Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
IONOS Cloud DNS lets you publish Domain Name System (DNS) zones of your domains and subdomains on public Name Servers. You can manage your DNS zones and records via the Cloud DNS API.
With IONOS Cloud DNS, you can import and export DNS zone files, create secondary DNS zones, enable DNSSEC keys for DNS zones, and manage DNS records. You can also use the Cloud DNS API to create and manage Reverse DNS records for your IPv4 and IPv6 addresses.
The IONOS Name Server infrastructure is distributed across 14 point-of-presence (POP) locations in Europe and the USA to ensure fast and reliable DNS resolution for users across these locations.
Learn how to set Access and Manage DNS privilege to users via the DCD.
Learn how to set access and manage DNS privileges for users via the Cloud DNS API.
Learn how to create a DNS zone via the Cloud DNS API.
Learn how to create a DNS record with UUID of the DNS zone via the Cloud DNS API.
Learn how to create and manage a Reverse DNS record via the Cloud DNS API.
Learn how to connect a domain name server to Domain Name System (DNS) zones.
Learn how to manage non-existing DNS Records via the Cloud DNS API.
Learn how to import an existing DNS zone file to IONOS Cloud DNS via the Cloud DNS API.
Learn how to export a DNS zone file by using the UUID of the DNS zone via the Cloud DNS API.
Learn how to create a secondary DNS zone via the Cloud DNS API.
Learn how to retrieve DNSSEC Signing Keys via the Cloud DNS API.
Learn how to use ExternalDNS to make Kubernetes resources discoverable via the public DNS servers.
Learn how to create a primary zone in IONOS Cloud Dedicated Core server and secondary zone via the Cloud DNS API.
Learn how to enhance email deliverability with a reverse DNS record.
Learn how to create TLS certificates using IONOS Cloud Certbot Plugin.
With IONOS Cloud Domain Name System (DNS), you can publish your domain names to the global DNS. The feature is built around the concept of DNS zones and records that are managed primarily through the Cloud DNS API. Along with the API operations, the Data Center Designer (DCD) provisions you with an option to grant additional users with permission to manage these DNS zones and records.
The Cloud DNS offers the following key capabilities:
High availability: The IONOS Cloud DNS infrastructure is designed with redundancy at every level, including multiple DNS servers, network links, power sources, and data centers. This redundancy ensures that if one component fails, another can take over and continue to provide service without interruption.
Fully-managed service: The DNS infrastructure and provides the service as a SaaS model.
Automation: The Cloud DNS API lets you automatically create, update, and delete DNS zones and records.
DNS: Refers to a system that converts domain names into IP addresses. The DNS translates domain names into numeric IP addresses that computers can understand and use to access websites or other internet resources.
Name Servers: Name Servers or DNS Servers are parts of the computer's DNS infrastructure and store DNS records for a particular domain name. They provide information about the IP address or other resources associated with a domain name. When you request access to a domain, your device queries the domain's name servers to resolve the corresponding IP address.
DNS Zone: A DNS zone is an administrative unit that contains DNS records for a specific domain. It specifies the authoritative DNS servers for that domain and their IP addresses.
DNS Record: A DNS record is a set of instructions stored on DNS servers that maps domain names to IP addresses and vice versa. They are used to help route internet traffic, provide email services, and facilitate other internet functions. DNS records come in various formats, such as Address (A), Canonical Name (CNAME), Mail Exchange (MX), Text (TXT), and so on.
Reverse DNS: Reverse DNS is a method of resolving an IP address to a domain name. It is the opposite of the standard DNS lookup, which resolves a domain name to an IP address. You can verify the authenticity of an IP address by checking whether the hostname associated with the IP address matches the expected domain. Reverse DNS operates through PTR (Pointer) records, which are special DNS records.
Secondary DNS Zone: A secondary DNS zone is a read-only copy of a primary DNS zone. It holds the same DNS records for a domain and helps distribute the load and ensure redundancy. If the primary DNS server experiences issues, the secondary zone can still provide accurate DNS information, ensuring continuous availability for domain name resolution.
