1 of 4

Tutorials

The tutorial guides you through the commonly referred topics in the Cloud DNS such as:

ExternalDNS: Cloud DNS offers ExternalDNS integration that makes Kubernetes resources discoverable via the public DNS servers. For more information, see tutorial.

Set Up a Secondary Zone: Guides you through how to set up a primary zone in IONOS Cloud Dedicated Core server and a secondary zone with Cloud DNS. For more information, see tutorial.

Enhance email deliverability with a reverse DNS record: Guides you through how to create a reverse DNS record and an SPF record for your domain name. For more information, see tutorial.

ExternalDNS for Managed Kubernetes

ExternalDNS Overview

ExternalDNS is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.

The ExternalDNS solution offers the following capabilities:

Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.

Deployment of ExternalDNS on Managed Kubernetes

Prerequisites: Ensure that you have the following before you begin:

A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
A token from a user with privileges to manage zones and records with Cloud DNS.
An IONOS Managed Kubernetes cluster.
The kubectl installed on your local machine.
The Helm tool for installing a Helm chart.

Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:

Prepare domain name: You need to first Create a DNS Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.
Add Helm chart: Add the Bitnami Helm repository, which contains the official external-dns Helm chart.

helm repo add bitnami https://charts.bitnami.com/bitnami

Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.

# OCI image of ExternalDNS that contains the plugin provider feature
image:
  registry: ghcr.io
  repository: ionos-cloud/external-dns-plugin-provider
  tag: latest

# Modify how DNS records are synchronised between sources and providers (default: sync, options: sync, upsert-only, create-only)
policy: sync

# provider needs to be set to plugin
provider: plugin

# url of the provider which the external-dns will target
extraArgs:
  plugin-provider-url: http://localhost:8888

# plugin is deployed as sidecar
sidecars:
  - name: ionos-plugin
    image: ghcr.io/ionos-cloud/external-dns-ionos-plugin:latest
    ports:
      - containerPort: 8888
        name: http
    livenessProbe:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 10
      timeoutSeconds: 5
    readinessProbe:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 10
      timeoutSeconds: 5
    env:
      # Set port of plugin (value needs to match the container port and plugin provider url port, default value: 8888)
      - name: SERVER_PORT
        value: "8888"
      # Listen on all interfaces for kubernetes probes
      - name: SERVER_HOST
        value: ""
      # Limit possible target zones by a domain suffix (optional)
      - name: DOMAIN_FILTER
        value: "example1.com,example2.com"
      # Exclude subdomains (optional)
      - name: EXCLUDE_DOMAIN_FILTER
        value: "example3.com"
      # Limit possible domains and target zones by a Regex filter. Overrides domain-filter (optional)
      - name: REGEXP_DOMAIN_FILTER
        value: ".*.example4.com"
      # Regex filter that excludes domains and target zones matched by regex-domain-filter (optional)
      - name: REGEXP_DOMAIN_FILTER_EXCLUSION
        value: ".*.example5.com"
      # When enabled, prints DNS record changes rather than actually performing them (default: false)
      - name: DRY_RUN
        value: "true"         
      # Token for DNSaaS rest API authentication (mandatory)  
      - name: IONOS_API_KEY
        value: "21215454"
      - name: LOG_LEVEL
        value: debug
      # When enabled debug logs for the DNSaaS rest API are enabled (default: false)  
      - name: IONOS_DEBUG
        value: "true"

Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:

helm install external-dns-ionos bitnami/external-dns -f external-dns-ionos-values.yaml

Deploy application: Follow this step to deploy an application:

Deploy an echo server application by using the file echoserver_app.yaml.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver
  namespace: echoserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echoserver
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
      - image: ealen/echo-server:latest
        imagePullPolicy: IfNotPresent
        name: echoserver
        ports:
        - containerPort: 80
        env:
        - name: PORT
          value: "80"
---
apiVersion: v1
kind: Service
metadata:
  name: echoserver
  namespace: echoserver
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
  selector:
    app: echoserver
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echoserver
  namespace: echoserver
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: app.example1.com #This is your subdomain / record name
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: echoserver
            port:
              number: 80

If you want to use a service, you do not need to install an ingress controller. You can install an ingress controller in the cluster and deploy the application with kubectl by using the following command:

kubectl apply -f echoserver_app.yaml

Result: The deployment of ExternalDNS on Managed Kubernetes is complete.

Verify deployment

You can verify that the application deployed is functioning as expected by using one of the following options.

