Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
IONOS Cloud DNS lets you publish Domain Name System (DNS) zones of your domains and subdomains on public Name Servers. You can manage your DNS zones and records via the Cloud DNS API.
With IONOS Cloud DNS, you can import and export DNS zone files, create secondary DNS zones, enable DNSSEC keys for DNS zones, and manage DNS records. You can also use the Cloud DNS API to create and manage Reverse DNS records for your IPv4 addresses.
The IONOS Name Server infrastructure is distributed across 14 point-of-presence (POP) locations in Europe and the USA to ensure fast and reliable DNS resolution for users across these locations.
Learn how to set Access and Manage DNS privilege to users via the DCD.
Learn how to set access and manage DNS privileges for users via the Cloud DNS API.
Learn how to create a DNS zone via the Cloud DNS API.
Learn how to create a DNS record with UUID of the DNS zone via the Cloud DNS API.
Learn how to create and manage a Reverse DNS record via the Cloud DNS API.
Learn how to connect a domain name server to Domain Name System (DNS) zones.
Learn how to manage non-existing DNS Records via the Cloud DNS API.
Learn how to import an existing DNS zone file to IONOS Cloud DNS via the Cloud DNS API.
Learn how to export a DNS zone file by using the UUID of the DNS zone via the Cloud DNS API.
Learn how to create a secondary DNS zone via the Cloud DNS API.
Learn how to retrieve DNSSEC Signing Keys via the Cloud DNS API.
Learn how to use ExternalDNS to make Kubernetes resources discoverable via the public DNS servers.
Learn how to create a primary zone in IONOS Cloud Dedicated Core server and secondary zone via the Cloud DNS API.
Learn how to enhance email deliverability with a reverse DNS record.
The Cloud DNS API lets you manage DNS zones and records programmatically using conventional HTTP requests.
Prerequisite: To start using the Cloud DNS API, you need a domain name. If you do not have one already, get a domain name and register it with a domain registrar.
On successful registration of the domain name, you can now assign more users with the privilege to manage DNS zones and records via the API. By default, only contract owners and administrators have permission to use the Cloud DNS API.
To set user privileges via the API, see Set User Privileges via the API.
On assigning user privileges, continue with the following API How-Tos:
If you already have a primary zone hosted elsewhere, you can Create a Secondary DNS Zone to improve reliability, redundancy, load balancing, and performance.
Additionally, try the following features for your primary zones hosted in Cloud DNS:
Note: Only contract administrators, owners, and users with "accessAndManageDns" privilege can create and manage DNS zones and DNS records via API. You can also set User privileges in the DCD.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a DNS zone with Cloud DNS API, follow this step:
Perform a POST request with the domain or subdomain, a description of your DNS zone (optional), and the DNS zone status (enable), true or false.
Result: On a successful POST request, you receive a response containing the DNS zone UUID, Name Servers, and the request status.
202 Successful operation
To retrieve the quota of DNS zones, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
You can import a DNS zone from your existing DNS provider to IONOS Cloud.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To import an existing zone to IONOS Cloud DNS, follow these steps:
Create a DNS zone without records.
Perform a PUT request providing the zoneId of the newly created zone and the zone file.
Result: On a successful PUT request, the records provided in the zone file will be added to your DNS zone.
Important: If the zone file you import contains CNAME entries that point to names in another private zone, Azure DNS resolution of the CNAME will fail unless the other private zone is imported or the CNAME entries are modified.
200 Successful operation
The imported file has to be in BIND format, a widely used format supported by most DNS software, including the popular BIND DNS server.
The file should include all the record types associated with the selected zone. The Start of Authority (SOA) and Name Server (NS) records are not to be considered since IONOS Cloud uses its name server configuration.
Similar to retrieving a DNS zone, you need to provide the UUID of the DNS zone that you want to export.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To export an existing zone at IONOS Cloud DNS in a BIND format, follow this step:
Perform a GET request providing the zoneId of your zone.