DNSSEC Keys: DNSSEC keys are cryptographic keys used to enhance the security of the DNS. DNSSEC keys are generated as pairs: a private key and a corresponding public key. The private key is kept secure, while the public key is shared in DNS records. These keys are crucial for validating DNS responses, preventing tampering, and ensuring the security of DNS information.
Time-to-live (TTL): TTL is a DNS record setting that specifies how long a DNS resolver should cache the results of a query before querying the DNS server again for updated information.
Domain Registrar: A domain registrar is a company or an organization that manages the registration of domain names on the Internet. The Internet Corporation for Assigned Names and Numbers (ICANN) accredited registrars are responsible for ensuring the accuracy and validity of domain name registrations. Domain registrars include IONOS, Strato, Fasthosts, Arsys, Home.pl, and World4You.
Note: By default, only contract administrators and owners can manage the Cloud DNS records and zones using the Cloud DNS API.
To facilitate additional users with permissions to manage the DNS zones and records, the Data Center Designer (DCD) offers a new group privilege called Access and manage DNS in the User Manager, under the Privileges tab. You can grant this privilege to a group via the DCD. By giving this privilege to a group, all users in this group get permission to manage the Cloud DNS zones and records via the Cloud DNS API.
For information on setting Access and manage DNS privilege to a group, see Set User Privileges via the DCD.
Prerequisite: You need administrative privileges to create and assign user privileges by using the Cloud API.
To set user privileges using the Cloud API for managing DNS zones and records, follow these steps:
Authenticate to the Cloud API using your API credentials.
Create a user using the POST /cloudapi/v6/um/users
endpoint.
Set the following required parameters for the user: user's name
, email address
, and password
.
Create a group using the POST /cloudapi/v6/um/groups
endpoint.
Set accessAndManageDns privilege to true
.
Assign the user to the created group using POST /cloudapi/v6/um/groups/{groupId}/users
endpoint and provide the user ID in the header.
Result: The Access and Manage DNS privilege is granted to the user.
The Cloud DNS API lets you manage DNS zones and records programmatically using conventional HTTP requests.
Prerequisite: To start using the Cloud DNS API, you need a domain name. If you do not have one already, get a domain name and register it with a domain registrar.
On successful registration of the domain name, you can now assign more users with the privilege to manage DNS zones and records via the API. By default, only contract owners and administrators have permission to use the Cloud DNS API.
To set user privileges via the API, see Set User Privileges via the API.
On assigning user privileges, continue with the following API How-Tos:
If you already have a primary zone hosted elsewhere, you can Create a Secondary DNS Zone to improve reliability, redundancy, load balancing, and performance.
Additionally, try the following features for your primary zones hosted in Cloud DNS:
Cloud DNS has a new group privilege called Access and manage DNS. The privilege must be enabled for a group so that the group members inherit this privilege through group privilege settings. Once the privilege is granted, contract users can view the Cloud DNS API.
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to manage DNS zones and records, follow these steps:
In the DCD, open Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the target group name from the Groups list.
Select the Access and manage DNS checkbox in the Privileges tab.
Result: The Access and manage DNS privilege is granted to all the members in the selected group.
You can revoke a user's Access and manage DNS privilege by removing the user from all the groups that have this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Access and manage DNS for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. On performing this action, the contract administrator gets the role of a contract user, and the privileges that were set up for the user before being an administrator will then be in effect.
Note: Only contract administrators, owners, and users with "accessAndManageDns" privilege can create and manage DNS zones and DNS records via API. You can also set User privileges in the DCD.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a DNS zone with Cloud DNS API, follow this step:
Perform a POST request with the domain or subdomain, a description of your DNS zone (optional), and the DNS zone status (enable), true or false.
Result: On a successful POST request, you receive a response containing the DNS zone UUID, Name Servers, and the request status.
202 Successful operation
To retrieve the quota of DNS zones, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
Similar to creating a DNS zone, you need to provide the UUID of the DNS zone to host the new record.