Access application

Check that the echo server app runs on the subdomain you have specified by using the following command:

curl -I app.example1.com/?echo_code=404-300

Expected result:

HTTP/1.1 404 Not Found 
HTTP/1.1 300 Multiple Choices

Check DNS records

Check that the new A and TXT records are created by using the following command:

curl --location --request GET 'https://dns.de-fra.ionos.com/records?filter.name=app' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiI4MmE5' \
--data ''

Set Up a Secondary Zone

This tutorial explains how to set up a secondary DNS zone in IONOS Cloud by running a bind9 server on an Ubuntu operating system. The setup includes the following configuration steps:

Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary DNS zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.

Set up a Dedicated Core Server in IONOS Cloud

Note:

The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.

To set up a Dedicated Core server in IONOS Cloud, follow these steps:

1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.

2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.

3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.

4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.

Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.

Dedicated Core Server network settings

In the DCD > Inspector pane on the right, configure the following network details in the Network tab.

1. Name: Choose a name unique to this Virtual Data Center (VDC).

2. MAC: Assigned on VM creation.

3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.

4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.

5. IPv4 Configuration: Leave to default values.

Result: The Network settings for a Dedicated Core server are configured.

Dedicated Core Server storage settings

Warning: The storage type cannot be changed after provisioning.

In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.

1. Click SSD and a new pop-up window Create New Attached Storage appears.

2. Configure the following storage details:

Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance: Select "Standard".

Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.

3. Click Create SSD Storage to create the SSD storage.

Result: The Storage settings for a Dedicated Core server are configured.

Provision changes and start the Dedicated Core Server

1. Select the newly created Dedicated Core server.

2. From the Settings tab in the Inspector pane, select Power > Start.

3. Click Provision Changes in the lower right corner and further click Provision Now.

Result: The Dedicated Core server is provisioned and started.

Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.

Configure a Dedicated Core Server as a primary nameserver

Prerequisite: A Dedicated Core server in IONOS Cloud needs to be set up and you must have the IPv4 address of the server.

To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:

1. SSH into the newly created Dedicated Core server.

ssh root@<IP-ADDRESS>

2. Connect to the newly created server via SSH.

root@ubuntu:~# sudo -i
root@ubuntu:~# apt update -y
[...]
root@ubuntu:~# apt install -y bind9 bind9utils
[...]

3. Proceed with configuring bind9 and your primary DNS zone.

root@ubuntu:~# vi /etc/bind/named.conf.local

4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.

Note: For sending DNS notify messages, Cloud DNS uses the following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.

logging {
  category xfer-out { default_syslog; };
  category xfer-in { default_syslog; };
  category notify { default_syslog; };
  category lame-servers { default_syslog; };
  category general { default_syslog; };
  category default { default_syslog; };
};


zone "primary-zone.de" IN {
  type master;
  file "/var/cache/bind/primary-zone.de.db";
  notify explicit;
  also-notify  { 212.227.123.25; };
  allow-update { 127.0.0.1; };
};

5. Create your primary zone.

root@ubuntu:~# vi /var/cache/bind/primary-zone.de.db

6. Edit the zone file.

; Zone: primary-zone.de
; Exported: Mon Aug 17 22:36:11 UTC 2023
 
$ORIGIN primary-zone.de.
$TTL 3600
 
@   3600    IN  SOA primary-zone.de. hostmaster.primary-zone.de. (
                    2017060104  ; serial
                    28800       ; refresh
                    7200        ; retry
                    604800      ; expire
                    600 )       ; minimum
@   3600    IN  NS  ns.ui-global-dns.com.
@   3600    IN  NS  ns.ui-global-dns.de.
@   3600    IN  NS  ns.ui-global-dns.org.
@   3600    IN  NS  ns.ui-global-dns.biz.
www 60    IN  A   127.0.0.1
www 60    IN  AAAA    ::1

7. Save your changes and quit the Vim editor.

8. Check the configuration, reload bind, and verify that the configured zone is working.

root@ubuntu:~# named-checkconf
root@ubuntu:~# systemctl reload named
root@ubuntu:~# dig +short primary-zone.de

Result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.

Create a secondary zone in IONOS Cloud DNS

Prerequisite: A Dedicated Core server in IONOS Cloud is set up as a primary nameserver.

