primaryIps.
200 OK
To delete a secondary zone from the IONOS Cloud DNS, follow this step:
Send a DELETE request to the /secondaryzones/{zoneId}
endpoint.
Result: On a successful DELETE request, you receive an HTTP status 200 Accepted.
200 Accepted
To retrieve the quota of secondary DNS zones, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
You can import a DNS zone from your existing DNS provider to IONOS Cloud.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To import an existing zone to IONOS Cloud DNS, follow these steps:
Create a DNS zone without records.
Perform a PUT request providing the zoneId of the newly created zone and the zone file.
Result: On a successful PUT request, the records provided in the zone file will be added to your DNS zone.
Important: If the zone file you import contains CNAME entries that point to names in another private zone, Azure DNS resolution of the CNAME will fail unless the other private zone is imported or the CNAME entries are modified.
200 Successful operation
The imported file has to be in BIND format, a widely used format supported by most DNS software, including the popular BIND DNS server.
The file should include all the record types associated with the selected zone. The Start of Authority (SOA) and Name Server (NS) records are not to be considered since IONOS Cloud uses its name server configuration.
Notes:
Only contract administrators, owners, and users with accessAndManageDns privilege can create and manage DNS zones and DNS records via the API. You can also set User privileges in the .
Sub-users can create Reverse DNS records only if the user group they belong to has access to the concerned IP block. For more information, see .
supports both IPv4 and IPv6 addresses for Reverse DNS records.
For more information about IPv6 configuration in the DCD see .
You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
Before creating a Reverse DNS record, you must create an A record for the IP address you want to use for the reverse DNS record. For more information, see .
To create a Reverse DNS Record with , follow this step:
Perform a POST request with name, a description of reverse DNS record (optional), and the IP.
Note:
The IPv4 address must be from a reserved IP range. To reserve an IPv4 address, in the DCD go to the Menu > Management > IP Management. Enter a name and the number of IPv4 addresses, and select a region where you want your IPv4 addresses to be reserved. Select Reserve IP to reserve the IPv4 address, and confirm the reservation by pressing OK.
To use an IPv6 address for a reverse DNS record, it needs to belong to any of the /56 IPv6 blocks assigned to the VDC and have a prefix length of /128, that is, 2001:db8:1234:5678::1/128 and belongs to a 2001:db8:1234:5678::/56 block. For more information, see .
Result: On a successful POST request, you receive a response containing the reverse DNS record UUID, type, href, metadata, properties of your reverse DNS record, name, description, and IP address.
200 Successful operation
To create an IPv6 reverse DNS record, perform a POST request to the /reverserecords
endpoint with an IPv6 address in the request body.
200 Successful operation
To retrieve all reverse DNS records, perform a GET request to the /reverserecords
endpoint.
Result: On a successful GET request, you receive a response containing all reverse DNS records.
200 Successful operation
To retrieve a reverse DNS record, perform a GET request to the /reverserecords/{id}
endpoint.
Result: On a successful GET request, you receive a response containing the reverse DNS record UUID, type, href, metadata, and properties of your reverse DNS record, name, description, and IP.
200 Successful operation
To modify a reverse DNS record, perform a PUT request to the /reverserecords/{id}
endpoint.
Result: On a successful PUT request, you receive a response containing the reverse DNS record UUID, type, href, metadata, and properties of your reverse DNS record, name, description, and IP.
200 Successful operation
To delete a reverse DNS record, perform a DELETE request to the /reverserecords/{id}
endpoint.
Result: On a successful DELETE request, you receive a HTTP response 202 Successful operation.
202 Successful operation
To retrieve the quota of reverse DNS records, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
The tutorial guides you through the commonly referred topics in the Cloud DNS:
ExternalDNS: Cloud DNS offers ExternalDNS integration that makes Kubernetes resources discoverable via the public DNS servers. For more information, see tutorial.
Set Up a Secondary Zone: Guides you through how to set up a primary zone in IONOS Cloud Dedicated Core server and a secondary zone with Cloud DNS. For more information, see tutorial.
Enhance Email Deliverability with a Reverse DNS, SPF, and DKIM Record: Guides you through creating a reverse DNS, SPF, and DKIM record for your domain name. For more information, see tutorial.
Issue TLS Certificates using IONOS Cloud Certbot Plugin: Guides you through creating TLS certificates using the IONOS Cloud Certbot Plugin. For more information, see tutorial.