Note: There are various record types for DNS records, and each of them has unique specifications.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To create a DNS zone of Type A, follow this step:
Perform a POST request with these details:
corresponding UUID of the DNS zone,
name of the subdomain; example: www
record type; in this case: A,
content or destination of the A record in the form of an IPv4 address; example: 1.1.1.1
TTL you need (minimum 60 seconds and maximum 86.400 seconds), and
status of the DNS record (enable), true or false.
Result: On a successful POST request, you receive a response with the DNS record having the UUID assigned.
Info: If you want to create a Wildcard DNS record, you need to provide “*” as the name of your DNS record to match the requests for all non-existent names under your DNS zone name.
202 Successful operation
Cloud DNS supports the following record types: A, AAAA , CNAME, ALIAS, MX, NS, SOA, SRV, TXT, CAA, SSHFP, TLSA, SMIMEA, DS, HTTPS, SVCB, OPENPGPKEY, CERT, URI, RP and LOC.
Here is a brief explanation of the most common record types:
A: Specifies the IPv4 address associated with a zone name.
AAAA: Specifies the IPv6 address associated with a zone name.
MX: Specifies the mail exchange servers for a zone name.
CNAME: Specifies an alias for a zone name, allowing multiple names to resolve to the same IP address.
TXT: Allows arbitrary text to be associated with a zone name that is commonly used for SPF records and other types of verification.
NS: Specifies the name servers for a zone name.
SRV: Specifies the location of services for a zone name that is commonly used for Session Initiation Protocol (SIP) and other protocols.
Here you can see examples of records with different record types:
To retrieve the quota of DNS records, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
Record Type | Record Name | Record Value | Notes |
---|---|---|---|
Field | Type | Description | Example |
---|---|---|---|
id
string
UUID of the newly created DNS zone
2a4428b3-dbe0-4357-9c02-609025b3a40f
createdDate
string
DNS zone creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS zone update timestamp
2023-03-15T09:58:59.147746133Z
nameservers
array
Name Servers assigned to the DNS zone
"ns-ic.ui-dns.com", "ns-ic.ui-dns.de", "ns-ic.ui-dns.org", "ns-ic.ui-dns.biz"
state
string
State of the request
CREATED
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
id
string
UUID of the newly created DNS record
90d81ac0-3a30-44d4-95a5-12959effa6ee
createdDate
string
DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS record update timestamp
2023-03-15T09:58:59.147746133Z
zoneId
string
UUID of the DNS zone of the DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
fqdn
string
Fully qualified domain name resulting from the record name and the zoneName
*.example.com
state
string
State of the request
CREATED
A
example.com
192.168.1.1
AAAA
example.com
2001:0db8:85a3:0000:0000:8a2e:0370:7334
MX
example.com
mail.example.com
Priority is mandatory
CNAME
www.example.com
example.com
TXT
example.com
v=spf1 mx -all
NS
example.com
ns1.example.com
SRV
_sip._tcp.example.com
10 5060 sipserver.example.com
Priority weight port is mandatory
records
string
Number of DNS records
100000
reverseRecords
string
Number of reverse DNS records
5000
secondaryZones
string
Number of secondary DNS zones
100000
zones
string
Number of DNS zones
50000
records
string
Number of DNS records used
9
reverseRecords
string
Number of reverse DNS records used
1
secondaryZones
string
Number of secondary DNS zones used
6
zones
string
Number of DNS zones used
5
Similar to retrieving a DNS zone, you need to provide the UUID of the DNS zone that you want to export.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To export an existing zone at IONOS Cloud DNS in a BIND format, follow this step:
Perform a GET request providing the zoneId of your zone.
Result: On a successful GET request, you receive the BIND file with the DNS zone having the UUID assigned.
200 Successful operation
The exported zone file is in BIND format, a widely used format supported by most DNS software, including the BIND DNS server.
The file includes all record types associated with the selected zone, including SOA record, NS record, Service (SRV) record, and configuration information such as TTL values.