Result: On a successful GET request, you receive the BIND file with the DNS zone having the UUID assigned.
200 Successful operation
The exported zone file is in BIND format, a widely used format supported by most DNS software, including the BIND DNS server.
The file includes all record types associated with the selected zone, including SOA record, NS record, Service (SRV) record, and configuration information such as TTL values.
An example of a file in BIND format with an updated SRV record is as follows:
Note: By default, only contract administrators and owners can manage the Cloud DNS records and zones using the .
To facilitate additional users with permissions to manage the DNS zones and records, the offers a new group privilege called Access and manage DNS in the User Manager, under the Privileges tab. You can grant this privilege to a group via the . By giving this privilege to a group, all users in this group get permission to manage the Cloud DNS zones and records via the Cloud DNS API.
For information on setting Access and manage DNS privilege to a group, see .
Notes:
Only contract administrators, owners, and users with accessAndManageDns privilege can create and manage DNS zones and DNS records via the API. You can also set User privileges in the .
Sub-users can create Reverse DNS records only if the user group they belong to has access to the concerned IP block. For more information, see .
Currently, the supports only IPv4 addresses for Reverse DNS records.
To create a reverse DNS entry for IPv6 addresses, please contact .
You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
Before creating a Reverse DNS record, you must create an A record for the IP address you want to use for the reverse DNS record. For more information, see .
To create a Reverse DNS Record with , follow this step:
Perform a POST request with name, a description of reverse DNS record (optional), and the IP.
Note: The IP address must be from a reserved IP range. To reserve an IP address, click Menu > Management > IP Management. Enter a name and the number of IP addresses, and select a region where you want your IP addresses to be reserved. Click Reserve IP to reserve the IP address, and confirm the reservation by pressing OK.
Result: On a successful POST request, you receive a response containing the reverse DNS record UUID, type, href, metadata, properties of your reverse DNS record, name, description, and IP address.
200 Successful operation
To retrieve all reverse DNS records, perform a GET request to the /reverserecords
endpoint.
Result: On a successful GET request, you receive a response containing all reverse DNS records.
200 Successful operation
To retrieve a reverse DNS record, perform a GET request to the /reverserecords/{id}
endpoint.
Result: On a successful GET request, you receive a response containing the reverse DNS record UUID, type, href, metadata, and properties of your reverse DNS record, name, description, and IP.
200 Successful operation
To modify a reverse DNS record, perform a PUT request to the /reverserecords/{id}
endpoint.
Result: On a successful PUT request, you receive a response containing the reverse DNS record UUID, type, href, metadata, and properties of your reverse DNS record, name, description, and IP.
200 Successful operation
To delete a reverse DNS record, perform a DELETE request to the /reverserecords/{id}
endpoint.
Result: On a successful DELETE request, you receive a HTTP response 202 Successful operation.
202 Successful operation
To retrieve the quota of reverse DNS records, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
If you have an infrastructure that uses public DNS records and manage it by defining the required state, you can use Cloud DNS as follows:
with Cloud DNS.
Generate a UUID (v3, v4, and v5 supported) for your DNS record.
Add to your infrastructure a PUT call for the desired record configuration with your UUID and assign it to the corresponding DNS zone ID.
Result: On a successful PUT request,
If the record does not exist, Cloud DNS creates the record with the specified configuration.
If a record already exists but with a different configuration, the record is updated.
202 Successful operation
Prerequisite: You need a domain name. If you do not have one already, get a domain name and register it with a domain registrar.
To connect your domain name to the IONOS Cloud DNS zone that you created, specify the IONOS Cloud DNS nameservers as the domain's authoritative nameservers.
To connect a domain nameserver to a DNS zone, follow these steps:
for your domain and the associated DNS records.
Save the four nameservers Cloud DNS provided upon creating the DNS zone.
Go to your Domain Registrar and update your domain's nameservers with the four nameservers from the previous step.
Note: Changes to nameservers can take up to 48 hours, but they usually happen much faster.