Cloud DNS supports the following record types: A
, AAAA
, CNAME
, ALIAS
, MX
, NS
, SOA
, SRV
, TXT
, CAA
, SSHFP
, TLSA
, SMIMEA
, DS
, HTTPS
, SVCB
, OPENPGPKEY
, CERT
, URI
, RP
, and LOC
.
The following is a brief explanation about the most common record types:
The following are examples of record types and their formats:
Yes, Cloud DNS provides support for both IPv4 and IPv6 addresses.
Yes, IONOS Cloud DNS supports reverse DNS lookup for the following:
Public IPv6 addresses assigned to your VDCs.
Reserved IPv4 addresses.
Default PTR records follow the format ipAAA-BBB-CCC-DDD.pbiaas.com
, whereby AAA-BBB-CCC-DDD
corresponds to the IPv4 octets.
The IONOS Name Server infrastructure is distributed across 14 point-of-presence (POP) locations in Europe and the USA to ensure fast and reliable DNS resolution for users across these locations.
Result: The details of the selected record is displayed in the Update Record view. You will see the following information:
— Enabled/Disabled: Indicates if the record is currently enabled or disabled. You can toggle the button to enable or disable the respective record.
— FQDN: Displays the FQDN of the record.
— TTL: Displays the Time-To-Live (TTL) of the record.
— Type: Displays the type of the record: A
, AAAA
, CNAME
, ALIAS
, MX
, NS
, SOA
, SRV
, TXT
, CAA
, SSHFP
, TLSA
, SMIMEA
, DS
, HTTPS
, SVCB
, OPENPGPKEY
, CERT
, URI
, RP
, and LOC
. To edit the record type, click .
— Content: Displays the content of the record type.
— State: Displays the state of the respective record.
— Available: Indicates that the record is available and healthy.
— Provisioning: Indicates that the record is being created or updated.
— Destroying: Indicates that the record is being deleted.
— Failed: Indicates that an error occurred during creation, update or deletion.
— Record UUID: Displays the UUID of the record.
— Last Modified Date: Displays the last modified date of the record.
— Created Date: Displays the creation date of the record.
— Preview: Displays the preview of the record.
Result: A list of all PTR records with the following details are displayed: — IP ADDRESS: Displays the IP address of the respective PTR record. — NAME: Displays the name of the mapped domain or subdomain. — CREATED DATE: Indicates the date of PTR record creation. — ACTIONS: Select the three dots to perform the following operations: — Details & edit: Select to view the details of the respective PTR record or it, if necessary. — Copy UUID: Copy the UUID of the PTR record. — Copy HREF: Copy the Cloud DNS API HREF of the PTR record. — Delete: Select the option to delete the respective PTR record, and in the Delete PTR record? confirmation dialog box, click Delete to confirm deletion. For more information, see .
Info: You can click Delete to delete the respective PTR record. For more information, see .
To get answers to the most commonly encountered questions about Cloud DNS, see .
id
string
UUID of the newly created DNS zone
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
DNS zone creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS zone update timestamp
2023-03-15T09:58:59.147746133Z
nameservers
array
Name Servers assigned to the DNS zone
"ns-ic.ui-dns.com", "ns-ic.ui-dns.de", "ns-ic.ui-dns.org", "ns-ic.ui-dns.biz"
state
string
State of the request
CREATED
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
id
string
UUID of the newly created DNS record
90d81ac0-3a30-44d4-95a5-12959effa6ee
createdDate
string
DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS record update timestamp
2023-03-15T09:58:59.147746133Z
zoneId
string
UUID of the DNS zone of the DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
fqdn
string
Fully qualified domain name resulting from the record name and the zoneName
*.example.com
state
string
State of the request
CREATED
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
id
string
UUID of the secondary zone
a1bc82de-4cc5-40ca-bfb3-4e93bd9a367c
createdDate
string
Secondary zone creation timestamp
2023-08-04T10:21:32+00:00
lastModifiedDate
string
Secondary zone update timestamp
2023-08-04T10:21:33+00:00
nameservers
array
Name Servers assigned to the secondary zone
"nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz"
state
string
State of the secondary zone
AVAILABLE
description
string
Description of the secondary zone
This is a secondary zone created in IONOS Cloud DNS
primaryIps
array
IP addresses of the primary nameserver
"192.0.2.2" "192.0.2.3"
zoneName
string
Name of the secondary zone
example.com
id
string
UUID of the secondary zone
04706207-a691-4710-902d-10acf5441bf1
createdDate
string
Secondary zone creation timestamp
2023-08-04T13:15:46+00:00
lastModifiedDate
string
Secondary zone update timestamp
2023-08-04T13:15:46+00:00
nameservers
array
Name Servers assigned to the secondary zone
"nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz"
state
string
State of the secondary zone
AVAILABLE
description
string
Description of the secondary zone
This is a secondary zone created in IONOS Cloud DNS
primaryIps
array