An example of a file in BIND format with an updated SRV record is as follows:
Prerequisite: You need a domain name. If you do not have one already, get a domain name and register it with a domain registrar.
To connect your domain name to the IONOS Cloud DNS zone that you created, specify the IONOS Cloud DNS nameservers as the domain's authoritative nameservers.
To connect a domain nameserver to a DNS zone, follow these steps:
Create a DNS Zone for your domain and the associated DNS records.
Save the four nameservers Cloud DNS provided upon creating the DNS zone.
Go to your Domain Registrar and update your domain's nameservers with the four nameservers from the previous step.
Note: Changes to nameservers can take up to 48 hours, but they usually happen much faster.
Result: The domain nameserver is connected to the Cloud DNS.
If you have an infrastructure that uses public DNS records and manage it by defining the required state, you can use Cloud DNS as follows:
Create a DNS Zone with Cloud DNS.
Generate a UUID (v3, v4, and v5 supported) for your DNS record.
Add to your infrastructure a PUT call for the desired record configuration with your UUID and assign it to the corresponding DNS zone ID.
Result: On a successful PUT request,
If the record does not exist, Cloud DNS creates the record with the specified configuration.
If a record already exists but with a different configuration, the record is updated.
202 Successful operation
The tutorial guides you through the commonly referred topics in the Cloud DNS such as:
To enable DNSSEC keys for a DNS zone at IONOS Cloud DNS, follow these steps:
1. Perform a POST request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone where you want to enable DNSSEC keys.
3. In the request body, provide the key parameters used to sign the zone. These parameters include the signing algorithm, key length for both Key Signing Keys (KSK), Zone Signing Keys (ZSK), NSEC mode (NSEC or NSEC3), and other relevant settings.
Result: The DNSSEC keys for a DNS zone are successfully enabled.
202 Accepted
To retrieve DNSSEC keys for a specific DNS zone at Cloud DNS, follow these steps:
1. Perform a GET request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone you want to retrieve keys for.
Result: The API response contains a list of DNSSEC keys associated with the specified DNS zone.
200 OK
To disable and delete DNSSEC keys for a DNS zone at Cloud DNS, follow these steps:
1. Perform a DELETE request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone from which you want to remove DNSSEC keys.
Result: The DNSSEC keys for the selected DNS zone are successfully disabled. The associated DNSSEC key records for the DNS zone is removed.
202 Accepted
The ExternalDNS solution offers the following capabilities:
Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.
Prerequisites: Ensure that you have the following before you begin:
A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
An IONOS Managed Kubernetes cluster.
The Helm tool for installing a Helm chart.
Add Helm chart: Add the Bitnami Helm repository, which contains the official external-dns Helm chart.
Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.
Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:
Deploy application: Follow this step to deploy an application:
Deploy an echo server application by using the file echoserver_app.yaml.
If you want to use a service, you do not need to install an ingress controller. You can install an ingress controller in the cluster and deploy the application with kubectl by using the following command:
Result: The deployment of ExternalDNS on Managed Kubernetes is complete.
You can verify that the application deployed is functioning as expected by using one of the following options.
Check that the echo server app runs on the subdomain you have specified by using the following command:
Expected result:
Check that the new A and TXT records are created by using the following command:
Prerequisite: Before creating a secondary DNS zone with IONOS Cloud DNS, ensure that the primary zone is capable of establishing a zone transfer with the secondary DNS server; this means port 53 is open for TCP and UDP connections.
To create a secondary zone on the IONOS Cloud DNS, follow this step:
Perform a POST request to the /secondaryzones
endpoint by providing the zoneName
, description
, and primaryIps
for the IP address of the primary nameserver.
Note: For sending DNS notify messages, Cloud DNS uses following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
Result: On a successful POST request, you receive a response containing the secondary DNS zone UUID, Name Servers, primaryIps, and the request status.
202 Accepted
To retrieve information about all the secondary zones, follow this step:
Send a GET request to the /secondaryzones
endpoint.
Result: On a successful GET request, you receive a response containing all secondary DNS zones.