Result: The domain nameserver is connected to the Cloud DNS.
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
id
string
UUID of the newly created DNS zone
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
DNS zone creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS zone update timestamp
2023-03-15T09:58:59.147746133Z
nameservers
array
Name Servers assigned to the DNS zone
"ns-ic.ui-dns.com", "ns-ic.ui-dns.de", "ns-ic.ui-dns.org", "ns-ic.ui-dns.biz"
state
string
State of the request
CREATED
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
id | string | UUID of the newly created reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
id | string | UUID of the reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
id | string | UUID of the reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
id | string | UUID of the reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
records | string | Number of DNS records | 100000 |
reverseRecords | string | Number of reverse DNS records | 5000 |
secondaryZones | string | Number of secondary DNS zones | 100000 |
zones | string | Number of DNS zones | 50000 |
records | string | Number of DNS records used | 9 |
reverseRecords | string | Number of reverse DNS records used | 1 |
secondaryZones | string | Number of secondary DNS zones used | 6 |
zones | string | Number of DNS zones used | 5 |
id | string | UUID of the newly created DNS record | 90d81ac0-3a30-44d4-95a5-12959effa6ee |
createdDate | string | DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
zoneId | string | UUID of the DNS zone of the DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
fqdn | string | Fully qualified domain name resulting from the record name and the zoneName | app.example.com |
state | string | State of the request | CREATED |
ExternalDNS is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.
The ExternalDNS solution offers the following capabilities:
Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.
Prerequisites: Ensure that you have the following before you begin:
A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
A token from a user with privileges to manage zones and records with Cloud DNS.
An IONOS Managed Kubernetes cluster.
The kubectl installed on your local machine.
The Helm tool for installing a Helm chart.
Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:
Prepare domain name: You need to first Create a DNS Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.
Add Helm chart: Add the Bitnami Helm repository, which contains the official external-dns Helm chart.
Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.
Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:
Deploy application: Follow this step to deploy an application:
Deploy an echo server application by using the file echoserver_app.yaml.
If you want to use a service, you do not need to install an ingress controller. You can install an ingress controller in the cluster and deploy the application with kubectl by using the following command:
Result: The deployment of ExternalDNS on Managed Kubernetes is complete.
You can verify that the application deployed is functioning as expected by using one of the following options.
Check that the echo server app runs on the subdomain you have specified by using the following command:
Expected result:
Check that the new A and TXT records are created by using the following command:
Prerequisite: You need administrative privileges to create and assign user privileges by using the Cloud API.
To set user privileges using the Cloud API for managing DNS zones and records, follow these steps:
Authenticate to the Cloud API using your API credentials.
Create a user using the POST /cloudapi/v6/um/users
endpoint.
Set the following required parameters for the user: user's name
, email address
, and password
.
Create a group using the POST /cloudapi/v6/um/groups
endpoint.
Set accessAndManageDns privilege to true
.
Assign the user to the created group using POST /cloudapi/v6/um/groups/{groupId}/users
endpoint and provide the user ID in the header.
Result: The Access and Manage DNS privilege is granted to the user.
With IONOS Cloud Domain Name System (DNS), you can publish your domain names to the global DNS. The feature is built around the concept of DNS zones and records that are managed primarily through the Cloud DNS API. Along with the API operations, the Data Center Designer (DCD) provisions you with an option to grant additional users with permission to manage these DNS zones and records.
The Cloud DNS offers the following key capabilities:
High availability: The IONOS Cloud DNS infrastructure is designed with redundancy at every level, including multiple DNS servers, network links, power sources, and data centers. This redundancy ensures that if one component fails, another can take over and continue to provide service without interruption.
Fully-managed service: The DNS infrastructure and provides the service as a SaaS model.
Automation: The Cloud DNS API lets you automatically create, update, and delete DNS zones and records.
DNS: Refers to a system that converts domain names into IP addresses. The DNS translates domain names into numeric IP addresses that computers can understand and use to access websites or other internet resources.