IP addresses of the primary nameserver
"192.0.2.2" "192.0.2.3"
zoneName
string
Name of the secondary zone
example.org
id
string
UUID of the secondary zone
04706207-a691-4710-902d-10acf5441bf1
createdDate
string
Secondary zone creation timestamp
2023-08-04T13:15:46+00:00
lastModifiedDate
string
Secondary zone update timestamp
2023-08-04T13:15:46+00:00
nameservers
array
Name Servers assigned to the secondary zone
"nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz"
state
string
State of the secondary zone
AVAILABLE
description
string
Description of the secondary zone
This is a secondary zone created in IONOS Cloud DNS
primaryIps
array
IP addresses of the primary nameserver
"192.0.2.2" "192.0.2.3"
zoneName
string
Name of the secondary zone
example.org
id
string
UUID of the secondary zone
04706207-a691-4710-902d-10acf5441bf1
createdDate
string
Secondary zone creation timestamp
2023-08-04T13:15:46+00:00
lastModifiedDate
string
Secondary zone update timestamp
2023-08-04T13:15:46+00:00
nameservers
array
Name Servers assigned to the secondary zone
"nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz"
state
string
State of the request
AVAILABLE
description
string
Description of the secondary zone
This is a secondary zone created in IONOS Cloud DNS
primaryIps
array
IP addresses of the primary nameserver
192.0.2.2
zoneName
string
Name of the secondary zone
example.org
fqdn
string
Fully qualified domain name resulting from the record name and the zoneName
example.org
rootName
string
Root name of the secondary zone
example.org
content
string
Content of the secondary zone
example.org hostmaster.example.org 2037070192 28800 7200 604800 600
enabled
boolean
Status of the secondary zone
true
name
string
Name of the secondary zone
www
priority
integer
Priority of the secondary zone
0
ttl
integer
TTL of the secondary zone
3600
type
string
Type of a record in the secondary zone
SOA
id
string
UUID of the secondary zone
a1bc82de-4cc5-40ca-bfb3-4e93bd9a367c
createdDate
string
Secondary zone creation timestamp
2023-08-04T10:21:32+00:00
lastModifiedDate
string
Secondary zone update timestamp
2023-08-10T09:32:29+00:00
nameservers
array
Name Servers assigned to the secondary zone
"nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz"
state
string
State of the request
AVAILABLE
description
string
Description of the secondary zone
Changing description and primaryIps for secondary zone example.com
primaryIps
array
IP addresses of the primary nameserver
192.0.2.2, < /br> 192.0.2.4
zoneName
string
Name of the secondary zone
example.com
errorMessage
string
Error message if any
primaryIp
string
Primary IP address
192.0.2.2
status
string
AXFR communication status
OK
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
id
string
UUID of the newly created reverse DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
Reverse DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
Reverse DNS record update timestamp
2023-03-15T09:58:59.147746133Z
name
string
Name of the reverse DNS record
mail.example.com
description
string
Description of the reverse DNS record
The reverse DNS record is used for mail.example.com
ip
string
IP address of the reverse DNS record
192.0.2.2 or 2001:0db8::1
type
string
Type of the reverse DNS record
reverserecord
href
string
URL to the reverse DNS record
id
string
UUID of the reverse DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
Reverse DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
Reverse DNS record update timestamp
2023-03-15T09:58:59.147746133Z
name
string
Name of the reverse DNS record
mail.example.com
description
string
Description of the reverse DNS record
The reverse DNS record is used for mail.example.com
ip
string
IP address of the reverse DNS record
192.0.2.2 or 2001:0db8::1
type
string
Type of the reverse DNS record
reverserecord
href
string
URL to the reverse DNS record
id
string
UUID of the reverse DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
Reverse DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
Reverse DNS record update timestamp
2023-03-15T09:58:59.147746133Z
name
string
Name of the reverse DNS record
mail.example.com
description
string
Description of the reverse DNS record
The reverse DNS record is used for mail.example.com
ip
string
IP address of the reverse DNS record
type
string
Type of the reverse DNS record
reverserecord
href
string
URL to the reverse DNS record
id
string
UUID of the reverse DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
Reverse DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
Reverse DNS record update timestamp
2023-03-15T09:58:59.147746133Z
name
string
Name of the reverse DNS record
mail.example.com
description
string
Description of the reverse DNS record
The reverse DNS record is used for mail.example.com
ip
string
IP address of the reverse DNS record
192.0.2.3
type
string
Type of the reverse DNS record
reverserecord
href
string
URL to the reverse DNS record
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
Record Types
Description
A
The IPv4 address associated with a zone name.