200 OK
To retrieve information about a specific secondary zone, follow this step:
Send a GET request to the /secondaryzones/{secondaryzoneId}
endpoint.
Result: On a successful GET request, you receive a response containing the secondary DNS zone UUID, Name Servers, primaryIps, and secondary zone status.
To retrieve records information about a specific secondary zone, follow this step:
Send a GET request to the /secondaryzones/{secondaryzoneId}/records
endpoint.
Result: On a successful GET request, you receive a response containing the secondary DNS zone records information: status,content, type, priority, TTL and name.
To modify the description of a secondary zone or update the IP addresses of its primary nameserver, follow this step:
Send a PUT request to the /secondaryzones/{secondaryzoneId}
endpoint.
Result: On a successful PUT request, you receive a response containing the secondary DNS zone metadata with the new updated properties.
202 Accepted
Note: The creation of a secondary zone initiates zone transfer. In case of disrupted network connectivity at this time, you can initiate the zone transfer manually between the primary and secondary (i.e. secondary name server could not access primary nameserver on port 53) zones.
To initiate zone transfer from the primary zone to the secondary zone, follow this step:
Send a PUT request to the /secondaryzones/{secondaryzoneId}/axfr
endpoint.
Note: For sending DNS notify messages, Cloud DNS uses following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
Result: On a successful PUT request, you receive an HTTP response 200 OK.
200 OK
To check zone transfer status, follow this step:
Perform a GET request to /secondaryzones/{secondaryzoneId}/axfr
endpoint.
Result: On a successful GET request, you receive a response for AXFR communication status for each of primaryIps.
200 OK
To delete a secondary zone from the IONOS Cloud DNS, follow this step:
Send a DELETE request to the /secondaryzones/{zoneId}
endpoint.
Result: On a successful DELETE request, you receive an HTTP status 200 Accepted.
200 Accepted
To retrieve the quota of secondary DNS zones, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
Field | Type | Description | Example |
---|---|---|---|
ExternalDNS: Cloud DNS offers ExternalDNS integration that makes Kubernetes resources discoverable via the public DNS servers. For more information, see tutorial.
Set Up a Secondary Zone: Guides you through how to set up a primary zone in IONOS Cloud Dedicated Core server and a secondary zone with Cloud DNS. For more information, see tutorial.
Enhance Email Deliverability with a Reverse DNS, SPF, and DKIM Record: Guides you through creating a reverse DNS, SPF, and DKIM record for your domain name. For more information, see tutorial.
Issue TLS Certificates using IONOS Cloud Certbot Plugin: Guides you through creating TLS certificates using the IONOS Cloud Certbot Plugin. For more information, see tutorial.
Prerequisite: To sign a zone, you need to first .
Field | Type | Description | Example |
---|
is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.
A token from a to manage zones and records with Cloud DNS.
The installed on your local machine.
Follow these steps to set up ExternalDNS for your with IONOS DNS Provider :
Prepare domain name: You need to first for your domain name with Cloud DNS and then .