Name Servers: Name Servers or DNS Servers are parts of the computer's DNS infrastructure and store DNS records for a particular domain name. They provide information about the IP address or other resources associated with a domain name. When you request access to a domain, your device queries the domain's name servers to resolve the corresponding IP address.
DNS Zone: A DNS zone is an administrative unit that contains DNS records for a specific domain. It specifies the authoritative DNS servers for that domain and their IP addresses.
DNS Record: A DNS record is a set of instructions stored on DNS servers that maps domain names to IP addresses and vice versa. They are used to help route internet traffic, provide email services, and facilitate other internet functions. DNS records come in various formats, such as Address (A), Canonical Name (CNAME), Mail Exchange (MX), Text (TXT), and so on.
Reverse DNS: Reverse DNS is a method of resolving an IP address to a domain name. It is the opposite of the standard DNS lookup, which resolves a domain name to an IP address. You can verify the authenticity of an IP address by checking whether the hostname associated with the IP address matches the expected domain. Reverse DNS operates through PTR (Pointer) records, which are special DNS records.
Secondary DNS Zone: A secondary DNS zone is a read-only copy of a primary DNS zone. It holds the same DNS records for a domain and helps distribute the load and ensure redundancy. If the primary DNS server experiences issues, the secondary zone can still provide accurate DNS information, ensuring continuous availability for domain name resolution.
DNSSEC Keys: DNSSEC keys are cryptographic keys used to enhance the security of the DNS. DNSSEC keys are generated as pairs: a private key and a corresponding public key. The private key is kept secure, while the public key is shared in DNS records. These keys are crucial for validating DNS responses, preventing tampering, and ensuring the security of DNS information.
Time-to-live (TTL): TTL is a DNS record setting that specifies how long a DNS resolver should cache the results of a query before querying the DNS server again for updated information.
Domain Registrar: A domain registrar is a company or an organization that manages the registration of domain names on the Internet. The Internet Corporation for Assigned Names and Numbers (ICANN) accredited registrars are responsible for ensuring the accuracy and validity of domain name registrations. Domain registrars include IONOS, Strato, Fasthosts, Arsys, Home.pl, and World4You.
Cloud DNS has a new group privilege called Access and manage DNS. The privilege must be enabled for a group so that the group members inherit this privilege through group privilege settings. Once the privilege is granted, contract users can view the Cloud DNS API.
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to manage DNS zones and records, follow these steps:
In the DCD, open Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the target group name from the Groups list.
Select the Access and manage DNS checkbox in the Privileges tab.
Result: The Access and manage DNS privilege is granted to all the members in the selected group.
You can revoke a user's Access and manage DNS privilege by removing the user from all the groups that have this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Access and manage DNS for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user, and the privileges that were set up for the user before being an administrator will then be in effect.
Similar to creating a DNS zone, you need to provide the UUID of the DNS zone to host the new record.
Note: There are various record types for DNS records, and each of them has unique specifications.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a DNS zone of Type A, follow this step:
Perform a POST request with these details:
corresponding UUID of the DNS zone,
name of the subdomain; example: www
record type; in this case: A,
content or destination of the A record in the form of an IPv4 address; example: 1.1.1.1
TTL you need (minimum 60 seconds and maximum 86.400 seconds), and
status of the DNS record (enable), true or false.
Result: On a successful POST request, you receive a response with the DNS record having the UUID assigned.
Info: If you want to create a Wildcard DNS record, you need to provide “*” as the name of your DNS record to match the requests for all non-existent names under your DNS zone name.
202 Successful operation
Create records of other types Cloud DNS supports the following record types: A, AAAA , CNAME, ALIAS, MX, NS, SOA, SRV, TXT, CAA, SSHFP, TLSA, SMIMEA, DS, HTTPS, SVCB, OPENPGPKEY, CERT, URI, RP and LOC.
Here is a brief explanation of the most common record types:
A: Specifies the IPv4 address associated with a zone name.