To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:

Send a POST request to the /secondaryzones endpoint.

curl --location 'https://dns.de-fra.ionos.com/secondaryzones' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--data '{
    "properties": {
        "zoneName": "primary-zone.de",
        "description": "This is a secondary zone for primary-zone.de in IONOS Cloud DNS",
        "primaryIps": [
            "<IP-ADDRESS>"
        ]
    }
}'

Response

{
    "id": "bdae7da0-0363-49d7-929d-92992786efe1",
    "type": "secondaryzone",
    "href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1",
    "metadata": {
        "createdDate": "2023-08-06T19:36:58+00:00",
        "lastModifiedDate": "2023-08-06T19:36:59+00:00",
        "nameservers": [
            "nscs.ui-dns.com",
            "nscs.ui-dns.de",
            "nscs.ui-dns.org",
            "nscs.ui-dns.biz"
        ],
        "state": "AVAILABLE"
    },
    "properties": {
        "description": "This is a secondary zone for test-dns-public.info in IONOS Cloud DNS",
        "primaryIps": [
            "<IP-ADDRESS>"
        ],
        "zoneName": "test-dns-public.info"
    }
}

Result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.

Verify zone transfer

On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:

root@ubuntu:~# journalctl --unit named --follow
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR started (serial 2017060104)
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR ended: 1 messages, 8 records, 299 bytes, 0.001 secs (299000 bytes/sec) (serial 2017060104)

You can also verify zone transfer status using IONOS Cloud DNS API:

curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/axfr' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'

Response

On success response: 200 OK

{
    "items": [
        {
            "errorMessage": "",
            "primaryIp": "<IP-ADDRESS>",
            "status": "OK"
        }
    ],
    "type": "collection"
}

Result: The zone transfer between primary and secondary zones is successfully verified.

Add a record

To add a record, follow these steps:

1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:

root@ubuntu:~# dig +short www. primary-zone.de @ns.ui-global-dns.com
217.160.0.148
root@ubuntu:~# nsupdate
> server 127.0.0.1
> zone primary-zone.de
> update add www2.primary-zone.de. 600 IN A 203.0.113.1
> send
> quit

2. Resolve the new record locally.

root@ubuntu:~# dig +short www2.primary-zone.de @127.0.0.1
203.0.113.1

3. View the logs which show that a notification is sent to the secondary zone for the new record.

Aug 07 16:00:22 ubuntu named[2666]: client @0x7f467000d0a8 127.0.0.1#34056: updating zone 'primary-zone.de/IN': adding an RR at 'www2.primary-zone.de' A 203.0.113.1
Aug 07 16:00:22 ubuntu named[2666]: zone primary-zone.de/IN: sending notifies (serial 2017060105)

4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.

curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'

{
    "id": "bdae7da0-0363-49d7-929d-92992786efe1",
    "type": "collection",
    "href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
    "metadata": {
        "primaryIps": [
            "<IP-ADDRESS>"
        ]
    },
    "items": [
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "primary-zone.de hostmaster.primary-zone.de 2017060105 28800 7200 604800 600",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "SOA"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.de",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.biz",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.com",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.org",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "127.0.0.1",
                "enabled": true,
                "name": "www",
                "priority": 0,
                "ttl": 3600,
                "type": "A"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "0:0:0:0:0:0:0:1",
                "enabled": true,
                "name": "www",
                "priority": 0,
                "ttl": 3600,
                "type": "AAAA"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www2.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "203.0.113.1",
                "enabled": true,
                "name": "www2",
                "priority": 0,
                "ttl": 3600,
                "type": "A"
            }
        }
    ],
    "offset": 0,
    "limit": 100,
    "_links": {
        "self": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
        "next": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=100"
    }
}

5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:

root@ubuntu:~# dig +short www2.primary-zone.de @ns.ui-global-dns.com.

Result: A record is successfully added to the primary nameserver.

Enhance email deliverability with a Reverse DNS and SPF record

A PTR (Pointer) record is crucial for a mail server as it establishes a Reverse DNS mapping, verifying the legitimacy of the server's IP address. This record is vital for email deliverability, preventing emails from being flagged as spam during Reverse DNS checks. It contributes to forward-confirmed Reverse DNS (FCrDNS), aligning forward and Reverse DNS entries to enhance server credibility. Servers lacking a valid PTR record may face rejection by other mail servers, impacting deliverability. Overall, a PTR record is a standard best practice, promoting trustworthiness and smooth email communication. Additionally, an SPF (Sender Policy Framework) record is essential for email deliverability, as it specifies authorized mail servers for a domain, preventing email spoofing and further bolstering the authenticity of outgoing emails.

This tutorial will guide you on how to install and configure a mail server and a PTR record using IONOS . The steps we will follow are:

Set up a Dedicated Core server in IONOS Cloud.
Create an A and MX record for your mail server.
Install and configure mail server.
Add a Reverse DNS record and SPF record for your mail server.
Test the email deliverability.