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
id
string
UUID of the newly created DNS record
90d81ac0-3a30-44d4-95a5-12959effa6ee
createdDate
string
DNS record creation timestamp
2023-03-15T09:58:59.147746133Z
lastModifiedDate
string
DNS record update timestamp
2023-03-15T09:58:59.147746133Z
zoneId
string
UUID of the DNS zone of the DNS record
2a4428b3-dbe0-4357-9c02-609025b3a40f
fqdn
string
Fully qualified domain name resulting from the record name and the zoneName
app.example.com
state
string
State of the request
CREATED
id | string | UUID of the DNSSEC key | 98277a78-a6a2-4672-ac9a-a68ca0a8d67a |
type | string | Type of the resource | dnsseckeys |
href | string | URL of the resource |
metadata | object | Metadata of the DNSSEC key |
zoneId | string | UUID of the DNS zone | a363f30c-4c0c-4552-9a07-298d87f219bf |
items | array | List of DNSSEC keys |
keyTag | integer | Key tag of the DNSSEC key | 49057 |
signAlgorithmMnemonic | string | Signing algorithm of the DNSSEC key | RSASHA256 |
signAlgorithmNumber | integer | Signing algorithm number of the DNSSEC key | 8 |
digestAlgorithmMnemonic | string | Digest algorithm of the DNSSEC key | SHA-1 |
digestAlgorithmNumber | integer | Digest algorithm number of the DNSSEC key | 1 |
digest | string | Digest of the DNSSEC key | CF58B511B2D8EF99263704A112703586E542E4FA |
keyData | object | Key data of the DNSSEC key |
flags | integer | Flags of the DNSSEC key | 257 |
protocol | integer | Protocol of the DNSSEC key | 3 |
alg | integer | Algorithm of the DNSSEC key | 8 |
pubKey | string | Public key of the DNSSEC key | AwEAAY6wMNhHk...RIrbLc= |
id | string | UUID of the secondary zone | a1bc82de-4cc5-40ca-bfb3-4e93bd9a367c |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T10:21:32+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T10:21:33+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the secondary zone | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | "192.0.2.2" "192.0.2.3" |
zoneName | string | Name of the secondary zone | example.com |
id | string | UUID of the secondary zone | 04706207-a691-4710-902d-10acf5441bf1 |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T13:15:46+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T13:15:46+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the secondary zone | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | "192.0.2.2" "192.0.2.3" |
zoneName | string | Name of the secondary zone | example.org |
id | string | UUID of the secondary zone | 04706207-a691-4710-902d-10acf5441bf1 |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T13:15:46+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T13:15:46+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the secondary zone | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | "192.0.2.2" "192.0.2.3" |
zoneName | string | Name of the secondary zone | example.org |
id | string | UUID of the secondary zone | 04706207-a691-4710-902d-10acf5441bf1 |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T13:15:46+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-04T13:15:46+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the request | AVAILABLE |
description | string | Description of the secondary zone | This is a secondary zone created in IONOS Cloud DNS |
primaryIps | array | IP addresses of the primary nameserver | 192.0.2.2 |
zoneName | string | Name of the secondary zone | example.org |
fqdn | string | Fully qualified domain name resulting from the record name and the zoneName | example.org |
rootName | string | Root name of the secondary zone | example.org |
content | string | Content of the secondary zone | example.org hostmaster.example.org 2037070192 28800 7200 604800 600 |
enabled | boolean | Status of the secondary zone | true |
name | string | Name of the secondary zone | www |
priority | integer | Priority of the secondary zone | 0 |
ttl | integer | TTL of the secondary zone | 3600 |
type | string | Type of a record in the secondary zone | SOA |
id | string | UUID of the secondary zone | a1bc82de-4cc5-40ca-bfb3-4e93bd9a367c |
createdDate | string | Secondary zone creation timestamp | 2023-08-04T10:21:32+00:00 |
lastModifiedDate | string | Secondary zone update timestamp | 2023-08-10T09:32:29+00:00 |
nameservers | array | Name Servers assigned to the secondary zone | "nscs.ui-dns.com", "nscs.ui-dns.de", "nscs.ui-dns.org", "nscs.ui-dns.biz" |
state | string | State of the request | AVAILABLE |
description | string | Description of the secondary zone | Changing description and primaryIps for secondary zone example.com |
primaryIps | array | IP addresses of the primary nameserver | 192.0.2.2, < /br> 192.0.2.4 |
zoneName | string | Name of the secondary zone | example.com |
errorMessage | string | Error message if any |
primaryIp | string | Primary IP address | 192.0.2.2 |
status | string | AXFR communication status | OK |
records | string | Number of DNS records | 100000 |
reverseRecords | string | Number of reverse DNS records | 5000 |
secondaryZones | string | Number of secondary DNS zones | 100000 |
zones | string | Number of DNS zones | 50000 |
records | string | Number of DNS records used | 9 |
reverseRecords | string | Number of reverse DNS records used | 1 |
secondaryZones | string | Number of secondary DNS zones used | 6 |
zones | string | Number of DNS zones used | 5 |
Transport Layer Security(TLS), is a pivotal security protocol that ensures the encryption of data transmitted between web browsers like Chrome, Firefox, and web servers.