AAAA
The IPv6 address associated with a zone name.
MX
The mail exchange servers for a zone name.
CNAME
An alias for a zone name that allows multiple names to resolve to the same IP address.
TXT
Allows arbitrary text to be associated with a zone name that is commonly used for SPF records and other types of verification.
NS
Specifies the name servers for a zone name.
SRV
Specifies the location of services for a zone name commonly used for Session Initiation Protocol (SIP) and other protocols.
Record Type
Record Name
Record Value
Notes
A
example.com
192.168.1.1
AAAA
example.com
2001:0db8:85a3:0000:0000:8a2e:0370:7334
MX
example.com
mail.example.com
Priority is mandatory
CNAME
www.example.com
example.com
TXT
example.com
v=spf1 mx -all
NS
example.com
ns1.example.com
SRV
_sip._tcp.example.com
10 5060 sipserver.example.com
Priority weight port is mandatory
Explore the key use cases for implementing Cloud DNS.
Learn how to create and manage DNS zones via the DCD.
Learn how to create and manage DNS zones via the API.
Learn how to use the tutorials for common use cases.
Prerequisite: A domain name is necessary to use the Cloud DNS. If you do not have one already, get a domain name and register it with a domain registrar.
Note: By default, only contract administrators and owners can manage the Cloud DNS records and zones using the Cloud DNS API and the DCD.
To facilitate additional users with privilege to manage the DNS zones and records, the DCD offers a new group privilege called Access and manage DNS in the User Manager, under the Privileges tab. Assigning this privilege to a group grants all users within the group the ability to manage Cloud DNS zones and records via the Cloud DNS API or the DCD.
For information on setting Access and manage DNS privilege to a group, see Set User Privileges via the DCD.
The DCD lets you manage DNS zones and records via the graphical user interface.
On assigning user privileges, continue with the following DCD How-Tos:
To connect your domain with Cloud DNS, see Connect Domain Name to Cloud DNS.
Note: Advanced DNS management features like DNSSEC, Secondary zones, and Import/Export of zones is currently only supported via the Cloud DNS API.
Prerequisite: You need a domain name. If you do not have one already, get a domain name and register it with a domain registrar.
To connect your domain name to the IONOS Cloud DNS zone that you created, specify the IONOS Cloud DNS nameservers as the domain's authoritative nameservers.
To connect a domain nameserver to a DNS zone, follow these steps:
Create a DNS Zone for your domain and the associated DNS records.
Save the four nameservers Cloud DNS provided upon creating the DNS zone.
Go to your Domain Registrar and update your domain's nameservers with the four nameservers from the previous step.
Note: Changes to nameservers can take up to 48 hours, but they usually happen much faster.
Result: The domain nameserver is connected to the Cloud DNS.
If you have an infrastructure that uses public DNS records and manage it by defining the required state, you can use Cloud DNS as follows:
Create a DNS Zone with Cloud DNS.
Generate a UUID (v3, v4, and v5 supported) for your DNS record.
Add to your infrastructure a PUT call for the desired record configuration with your UUID and assign it to the corresponding DNS zone ID.
Result: On a successful PUT request,
If the record does not exist, Cloud DNS creates the record with the specified configuration.
If a record already exists but with a different configuration, the record is updated.
202 Successful operation
id
string
UUID of the newly created DNS record
90d81ac0-3a30-44d4-95a5-12959effa6ee
createdDate
string
DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS record update timestamp
2023-03-15T09:58:59.147746133Z
zoneId
string
UUID of the DNS zone of the DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
fqdn
string
Fully qualified domain name resulting from the record name and the zoneName
app.example.com
state
string
State of the request
CREATED
Prerequisite: To sign a zone, you need to first Create a DNS Zone.