Set up a Dedicated Core Server in IONOS Cloud

Note:

The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.

To set up a Dedicated Core server in IONOS Cloud, follow these steps:

1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in .

Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.

Dedicated Core Server network settings

2. MAC: Assigned on VM creation.

3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.

4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.

5. IP Management: To reserve an IP for the server, click IP Management under Management in the top menu bar.

6. Click Reserve IP and a new pop-up window Reserve IP appears. Add a Name, Number of IPs and select a region that is the same as the region of your Dedicated Core server. Click Reserve IP to reserve the IP and confirm the reservation by pressing OK.

7. Exit the IP management window and return to the Network tab of your Dedicated Core Server.

8. In the IPv4 Configuration click Add IP and a select one of your reserved IPs.

Result: The Network settings for a Dedicated Core server are configured.

Dedicated Core Server storage settings

Warning: The storage type cannot be changed after provisioning.

1. Click SSD and a new pop-up window Create New Attached Storage appears.

2. Configure the following storage details:

Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "50" which is sufficient for this tutorial.
Performance: Select "Standard".

Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.

3. Click Create SSD Storage to create the SSD storage.

Result: The Storage settings for a Dedicated Core server are configured.

Provision changes and start the Dedicated Core Server

1. Select the newly created Dedicated Core server.

2. From the Settings tab in the Inspector pane, select Power > Start.

3. Click Provision Changes in the lower right corner and further click Provision Now.

Result: The Dedicated Core server is provisioned and started.

Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy one of the IPv4 addresses.

Create an A and MX record for your mail server

Replace <zone_id> with your zone id.

Install and configure mail server

1. Connect to your Dedicated Core server via SSH:

and make sure that you are executing the following commands as root.

2. Update the system:

If a kernel is updated it is suggested that you reboot the server.

3. Install Postfix:

Follow the on-screen prompts to configure Postfix. Select Internet Site and enter the domain name of your mail server, in this tutorial we will use our domain mail.demo-ionos.cloud.

4. Install OpenDKIM:

5. Generate OpenDKIM keys:

Execute the following commands to generate OpenDKIM keys for your domain and move them to the appropriate directory:

Replace mail.demo-ionos.cloud with your domain name.

6. Edit the OpenDKIM configuration file:

Add or modify the following lines:

Replace mail.demo-ionos.cloud with your domain name.

7. Install Postfix and Mailutils:

Follow the on-screen prompts to configure Postfix. Select Internet Site and enter the domain name of your mail server, for example, demo-ionos.cloud.

7. Configure Postfix to use OpenDKIM:

Modify the line containing information about smtp_banner to include the domain name of your mail server, for example, mail.demo-ionos.cloud. The line should look like this:

and add the following lines at the end of the file:

and the complete /etc/postfix/main.cf file looks like this:

8. Restart services:

9. Test the configuration:

Replace <your-email>@<your-domain> with your email address.

In your mailbox you should receive an email with the subject "Test Email" and the body "This is a test email" but it might be in the spam folder, depending on your email provider. In our case the email was in the spam folder with a note "Mail system could not verify that demo-ionos.cloud actually sent this message (and not a spammer)."

10. Check the mail log:

Add a Reverse DNS record and SPF record for your mail server

For your SPF record make sure that instead of mail.demo-ionos.cloud you use your own domain name.

After creating the PTR record and the SPF record, it might take around 10 minutes to propagate.

3. Test again the email deliverability:

Replace <your-email>@<your-domain> with your email address.

ExternalDNS for Managed Kubernetes

ExternalDNS Overview

ExternalDNS is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.

The ExternalDNS solution offers the following capabilities:

Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.

Deployment of ExternalDNS on Managed Kubernetes

Prerequisites: Ensure that you have the following before you begin:

A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
A token from a user with privileges to manage zones and records with Cloud DNS.
An IONOS Managed Kubernetes cluster.
The kubectl installed on your local machine.
The Helm tool for installing a Helm chart.

Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:

Prepare domain name: You need to first Create a DNS Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.
Add Helm chart: Add the Bitnami Helm repository, which contains the official external-dns Helm chart.

helm repo add bitnami https://charts.bitnami.com/bitnami

Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.