Employing TLS certificates for all hosted content and applications is imperative. It not only safeguards sensitive information but also fosters trust among users by guaranteeing secure communication channels.
Info: To obtain a Let’s Encrypt certificate for your domain, verification of ownership is required. This can be achieved through various methods detailed in the Let’s Encrypt documentation. One commonly used method is the DNS-01 challenge, which necessitates demonstrating control over the domain's DNS by generating a specific value in a TXT record. Utilizing the Certbot plugin facilitates the certificate issuance process by managing TXT records automatically, handling tasks such as creation, removal, renewal, and revocation. Further details on this process can be found in the Certbot documentation.. For more information on Cloud DNS Certbot plugin, see Cloud DNS Certbot GitHub.
This tutorial will guide you on how to install and configure a simple web server, create an A record for that web server using IONOS Cloud DNS API, and create an TLS certificate for your web server using Cloud DNS Certbot. The steps we will follow are:
Reserve an IPv4 in your IONOS Cloud setup.
Set up a Web Server on Dedicated Core Server in IONOS Cloud.
Create an A record for your web server. For information on common record types, see Create records of other types.
Create an TLS certificate for your web server using IONOS Cloud Certbot Plugin.
Add TLS certificate to your web server configuration.
Test your TLS certificate.
Prerequisites:
You have an IONOS account. If you do not have an account, you can create one by visiting the IONOS website.
You have a zone with IONOS Cloud DNS. If you do not have a zone, you can create one using the IONOS Cloud DNS API. For more information, see Create a zone using IONOS Cloud DNS API. We will refer to this zone and zone name as <your-zone>
and <your-zone-name>
, respectively.
Make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
To reserve an IPv4 address in IONOS Cloud, follow these steps:
1. In the DCD, go to Menu > Management > IP Management.
2. In IP Management, click Reserve IPs, and a new pop-up window appears. Enter the following information:
Name: Enter a suitable name.
Number of IPs: Select the number of IP addresses to be reserved.
Region: Select a region that is the same as the region of your Dedicated Core server. Click Reserve IPs to reserve the IP addresses and confirm the reservation by selecting OK.
3. Exit the IP Management window and return to the IONOS Cloud Workspace.
Result: The IPv4 address is reserved.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: It is automatically assigned during the VM creation.
3. LAN: Select the LAN connection that is connected to the internet by default it is LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.
5. In the IPv4 Configuration, click Add IP and select the same IP address that you used to create an A record.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: By default, the value is set to "Auto".
Size in GB: We recommend using 20 for the storage size.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: To install the Nginx web-server, Certbot, and Python3-pip tools, use the following Cloud-Init user data.
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane, and copy one of the IPv4 addresses.
1. To create an A record for your email server, follow these steps:
Info: We already own the zone demo-ionos.cloud
and will use it for this tutorial. Previously, we created a zone demo-ionos.cloud
using the IONOS `Cloud DNS API. For more information on how to create a zone using IONOS Cloud DNS API, see Create a zone using IONOS Cloud DNS API.
Prerequisite: Make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
Result: The A record for your web server is created.
Info: For more information on how to create a record for a zone using IONOS Cloud DNS API, see Create a record for a zone using IONOS Cloud DNS API.
1. Create a credentials.ini
file containing the IONOS Cloud API token. This file must contain ionos_dns_token
key with the value of the access token:
and add the following content:
Save and exit the file.
2. Restrict access to the credentials.ini
file:
3. Create an TLS certificate for your web server using the IONOS Cloud Certbot Plugin:
4. When prompted, enter the email address for urgent renewals and security notices.
5. The Certbot plugin will automatically create a TXT record in your zone to verify the domain ownership.
6. The Certbot plugin will issue the TLS certificate for your web server. On successful issuance, you will see the following message:
Note: TLS Certificate and Key will be created in /etc/letsencrypt/live/<your-zone>/
folder. For the purpose of this tutorial we used zone demo-ionos.cloud
, therefore TLS Certificate and Key are created in /etc/letsencrypt/live/demo-ionos.cloud/
directory.