AAAA: Specifies the IPv6 address associated with a zone name.
MX: Specifies the mail exchange servers for a zone name.
CNAME: Specifies an alias for a zone name, allowing multiple names to resolve to the same IP address.
TXT: Allows arbitrary text to be associated with a zone name that is commonly used for SPF records and other types of verification.
NS: Specifies the name servers for a zone name.
SRV: Specifies the location of services for a zone name that is commonly used for Session Initiation Protocol (SIP) and other protocols.
Here you can see examples of records with different record types:
To retrieve the quota of DNS records, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
Prerequisite: To sign a zone, you need to first .
To enable DNSSEC keys for a DNS zone at IONOS Cloud DNS, follow these steps:
1. Perform a POST request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone where you want to enable DNSSEC keys.
3. In the request body, provide the key parameters used to sign the zone. These parameters include the signing algorithm, key length for both Key Signing Keys (KSK), Zone Signing Keys (ZSK), NSEC mode (NSEC or NSEC3), and other relevant settings.
Result: The DNSSEC keys for a DNS zone are successfully enabled.
202 Accepted
To retrieve DNSSEC keys for a specific DNS zone at Cloud DNS, follow these steps:
1. Perform a GET request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone you want to retrieve keys for.
Result: The API response contains a list of DNSSEC keys associated with the specified DNS zone.
200 OK
To disable and delete DNSSEC keys for a DNS zone at Cloud DNS, follow these steps:
1. Perform a DELETE request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone from which you want to remove DNSSEC keys.
Result: The DNSSEC keys for the selected DNS zone are successfully disabled. The associated DNSSEC key records for the DNS zone is removed.
202 Accepted
A PTR (Pointer) record is crucial for a mail server as it establishes a Reverse DNS mapping, verifying the legitimacy of the server's IP address. This record is vital for email deliverability, preventing emails from being flagged as spam during Reverse DNS checks. It contributes to forward-confirmed Reverse DNS (FCrDNS), aligning forward and Reverse DNS entries to enhance server credibility. Servers lacking a valid PTR record may face rejection by other mail servers, impacting deliverability. Overall, a PTR record is a standard best practice, promoting trustworthiness and smooth email communication. Additionally, an SPF (Sender Policy Framework) record is essential for email deliverability, as it specifies authorized mail servers for a domain, preventing email spoofing and further bolstering the authenticity of outgoing emails.
This tutorial will guide you on how to install and configure a mail server and a PTR record using IONOS . The steps we will follow are:
Set up a Dedicated Core server in IONOS Cloud.
Create an A and MX record for your mail server.
Install and configure mail server.
Add a Reverse DNS record and SPF record for your mail server.
Test the email deliverability.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in .
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.
5. IP Management: To reserve an IP for the server, click IP Management under Management in the top menu bar.
6. Click Reserve IP and a new pop-up window Reserve IP appears. Add a Name, Number of IPs and select a region that is the same as the region of your Dedicated Core server. Click Reserve IP to reserve the IP and confirm the reservation by pressing OK.
7. Exit the IP management window and return to the Network tab of your Dedicated Core Server.
8. In the IPv4 Configuration click Add IP and a select one of your reserved IPs.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "50" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and further click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy one of the IPv4 addresses.
Replace <zone_id> with your zone id.
1. Connect to your Dedicated Core server via SSH:
and make sure that you are executing the following commands as root.
2. Update the system:
If a kernel is updated it is suggested that you reboot the server.
3. Install Postfix:
Follow the on-screen prompts to configure Postfix. Select Internet Site and enter the domain name of your mail server, in this tutorial we will use our domain mail.demo-ionos.cloud
.
4. Install OpenDKIM:
5. Generate OpenDKIM keys:
Execute the following commands to generate OpenDKIM keys for your domain and move them to the appropriate directory:
Replace mail.demo-ionos.cloud
with your domain name.
6. Edit the OpenDKIM configuration file:
Add or modify the following lines:
Replace mail.demo-ionos.cloud
with your domain name.