# OCI image of ExternalDNS that contains the plugin provider feature
image:
  registry: ghcr.io
  repository: ionos-cloud/external-dns-plugin-provider
  tag: latest

# Modify how DNS records are synchronised between sources and providers (default: sync, options: sync, upsert-only, create-only)
policy: sync

# provider needs to be set to plugin
provider: plugin

# url of the provider which the external-dns will target
extraArgs:
  plugin-provider-url: http://localhost:8888

# plugin is deployed as sidecar
sidecars:
  - name: ionos-plugin
    image: ghcr.io/ionos-cloud/external-dns-ionos-plugin:latest
    ports:
      - containerPort: 8888
        name: http
    livenessProbe:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 10
      timeoutSeconds: 5
    readinessProbe:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 10
      timeoutSeconds: 5
    env:
      # Set port of plugin (value needs to match the container port and plugin provider url port, default value: 8888)
      - name: SERVER_PORT
        value: "8888"
      # Listen on all interfaces for kubernetes probes
      - name: SERVER_HOST
        value: ""
      # Limit possible target zones by a domain suffix (optional)
      - name: DOMAIN_FILTER
        value: "example1.com,example2.com"
      # Exclude subdomains (optional)
      - name: EXCLUDE_DOMAIN_FILTER
        value: "example3.com"
      # Limit possible domains and target zones by a Regex filter. Overrides domain-filter (optional)
      - name: REGEXP_DOMAIN_FILTER
        value: ".*.example4.com"
      # Regex filter that excludes domains and target zones matched by regex-domain-filter (optional)
      - name: REGEXP_DOMAIN_FILTER_EXCLUSION
        value: ".*.example5.com"
      # When enabled, prints DNS record changes rather than actually performing them (default: false)
      - name: DRY_RUN
        value: "true"         
      # Token for DNSaaS rest API authentication (mandatory)  
      - name: IONOS_API_KEY
        value: "21215454"
      - name: LOG_LEVEL
        value: debug
      # When enabled debug logs for the DNSaaS rest API are enabled (default: false)  
      - name: IONOS_DEBUG
        value: "true"

Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:

helm install external-dns-ionos bitnami/external-dns -f external-dns-ionos-values.yaml

Deploy application: Follow this step to deploy an application:

Deploy an echo server application by using the file echoserver_app.yaml.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver
  namespace: echoserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echoserver
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
      - image: ealen/echo-server:latest
        imagePullPolicy: IfNotPresent
        name: echoserver
        ports:
        - containerPort: 80
        env:
        - name: PORT
          value: "80"
---
apiVersion: v1
kind: Service
metadata:
  name: echoserver
  namespace: echoserver
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
  selector:
    app: echoserver
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echoserver
  namespace: echoserver
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: app.example1.com #This is your subdomain / record name
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: echoserver
            port:
              number: 80

kubectl apply -f echoserver_app.yaml

Result: The deployment of ExternalDNS on Managed Kubernetes is complete.

Verify deployment

You can verify that the application deployed is functioning as expected by using one of the following options.

Access application

Check that the echo server app runs on the subdomain you have specified by using the following command:

curl -I app.example1.com/?echo_code=404-300

Expected result:

HTTP/1.1 404 Not Found 
HTTP/1.1 300 Multiple Choices

Check DNS records

Check that the new A and TXT records are created by using the following command:

curl --location --request GET 'https://dns.de-fra.ionos.com/records?filter.name=app' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiI4MmE5' \
--data ''

Enhance email deliverability with a Reverse DNS and SPF record

This tutorial will guide you on how to install and configure a mail server and a PTR record using IONOS . The steps we will follow are:

Set up a Dedicated Core server in IONOS Cloud.
Create an A and MX record for your mail server.
Install and configure mail server.
Add a Reverse DNS record and SPF record for your mail server.
Test the email deliverability.

Set up a Dedicated Core Server in IONOS Cloud

Note:

The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.

To set up a Dedicated Core server in IONOS Cloud, follow these steps:

1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in .

2. Configure the server Network settings by following the steps in the .

3. Configure the server Storage settings by following the steps in the .

4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the .

Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.

Dedicated Core Server network settings

In the > Inspector pane on the right, configure the following network details in the Network tab.

1. Name: Choose a name unique to this .

2. MAC: Assigned on VM creation.

3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.

4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.

5. IP Management: To reserve an IP for the server, click IP Management under Management in the top menu bar.

7. Exit the IP management window and return to the Network tab of your Dedicated Core Server.

8. In the IPv4 Configuration click Add IP and a select one of your reserved IPs.

Result: The Network settings for a Dedicated Core server are configured.

Dedicated Core Server storage settings

Warning: The storage type cannot be changed after provisioning.

In the > Inspector pane on the right, configure the following storage details in the Storage tab.

1. Click SSD and a new pop-up window Create New Attached Storage appears.

2. Configure the following storage details:

Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "50" which is sufficient for this tutorial.
Performance: Select "Standard".

Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.

3. Click Create SSD Storage to create the SSD storage.

Result: The Storage settings for a Dedicated Core server are configured.

Provision changes and start the Dedicated Core Server

1. Select the newly created Dedicated Core server.

2. From the Settings tab in the Inspector pane, select Power > Start.

3. Click Provision Changes in the lower right corner and further click Provision Now.

Result: The Dedicated Core server is provisioned and started.

Create an A and MX record for your mail server

1. Create an A record for demo-ionos.cloud using IONOS :

We already own the zone mail.demo-ionos.cloud and we will use it for this tutorial. Previously we have created a zone demo-ionos.cloud using IONOS . To get more information how to create a zone using IONOS , please refer to .

Replace <zone_id> with your zone id.

curl --location 'https://dns.de-fra.ionos.com/zones/<zone_id>/records' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <authorization_token>' \
--data '{
  "properties": {
    "name": "",
    "type": "A",
    "content": "<your_server_ip>",
    "ttl": 60,
    "priority": 0,
    "enabled": true
  }
}'

For more information on how to create a record for a zone using IONOS , please refer to . In the above example make sure to use your own <zone_id> and <your_server_ip> along with your <authorization token>.

2. Create an MX record for demo-ionos.cloud using IONOS :

curl --location 'https://dns.de-fra.ionos.com/zones/<zone_id>/records' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <authorization_token>' \
--data '{
  "properties": {
    "name": "",
    "type": "MX",
    "content": "mail.demo-ionos.cloud",
    "ttl": 60,
    "priority": 10,
    "enabled": true
  }
}'

For more information on how to create a record for a zone using IONOS , please refer to .

Install and configure mail server

1. Connect to your Dedicated Core server via SSH:

ssh root@<your_server_ip>

and make sure that you are executing the following commands as root.

sudo su -

2. Update the system:

apt update && sudo apt upgrade -y

If a kernel is updated it is suggested that you reboot the server.

systemctl reboot

3. Install Postfix:

apt install postfix

Follow the on-screen prompts to configure Postfix. Select Internet Site and enter the domain name of your mail server, in this tutorial we will use our domain mail.demo-ionos.cloud.

4. Install OpenDKIM:

apt install opendkim opendkim-tools

5. Generate OpenDKIM keys:

Execute the following commands to generate OpenDKIM keys for your domain and move them to the appropriate directory:

mkdir -p /etc/opendkim/keys/mail.demo-ionos.cloud &&
opendkim-genkey -t -s mail -d mail.demo-ionos.cloud &&
mv mail.private /etc/opendkim/keys/mail.demo-ionos.cloud/ &&
chown -R opendkim:opendkim /etc/opendkim/keys/mail.demo-ionos.cloud

Replace mail.demo-ionos.cloud with your domain name.

6. Edit the OpenDKIM configuration file:

vi /etc/opendkim.conf

Add or modify the following lines:

Domain                  mail.demo-ionos.cloud
KeyFile                 /etc/opendkim/keys/mail.demo-ionos.cloud/mail.private
Selector                mail
Socket                  inet:12301@localhost

Replace mail.demo-ionos.cloud with your domain name.

7. Install Postfix and Mailutils:

apt install postfix mailutils

Follow the on-screen prompts to configure Postfix. Select Internet Site and enter the domain name of your mail server, for example, demo-ionos.cloud.

7. Configure Postfix to use OpenDKIM:

vi /etc/postfix/main.cf

Modify the line containing information about smtp_banner to include the domain name of your mail server, for example, mail.demo-ionos.cloud. The line should look like this:

smtpd_banner = mail.demo-ionos.cloud ESMTP $mail_name (IONOS CloudDNS Mail)

and add the following lines at the end of the file:

# Add at the end of the file
# Enable OpenDKIM milter
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

and the complete /etc/postfix/main.cf file looks like this:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = mail.demo-ionos.cloud ESMTP $mail_name (IONOS CloudDNS Mail)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6



# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ubuntu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mail.demo-ionos.cloud, ubuntu, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# Add at the end of the file
# Enable OpenDKIM milter
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

8. Restart services:

systemctl restart opendkim
systemctl restart postfix

9. Test the configuration:

echo "This is a test email" | mail -s "Test Email" -a "From: sender@mail.demo-ionos.cloud" <your-email>@<your-domain>

Replace <your-email>@<your-domain> with your email address.

echo "This is a test email" | mail -s "Test Email" -a "From: sender@demo-ionos.cloud" srdjan.milutinovic@ionos.com