To enable DNSSEC keys for a DNS zone at IONOS Cloud DNS, follow these steps:
1. Perform a POST request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone where you want to enable DNSSEC keys.
3. In the request body, provide the key parameters used to sign the zone. These parameters include the signing algorithm, key length for both Key Signing Keys (KSK), Zone Signing Keys (ZSK), NSEC mode (NSEC or NSEC3), and other relevant settings.
Result: The DNSSEC keys for a DNS zone are successfully enabled.
202 Accepted
To retrieve DNSSEC keys for a specific DNS zone at Cloud DNS, follow these steps:
1. Perform a GET request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone you want to retrieve keys for.
Result: The API response contains a list of DNSSEC keys associated with the specified DNS zone.
200 OK
id
string
UUID of the DNSSEC key
98277a78-a6a2-4672-ac9a-a68ca0a8d67a
type
string
Type of the resource
dnsseckeys
href
string
URL of the resource
metadata
object
Metadata of the DNSSEC key
zoneId
string
UUID of the DNS zone
a363f30c-4c0c-4552-9a07-298d87f219bf
items
array
List of DNSSEC keys
keyTag
integer
Key tag of the DNSSEC key
49057
signAlgorithmMnemonic
string
Signing algorithm of the DNSSEC key
RSASHA256
signAlgorithmNumber
integer
Signing algorithm number of the DNSSEC key
8
digestAlgorithmMnemonic
string
Digest algorithm of the DNSSEC key
SHA-1
digestAlgorithmNumber
integer
Digest algorithm number of the DNSSEC key
1
digest
string
Digest of the DNSSEC key
CF58B511B2D8EF99263704A112703586E542E4FA
keyData
object
Key data of the DNSSEC key
flags
integer
Flags of the DNSSEC key
257
protocol
integer
Protocol of the DNSSEC key
3
alg
integer
Algorithm of the DNSSEC key
8
pubKey
string
Public key of the DNSSEC key
AwEAAY6wMNhHk...RIrbLc=
To disable and delete DNSSEC keys for a DNS zone at Cloud DNS, follow these steps:
1. Perform a DELETE request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone from which you want to remove DNSSEC keys.
Result: The DNSSEC keys for the selected DNS zone are successfully disabled. The associated DNSSEC key records for the DNS zone is removed.
202 Accepted
ExternalDNS is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.
The ExternalDNS solution offers the following capabilities:
Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.
Prerequisites: Ensure that you have the following before you begin:
A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
A token from a user with privileges to manage zones and records with Cloud DNS.
An IONOS Managed Kubernetes cluster.
The kubectl installed on your local machine.
The Helm tool for installing a Helm chart.
Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:
Prepare domain name: You need to first Create a DNS Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.
Add Helm chart: Add the Bitnami Helm repository, which contains the official external-dns Helm chart.
Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.
Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:
Deploy application: Follow this step to deploy an application:
Deploy an echo server application by using the file echoserver_app.yaml.
If you want to use a service, you do not need to install an ingress controller. You can install an ingress controller in the cluster and deploy the application with kubectl by using the following command:
Result: The deployment of ExternalDNS on Managed Kubernetes is complete.
You can verify that the application deployed is functioning as expected by using one of the following options.
Check that the echo server app runs on the subdomain you have specified by using the following command:
Expected result:
Check that the new A and TXT records are created by using the following command:
A PTR record is crucial for email servers, establishing Reverse DNS mapping and verifying server IP legitimacy. It's vital for email deliverability, preventing spam flags and contributing to FCrDNS. Servers lacking PTR records may face rejection, impacting delivery. Additionally, SPF records specify authorized email servers, preventing spoofing. DKIM further authenticates outgoing emails, enhancing trust and communication.
This tutorial will guide you on how to install and configure a email server and a PTR, SPF and DKIM records using IONOS Cloud DNS API. The steps we will follow are:
Reserve an IPv4 in your IONOS Cloud setup.
Create an A and MX record for your email server. For information on common record types, see Create records of other types.
Install and configure the email server on a Dedicated Core Server in the IONOS Cloud.
Test the email deliverability from the Dedicated Core Server.
Add a pointer record (PTR), DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) record for your email server.
Test the email deliverability after adding PTR, DKIM and SPF records.
Info:
Pointer Record (PTR): A type of DNS record that maps an IP address to a domain name, commonly used for reverse DNS lookups to verify the authenticity of the sender's domain.