7. Install Postfix and Mailutils:
Follow the on-screen prompts to configure Postfix. Select Internet Site and enter the domain name of your mail server, for example, demo-ionos.cloud
.
7. Configure Postfix to use OpenDKIM:
Modify the line containing information about smtp_banner
to include the domain name of your mail server, for example, mail.demo-ionos.cloud
. The line should look like this:
and add the following lines at the end of the file:
and the complete /etc/postfix/main.cf
file looks like this:
8. Restart services:
9. Test the configuration:
Replace <your-email>@<your-domain>
with your email address.
In your mailbox you should receive an email with the subject "Test Email" and the body "This is a test email" but it might be in the spam folder, depending on your email provider. In our case the email was in the spam folder with a note "Mail system could not verify that demo-ionos.cloud actually sent this message (and not a spammer)."
10. Check the mail log:
For your SPF record make sure that instead of mail.demo-ionos.cloud
you use your own domain name.
After creating the PTR record and the SPF record, it might take around 10 minutes to propagate.
3. Test again the email deliverability:
Replace <your-email>@<your-domain>
with your email address.
Prerequisite: Before creating a secondary DNS zone with IONOS Cloud DNS, ensure that the primary zone is capable of establishing a zone transfer with the secondary DNS server; this means port 53 is open for TCP and UDP connections.
To create a secondary zone on the IONOS Cloud DNS, follow this step:
Perform a POST request to the /secondaryzones
endpoint by providing the zoneName
, description
, and primaryIps
for the IP address of the primary nameserver.
Note: For sending DNS notify messages, Cloud DNS uses following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
Result: On a successful POST request, you receive a response containing the secondary DNS zone UUID, Name Servers, primaryIps, and the request status.
202 Accepted
To retrieve information about all the secondary zones, follow this step:
Send a GET request to the /secondaryzones
endpoint.
Result: On a successful GET request, you receive a response containing all secondary DNS zones.
200 OK
To retrieve information about a specific secondary zone, follow this step:
Send a GET request to the /secondaryzones/{secondaryzoneId}
endpoint.
Result: On a successful GET request, you receive a response containing the secondary DNS zone UUID, Name Servers, primaryIps, and secondary zone status.
To retrieve records information about a specific secondary zone, follow this step:
Send a GET request to the /secondaryzones/{secondaryzoneId}/records
endpoint.
Result: On a successful GET request, you receive a response containing the secondary DNS zone records information: status,content, type, priority, TTL and name.
To modify the description of a secondary zone or update the IP addresses of its primary nameserver, follow this step:
Send a PUT request to the /secondaryzones/{secondaryzoneId}
endpoint.
Result: On a successful PUT request, you receive a response containing the secondary DNS zone metadata with the new updated properties.
202 Accepted
Note: The creation of a secondary zone initiates zone transfer. In case of disrupted network connectivity at this time, you can initiate the zone transfer manually between the primary and secondary (i.e. secondary name server could not access primary nameserver on port 53) zones.
To initiate zone transfer from the primary zone to the secondary zone, follow this step:
Send a PUT request to the /secondaryzones/{secondaryzoneId}/axfr
endpoint.
Note: For sending DNS notify messages, Cloud DNS uses following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
Result: On a successful PUT request, you receive an HTTP response 200 OK.
200 OK
To check zone transfer status, follow this step:
Perform a GET request to /secondaryzones/{secondaryzoneId}/axfr
endpoint.
Result: On a successful GET request, you receive a response for AXFR communication status for each of primaryIps.
200 OK
To delete a secondary zone from the IONOS Cloud DNS, follow this step:
Send a DELETE request to the /secondaryzones/{zoneId}
endpoint.
Result: On a successful DELETE request, you receive an HTTP status 200 Accepted.
200 Accepted
To retrieve the quota of secondary DNS zones, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
Field | Type | Description | Example |
---|
Record Type | Record Name | Record Value | Notes |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
2. Configure the server Network settings by following the steps in the .
3. Configure the server Storage settings by following the steps in the .
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the .