10. Check the mail log:

tail -f /var/log/mail.log

Add a Reverse DNS record and SPF record for your mail server

1. Create a PTR record for your mail server using IONOS :

curl --location 'https://dns.de-fra.ionos.com/reverserecords' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <authorization_token>' \
--data '{
  "properties": {
    "name": "mail.demo-ionos.cloud",
    "description": "The Reverse DNS record is used for mail.demo-ionos.cloud",
    "ip": "<your_server_ip>"
  }
}'

2. Create an SPF record for mail.demo-ionos.cloud using IONOS :

curl --location 'https://dns.de-fra.ionos.com/zones/<zone_id>/records' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <authorization_token>' \
--data '{
  "properties": {
    "name": "",
    "type": "TXT",
    "content": "v=spf1 a:mail.demo-ionos.cloud -all",
    "ttl": 60,
    "enabled": true
  }
}
'

For your SPF record make sure that instead of mail.demo-ionos.cloud you use your own domain name.

After creating the PTR record and the SPF record, it might take around 10 minutes to propagate.

3. Test again the email deliverability:

echo "This is a test email" | mail -s "Test Email" -a "From:sender@mail.demo-ionos.cloud" <your-email>@<your-domain>

Replace <your-email>@<your-domain> with your email address.

echo "This is a test email" | mail -s "Test Email" -a "From:sender@demo-ionos.cloud" srdjan.milutinovic@ionos.com

Set Up a Secondary Zone

This tutorial explains how to set up a secondary DNS zone in IONOS Cloud by running a bind9 server on an Ubuntu operating system. The setup includes the following configuration steps:

Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary DNS zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.

Set up a Dedicated Core Server in IONOS Cloud

Note:

The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.

To set up a Dedicated Core server in IONOS Cloud, follow these steps:

1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.

2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.

3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.

4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.

Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.

Dedicated Core Server network settings

In the DCD > Inspector pane on the right, configure the following network details in the Network tab.

1. Name: Choose a name unique to this Virtual Data Center (VDC).

2. MAC: Assigned on VM creation.

3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.

4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.

5. IPv4 Configuration: Leave to default values.

Result: The Network settings for a Dedicated Core server are configured.

Dedicated Core Server storage settings

Warning: The storage type cannot be changed after provisioning.

In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.

1. Click SSD and a new pop-up window Create New Attached Storage appears.

2. Configure the following storage details:

Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance: Select "Standard".

Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.

3. Click Create SSD Storage to create the SSD storage.

Result: The Storage settings for a Dedicated Core server are configured.

Provision changes and start the Dedicated Core Server

1. Select the newly created Dedicated Core server.

2. From the Settings tab in the Inspector pane, select Power > Start.

3. Click Provision Changes in the lower right corner and further click Provision Now.

Result: The Dedicated Core server is provisioned and started.

Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.

Configure a Dedicated Core Server as a primary nameserver

Prerequisite: A Dedicated Core server in IONOS Cloud needs to be set up and you must have the IPv4 address of the server.

To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:

1. SSH into the newly created Dedicated Core server.

ssh root@<IP-ADDRESS>

2. Connect to the newly created server via SSH.

root@ubuntu:~# sudo -i
root@ubuntu:~# apt update -y
[...]
root@ubuntu:~# apt install -y bind9 bind9utils
[...]

3. Proceed with configuring bind9 and your primary DNS zone.

root@ubuntu:~# vi /etc/bind/named.conf.local

4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.

Note: For sending DNS notify messages, Cloud DNS uses the following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.

logging {
  category xfer-out { default_syslog; };
  category xfer-in { default_syslog; };
  category notify { default_syslog; };
  category lame-servers { default_syslog; };
  category general { default_syslog; };
  category default { default_syslog; };
};


zone "primary-zone.de" IN {
  type master;
  file "/var/cache/bind/primary-zone.de.db";
  notify explicit;
  also-notify  { 212.227.123.25; };
  allow-update { 127.0.0.1; };
};

5. Create your primary zone.

root@ubuntu:~# vi /var/cache/bind/primary-zone.de.db

6. Edit the zone file.

; Zone: primary-zone.de
; Exported: Mon Aug 17 22:36:11 UTC 2023
 
$ORIGIN primary-zone.de.
$TTL 3600
 
@   3600    IN  SOA primary-zone.de. hostmaster.primary-zone.de. (
                    2017060104  ; serial
                    28800       ; refresh
                    7200        ; retry
                    604800      ; expire
                    600 )       ; minimum
@   3600    IN  NS  ns.ui-global-dns.com.
@   3600    IN  NS  ns.ui-global-dns.de.
@   3600    IN  NS  ns.ui-global-dns.org.
@   3600    IN  NS  ns.ui-global-dns.biz.
www 60    IN  A   127.0.0.1
www 60    IN  AAAA    ::1

7. Save your changes and quit the Vim editor.

8. Check the configuration, reload bind, and verify that the configured zone is working.

root@ubuntu:~# named-checkconf
root@ubuntu:~# systemctl reload named
root@ubuntu:~# dig +short primary-zone.de

Result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.