DomainKeys Identified Mail (DKIM): A method for validating the authenticity of email messages by adding a digital signature to the email headers, allowing receiving servers to verify that the message has not been altered and comes from a legitimate sender.
Sender Policy Framework (SPF): A DNS-based email authentication protocol used to prevent email spoofing by specifying which IP addresses are allowed to send emails on behalf of a particular domain. This helps to detect and prevent email fraud.
Switch to IPv6 and configure your email server to use IPv6.
Result: Email deliverability is achieved using reverse DNS, MX, A, DKIM, and SPF records for both IPv4 and IPv6.
To reserve an IPv4 in IONOS Cloud, follow these steps:
1. In the DCD, go to Menu > Network > IP Management.
2. In IP Management, click Reserve IPs, and a new pop-up window appears. Enter the following information:
Name: Enter a suitable name.
Number of IPs: Select the number of IP addresses to be reserved.
Region: Select a region that is the same as the region of your Dedicated Core server. Click Reserve IPs to reserve the IP addresses and confirm the reservation by selecting OK.
3. Exit the IP Management window and return to the IONOS Cloud Workspace.
Result: The IPv4 address is reserved.
1. To create an A record for your email server, follow these steps:
Info: We already own the zone mail.demo-ionos.cloud
and will use it for this tutorial. Previously, we have created a zone demo-ionos.cloud using the IONOS Cloud DNS API. For more information on how to create a zone using IONOS Cloud DNS API, see Create a zone using IONOS Cloud DNS API.
Prerequisite: Make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
2. Create an MX record for demo-ionos.cloud using the IONOS Cloud DNS API:
Result: The A and MX records for your email server are created.
Info: For more information on how to create a record for a zone using IONOS Cloud DNS API, see Create a record for a zone using IONOS Cloud DNS API.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.
5. In the IPv4 Configuration, click Add IP and select the same IP address that you used to create an A record.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "20" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: You can add the below Cloud-Init user data to your server. This will install Postfix, OpenDKIM, and OpenDKIM tools. Replace <your-email-domain>
with your email domain.
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and further click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy one of the IPv4 addresses.
Note: You can now connect to your Dedicated Core Server, and send a test email. The email might be marked as spam, depending on your email provider. At this point, you have configured only A and MX records.
1. Connect to your Dedicated Core Server via ssh
:
2. Test the configuration using the following bash command:
Info: Replace <your-email>@<your-domain>
with your email address.
You should receive an email titled Test Email containing the message This is a test email. However, depending on your email provider, the email might be redirected to your spam folder. For example, the email can be in the spam folder with a note Mail system could not verify that demo-ionos.cloud actually sent this message (and not a spammer).
3. Check the mail.log
file to see the status of the email delivery:
4. Get the public key for the DKIM record:
Info: Public key for the DKIM record can be found in the /mail.txt
file. This is necessary to create the DKIM record.
The output should be similar to something like this:
Here, you need to save the public key for the next step.
Result: You have tested email deliverability with A and MX records.
1. Create a PTR record for your email server using the IONOS Cloud DNS API:
2. Create an SPF record for mail.demo-ionos.cloud
using IONOS Cloud DNS API:
Info:
For your SPF record make sure that instead of mail.demo-ionos.cloud
you use your own domain name.
After creating the PTR record and the SPF record, it might take around 10 minutes to propagate.
3. Create a DomainKeys Identified Mail (DKIM) record for mail.demo-ionos.cloud
using the IONOS Cloud DNS API:
4. Test the email deliverability using the following bash command:
Result: You have created reverse DNS, SPF, and DKIM records for your email server and tested email deliverability.
Info: Replace <your-email>@<your-domain>
with your email address.
Once you have configured your email server to use IPv4, you can now configure your email server to use IPv6.
1. To enable IPv6 for your LAN, select the LAN connection connected to the internet, then select the IPv6 enabled option. Provision your changes.
2. After the changes are provisioned and IPv6 is enabled you can configure your NIC in the Network tab. Provide the following details:
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
MAC: The Media Access Control (MAC) address will be assigned automatically upon provisioning.
LAN: Select a LAN for which you want to configure the network.
Firewall: To activate the firewall, choose between Ingress / Egress / Bidirectional.
IPv4 Configuration: Provide the following details:
Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IPs from the drop-down list. Private IP addresses should be entered manually. The Network Interface Controller (NIC) has to be connected to the Internet.
Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your High Availability (HA) setup.
Firewall: Configure the firewall.