In the > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this .
In the > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Create an A record for demo-ionos.cloud using IONOS :
We already own the zone mail.demo-ionos.cloud
and we will use it for this tutorial. Previously we have created a zone demo-ionos.cloud using IONOS . To get more information how to create a zone using IONOS , please refer to .
For more information on how to create a record for a zone using IONOS , please refer to . In the above example make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
2. Create an MX record for demo-ionos.cloud using IONOS :
For more information on how to create a record for a zone using IONOS , please refer to .
1. Create a PTR record for your mail server using IONOS :
2. Create an SPF record for mail.demo-ionos.cloud
using IONOS :
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
id | string | UUID of the newly created DNS record | 90d81ac0-3a30-44d4-95a5-12959effa6ee |
createdDate | string | DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
zoneId | string | UUID of the DNS zone of the DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
fqdn | string | Fully qualified domain name resulting from the record name and the zoneName | *.example.com |
state | string | State of the request | CREATED |
A | example.com | 192.168.1.1 |
AAAA | example.com | 2001:0db8:85a3:0000:0000:8a2e:0370:7334 |
MX | example.com | mail.example.com | Priority is mandatory |
CNAME | www.example.com | example.com |
TXT | example.com | v=spf1 mx -all |
NS | example.com | ns1.example.com |
SRV | _sip._tcp.example.com | 10 5060 sipserver.example.com | Priority weight port is mandatory |
records | string | Number of DNS records | 100000 |
reverseRecords | string | Number of reverse DNS records | 5000 |
secondaryZones | string | Number of secondary DNS zones | 100000 |
zones | string | Number of DNS zones | 50000 |
records | string | Number of DNS records used | 9 |
reverseRecords | string | Number of reverse DNS records used | 1 |
secondaryZones | string | Number of secondary DNS zones used | 6 |
zones | string | Number of DNS zones used | 5 |
id | string | UUID of the DNSSEC key | 98277a78-a6a2-4672-ac9a-a68ca0a8d67a |
type | string | Type of the resource | dnsseckeys |
href | string | URL of the resource |
metadata | object | Metadata of the DNSSEC key |
zoneId | string | UUID of the DNS zone | a363f30c-4c0c-4552-9a07-298d87f219bf |
items | array | List of DNSSEC keys |
keyTag | integer | Key tag of the DNSSEC key | 49057 |
signAlgorithmMnemonic | string | Signing algorithm of the DNSSEC key | RSASHA256 |
signAlgorithmNumber | integer | Signing algorithm number of the DNSSEC key | 8 |
digestAlgorithmMnemonic | string | Digest algorithm of the DNSSEC key | SHA-1 |
digestAlgorithmNumber | integer | Digest algorithm number of the DNSSEC key | 1 |
digest | string | Digest of the DNSSEC key | CF58B511B2D8EF99263704A112703586E542E4FA |
keyData | object | Key data of the DNSSEC key |
flags | integer | Flags of the DNSSEC key | 257 |
protocol | integer | Protocol of the DNSSEC key | 3 |
alg | integer | Algorithm of the DNSSEC key | 8 |
pubKey | string | Public key of the DNSSEC key | AwEAAY6wMNhHk...RIrbLc= |
id | string | UUID of the secondary zone | a1bc82de-4cc5-40ca-bfb3-4e93bd9a367c |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T10:21:32+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T10:21:33+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the secondary zone | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | "1.2.3.4" "5.6.7.8" |
zoneName | string | Name of the secondary zone | example.com |
id | string | UUID of the secondary zone | 04706207-a691-4710-902d-10acf5441bf1 |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T13:15:46+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T13:15:46+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the secondary zone | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | "1.2.3.4" "5.6.7.8" |
zoneName | string | Name of the secondary zone | example.org |
id | string | UUID of the secondary zone | 04706207-a691-4710-902d-10acf5441bf1 |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T13:15:46+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T13:15:46+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the secondary zone | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | "1.2.3.4" "5.6.7.8" |
zoneName | string | Name of the secondary zone | example.org |
id | string | UUID of the secondary zone | 04706207-a691-4710-902d-10acf5441bf1 |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T13:15:46+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T13:15:46+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the request | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver |
zoneName | string | Name of the secondary zone | example.org |
fqdn | string | Fully qualified domain name resulting from the record name and the zoneName | example.org |
rootName | string | Root name of the secondary zone | example.org |
content | string | Content of the secondary zone | example.org hostmaster.example.org 2037070192 28800 7200 604800 600 |
enabled | boolean | Status of the secondary zone | true |
name | string | Name of the secondary zone | www |
priority | integer | Priority of the secondary zone | 0 |
ttl | integer | TTL of the secondary zone | 3600 |
type | string | Type of a record in the secondary zone | SOA |
id | string | UUID of the secondary zone | a1bc82de-4cc5-40ca-bfb3-4e93bd9a367c |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T10:21:32+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-10T09:32:29+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the request | AVAILABLE |
description | string | Description of the secondary zone | Changing description and primaryIps for secondary zone example.com |
primaryIps | array | IP addresses of the primary nameserver |
zoneName | string | Name of the secondary zone | example.com |
errorMessage | string | Error message if any |
primaryIp | string | Primary IP address |
status | string | AXFR communication status | OK |
records | string | Number of DNS records | 100000 |
reverseRecords | string | Number of reverse DNS records | 5000 |
secondaryZones | string | Number of secondary DNS zones | 100000 |
zones | string | Number of DNS zones | 50000 |
records | string | Number of DNS records used | 9 |
reverseRecords | string | Number of reverse DNS records used | 1 |
secondaryZones | string | Number of secondary DNS zones used | 6 |
zones | string | Number of DNS zones used | 5 |
The tutorial guides you through the commonly referred topics in the Cloud DNS such as:
ExternalDNS: Cloud DNS offers ExternalDNS integration that makes Kubernetes resources discoverable via the public DNS servers. For more information, see ExternalDNS for Managed Kubernetes tutorial.
Set Up a Secondary Zone: Guides you through how to set up a primary zone in IONOS Cloud Dedicated Core server and a secondary zone with Cloud DNS. For more information, see Set Up a Secondary Zone tutorial.
Enhance email deliverability with a reverse DNS record: Guides you through how to create a reverse DNS record and an SPF record for your domain name. For more information, see Enhance email deliverability with a Reverse DNS and SPF record tutorial.
This tutorial explains how to set up a secondary DNS zone in IONOS Cloud by running a bind9 server on an Ubuntu operating system. The setup includes the following configuration steps:
Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary DNS zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.
5. IPv4 Configuration: Leave to default values.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and further click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.
Prerequisite: A Dedicated Core server in IONOS Cloud needs to be set up and you must have the IPv4 address of the server.
To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:
1. SSH into the newly created Dedicated Core server.
2. Connect to the newly created server via SSH.
3. Proceed with configuring bind9 and your primary DNS zone.
4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.
Note: For sending DNS notify messages, Cloud DNS uses the following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
5. Create your primary zone.
6. Edit the zone file.
7. Save your changes and quit the Vim editor.
8. Check the configuration, reload bind, and verify that the configured zone is working.
Result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Prerequisite: A Dedicated Core server in IONOS Cloud is set up as a primary nameserver.
To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:
Send a POST request to the /secondaryzones
endpoint.
Result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.
On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:
You can also verify zone transfer status using IONOS Cloud DNS API:
On success response: 200 OK
Result: The zone transfer between primary and secondary zones is successfully verified.
To add a record, follow these steps:
1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:
2. Resolve the new record locally.
3. View the logs which show that a notification is sent to the secondary zone for the new record.
4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.
5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:
Result: A record is successfully added to the primary nameserver.