Create a secondary zone in IONOS Cloud DNS

Prerequisite: A Dedicated Core server in IONOS Cloud is set up as a primary nameserver.

To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:

Send a POST request to the /secondaryzones endpoint.

curl --location 'https://dns.de-fra.ionos.com/secondaryzones' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--data '{
    "properties": {
        "zoneName": "primary-zone.de",
        "description": "This is a secondary zone for primary-zone.de in IONOS Cloud DNS",
        "primaryIps": [
            "<IP-ADDRESS>"
        ]
    }
}'

Response

{
    "id": "bdae7da0-0363-49d7-929d-92992786efe1",
    "type": "secondaryzone",
    "href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1",
    "metadata": {
        "createdDate": "2023-08-06T19:36:58+00:00",
        "lastModifiedDate": "2023-08-06T19:36:59+00:00",
        "nameservers": [
            "nscs.ui-dns.com",
            "nscs.ui-dns.de",
            "nscs.ui-dns.org",
            "nscs.ui-dns.biz"
        ],
        "state": "AVAILABLE"
    },
    "properties": {
        "description": "This is a secondary zone for test-dns-public.info in IONOS Cloud DNS",
        "primaryIps": [
            "<IP-ADDRESS>"
        ],
        "zoneName": "test-dns-public.info"
    }
}

Result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.

Verify zone transfer

On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:

root@ubuntu:~# journalctl --unit named --follow
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR started (serial 2017060104)
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR ended: 1 messages, 8 records, 299 bytes, 0.001 secs (299000 bytes/sec) (serial 2017060104)

You can also verify zone transfer status using IONOS Cloud DNS API:

curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/axfr' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'

Response

On success response: 200 OK

{
    "items": [
        {
            "errorMessage": "",
            "primaryIp": "<IP-ADDRESS>",
            "status": "OK"
        }
    ],
    "type": "collection"
}

Result: The zone transfer between primary and secondary zones is successfully verified.

Add a record

To add a record, follow these steps:

1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:

root@ubuntu:~# dig +short www. primary-zone.de @ns.ui-global-dns.com
217.160.0.148
root@ubuntu:~# nsupdate
> server 127.0.0.1
> zone primary-zone.de
> update add www2.primary-zone.de. 600 IN A 203.0.113.1
> send
> quit

2. Resolve the new record locally.

root@ubuntu:~# dig +short www2.primary-zone.de @127.0.0.1
203.0.113.1

3. View the logs which show that a notification is sent to the secondary zone for the new record.

Aug 07 16:00:22 ubuntu named[2666]: client @0x7f467000d0a8 127.0.0.1#34056: updating zone 'primary-zone.de/IN': adding an RR at 'www2.primary-zone.de' A 203.0.113.1
Aug 07 16:00:22 ubuntu named[2666]: zone primary-zone.de/IN: sending notifies (serial 2017060105)

4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.

curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'

{
    "id": "bdae7da0-0363-49d7-929d-92992786efe1",
    "type": "collection",
    "href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
    "metadata": {
        "primaryIps": [
            "<IP-ADDRESS>"
        ]
    },
    "items": [
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "primary-zone.de hostmaster.primary-zone.de 2017060105 28800 7200 604800 600",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "SOA"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.de",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.biz",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.com",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.org",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "127.0.0.1",
                "enabled": true,
                "name": "www",
                "priority": 0,
                "ttl": 3600,
                "type": "A"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "0:0:0:0:0:0:0:1",
                "enabled": true,
                "name": "www",
                "priority": 0,
                "ttl": 3600,
                "type": "AAAA"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www2.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "203.0.113.1",
                "enabled": true,
                "name": "www2",
                "priority": 0,
                "ttl": 3600,
                "type": "A"
            }
        }
    ],
    "offset": 0,
    "limit": 100,
    "_links": {
        "self": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
        "next": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=100"
    }
}

5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:

root@ubuntu:~# dig +short www2.primary-zone.de @ns.ui-global-dns.com.

Result: A record is successfully added to the primary nameserver.