DHCP: It is often necessary to run a Dynamic Host Configuration Protocol (DHCP) server in your VDC (e.g. Preboot Execution Environment (PXE) boot for fast rollout of VMs). If you use your own DHCP server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCP server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
IPv6 Configuration: Provide the following details:
NIC IPv6 CIDR: You can populate an IPv6 CIDR block with prefix length /80 or allow it to be automatically assigned from the VDCs allocated range, by selecting PROVISION CHANGES. You can also choose 1 or more individual /128 IPs. Only the first IP is automatically allocated. The remaining IPs can be assigned as per your requirement. The maximum number of IPv6 IPs that can be allocated per NIC is 50.
DHCPv6: It is often necessary to run your own DHCPv6 server in your Virtual Data Center (VDC) (e.g. PXE boot for fast rollout of VMs). If you use your own DHCPv6 server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCPv6 server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
To create the PTR record, use the automatically assigned IPv6 address from the VDCs allocated range. Continue and select PROVISION CHANGES.
3. Create a PTR record for your mail server using IONOS Cloud DNS API:
Note: Replace 2001:0db8::1
with your own IPv6 address.
4. Create an AAAA record for mail.demo-ionos.cloud
pointing to the IPv6 address that was assigned to your server:
Note: Replace 2001:0db8::1
with your own IPv6 address.
5. You need to alter the SPF record to include the IPv6 address. To update the SPF record, you need to get <spf_record_id>
using:
6. Update the SPF record to include the IPv6 address using:
Note: Replace <IPv4 address of email server>
and <IPv6 address of email server>
with IPv4 and IPv6 addresses of the email server.
7. Login to the email server using the new IPv6 address and test again the email deliverability using:
and send an email:
8. We can check the mail.log
using:
Result: You have switched from IPv4 to IPv6 and tested email deliverability.
This tutorial explains how to set up a secondary DNS zone in IONOS Cloud by running a bind9 server on an Ubuntu operating system. The setup includes the following configuration steps:
Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary DNS zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.
5. IPv4 Configuration: Leave to default values.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and further click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.
Prerequisite: A Dedicated Core server in IONOS Cloud needs to be set up and you must have the IPv4 address of the server.
To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:
1. SSH into the newly created Dedicated Core server.
2. Connect to the newly created server via SSH.
3. Proceed with configuring bind9 and your primary DNS zone.
4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.
Note: For sending DNS notify messages, Cloud DNS uses the following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
5. Create your primary zone.
6. Edit the zone file.
7. Save your changes and quit the Vim editor.
8. Check the configuration, reload bind, and verify that the configured zone is working.
Result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Prerequisite: A Dedicated Core server in IONOS Cloud is set up as a primary nameserver.
To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:
Send a POST request to the /secondaryzones
endpoint.
Result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.
On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:
You can also verify zone transfer status using IONOS Cloud DNS API:
On success response: 200 OK
Result: The zone transfer between primary and secondary zones is successfully verified.
To add a record, follow these steps:
1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:
2. Resolve the new record locally.
3. View the logs which show that a notification is sent to the secondary zone for the new record.
4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.
5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:
Result: A record is successfully added to the primary nameserver.
Transport Layer Security(TLS), is a pivotal security protocol that ensures the encryption of data transmitted between web browsers like Chrome, Firefox, and web servers.
Employing TLS certificates for all hosted content and applications is imperative. It not only safeguards sensitive information but also fosters trust among users by guaranteeing secure communication channels.
Info: To obtain a Let’s Encrypt certificate for your domain, verification of ownership is required. This can be achieved through various methods detailed in the Let’s Encrypt documentation. One commonly used method is the DNS-01 challenge, which necessitates demonstrating control over the domain's DNS by generating a specific value in a TXT record. Utilizing the Certbot plugin facilitates the certificate issuance process by managing TXT records automatically, handling tasks such as creation, removal, renewal, and revocation. Further details on this process can be found in the Certbot documentation.. For more information on Cloud DNS Certbot plugin, see Cloud DNS Certbot GitHub.
This tutorial will guide you on how to install and configure a simple web server, create an A record for that web server using IONOS Cloud DNS API, and create an TLS certificate for your web server using Cloud DNS Certbot. The steps we will follow are:
Reserve an IPv4 in your IONOS Cloud setup.
Set up a Web Server on Dedicated Core Server in IONOS Cloud.
Create an A record for your web server. For information on common record types, see Create records of other types.
Create an TLS certificate for your web server using IONOS Cloud Certbot Plugin.
Add TLS certificate to your web server configuration.
Test your TLS certificate.
Prerequisites:
You have an IONOS account. If you do not have an account, you can create one by visiting the IONOS website.
You have a zone with IONOS Cloud DNS. If you do not have a zone, you can create one using the IONOS Cloud DNS API. For more information, see Create a zone using IONOS Cloud DNS API. We will refer to this zone and zone name as <your-zone>
and <your-zone-name>
, respectively.
Make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
To reserve an IPv4 address in IONOS Cloud, follow these steps:
1. In the DCD, go to Menu > Network > IP Management.
2. In IP Management, click Reserve IPs, and a new pop-up window appears. Enter the following information:
Name: Enter a suitable name.
Number of IPs: Select the number of IP addresses to be reserved.
Region: Select a region that is the same as the region of your Dedicated Core server. Click Reserve IPs to reserve the IP addresses and confirm the reservation by selecting OK.
3. Exit the IP Management window and return to the IONOS Cloud Workspace.
Result: The IPv4 address is reserved.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: It is automatically assigned during the VM creation.
3. LAN: Select the LAN connection that is connected to the internet by default it is LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.
5. In the IPv4 Configuration, click Add IP and select the same IP address that you used to create an A record.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: By default, the value is set to "Auto".
Size in GB: We recommend using 20 for the storage size.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: To install the Nginx web-server, Certbot, and Python3-pip tools, use the following Cloud-Init user data.
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane, and copy one of the IPv4 addresses.
1. To create an A record for your email server, follow these steps:
Info: We already own the zone demo-ionos.cloud
and will use it for this tutorial. Previously, we created a zone demo-ionos.cloud
using the IONOS `Cloud DNS API. For more information on how to create a zone using IONOS Cloud DNS API, see Create a zone using IONOS Cloud DNS API.
Prerequisite: Make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
Result: The A record for your web server is created.
Info: For more information on how to create a record for a zone using IONOS Cloud DNS API, see Create a record for a zone using IONOS Cloud DNS API.
1. Create a credentials.ini
file containing the IONOS Cloud API token. This file must contain ionos_dns_token
key with the value of the access token:
and add the following content:
Save and exit the file.
2. Restrict access to the credentials.ini
file:
3. Create an TLS certificate for your web server using the IONOS Cloud Certbot Plugin:
Flag
Description
--authenticator dns-ionos
Specifies the authenticator plugin to be used.
--dns-ionos-credentials
Specifies the path to the credentials.ini
file.
--dns-ionos-propagation-seconds
Specifies the time to wait for DNS propagation.
--agree-tos
Agrees to the terms of service.
--rsa-key-size
Specifies the size of the RSA key.
-d
Specifies the domain name for which the certificate is issued. Provide the previously created zone name.
4. When prompted, enter the email address for urgent renewals and security notices.
5. The Certbot plugin will automatically create a TXT record in your zone to verify the domain ownership.
6. The Certbot plugin will issue the TLS certificate for your web server. On successful issuance, you will see the following message:
Note: TLS Certificate and Key will be created in /etc/letsencrypt/live/<your-zone>/
folder. For the purpose of this tutorial we used zone demo-ionos.cloud
, therefore TLS Certificate and Key are created in /etc/letsencrypt/live/demo-ionos.cloud/
directory.
Result: The TLS certificate for your web server is issued using the IONOS Cloud Certbot Plugin.
1. Add the TLS certificate to your web server configuration by editing the Nginx configuration file:
2. At the beginning of /etc/nginx/sites-available/default
file, uncomment the following lines:
3. Add the following lines to the bottom of the server
block:
4. Your /etc/nginx/sites-available/default
file should look like this:
5. Save and exit the file.
6. Restart the Nginx service:
7. Verify the Nginx service status:
Result: The TLS certificate is added to your web server configuration.
1. To test your TLS certificate, open a web browser and enter the URL https://<your-zone-name>
.
Result: The TLS certificate is successfully installed, and your web server is secure.
Let's Encrypt certificates are valid for 90 days.
1. To manually renew your TLS certificate using the IONOS Cloud Certbot Plugin, you can do it manually by issuing the following command:
2. To automate the renewal process, you can set up a cron job to run the renewal command automatically. For more information on how to set up automated renewals, see the Certbot documentation page.
Result: Your TLS certificate is renewed successfully.