Result: The TLS certificate for your web server is issued using the IONOS Cloud Certbot Plugin.
1. Add the TLS certificate to your web server configuration by editing the Nginx configuration file:
2. At the beginning of /etc/nginx/sites-available/default
file, uncomment the following lines:
3. Add the following lines to the bottom of the server
block:
4. Your /etc/nginx/sites-available/default
file should look like this:
5. Save and exit the file.
6. Restart the Nginx service:
7. Verify the Nginx service status:
Result: The TLS certificate is added to your web server configuration.
1. To test your TLS certificate, open a web browser and enter the URL https://<your-zone-name>
.
Result: The TLS certificate is successfully installed, and your web server is secure.
Let's Encrypt certificates are valid for 90 days.
1. To manually renew your TLS certificate using the IONOS Cloud Certbot Plugin, you can do it manually by issuing the following command:
2. To automate the renewal process, you can set up a cron job to run the renewal command automatically. For more information on how to set up automated renewals, see the Certbot documentation page.
Result: Your TLS certificate is renewed successfully.
This tutorial explains how to set up a secondary DNS zone in IONOS Cloud by running a bind9 server on an Ubuntu operating system. The setup includes the following configuration steps:
Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary DNS zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.
5. IPv4 Configuration: Leave to default values.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and further click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.
Prerequisite: A Dedicated Core server in IONOS Cloud needs to be set up and you must have the IPv4 address of the server.
To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:
1. SSH into the newly created Dedicated Core server.
2. Connect to the newly created server via SSH.
3. Proceed with configuring bind9 and your primary DNS zone.
4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.
Note: For sending DNS notify messages, Cloud DNS uses the following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.
5. Create your primary zone.
6. Edit the zone file.
7. Save your changes and quit the Vim editor.
8. Check the configuration, reload bind, and verify that the configured zone is working.
Result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Prerequisite: A Dedicated Core server in IONOS Cloud is set up as a primary nameserver.
To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:
Send a POST request to the /secondaryzones
endpoint.
Result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.
On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:
You can also verify zone transfer status using IONOS Cloud DNS API:
On success response: 200 OK
Result: The zone transfer between primary and secondary zones is successfully verified.
To add a record, follow these steps:
1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:
2. Resolve the new record locally.
3. View the logs which show that a notification is sent to the secondary zone for the new record.
4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.
5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:
Result: A record is successfully added to the primary nameserver.
A PTR record is crucial for email servers, establishing Reverse DNS mapping and verifying server IP legitimacy. It's vital for email deliverability, preventing spam flags and contributing to FCrDNS. Servers lacking PTR records may face rejection, impacting delivery. Additionally, SPF records specify authorized email servers, preventing spoofing. DKIM further authenticates outgoing emails, enhancing trust and communication.
This tutorial will guide you on how to install and configure a email server and a PTR, SPF and DKIM records using IONOS Cloud DNS API. The steps we will follow are:
Reserve an IPv4 in your IONOS Cloud setup.
Create an A and MX record for your email server. For information on common record types, see Create records of other types.
Install and configure the email server on a Dedicated Core Server in the IONOS Cloud.
Test the email deliverability from the Dedicated Core Server.
Add a pointer record (PTR), DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) record for your email server.
Test the email deliverability after adding PTR, DKIM and SPF records.
Info:
Pointer Record (PTR): A type of DNS record that maps an IP address to a domain name, commonly used for reverse DNS lookups to verify the authenticity of the sender's domain.
DomainKeys Identified Mail (DKIM): A method for validating the authenticity of email messages by adding a digital signature to the email headers, allowing receiving servers to verify that the message has not been altered and comes from a legitimate sender.
Sender Policy Framework (SPF): A DNS-based email authentication protocol used to prevent email spoofing by specifying which IP addresses are allowed to send emails on behalf of a particular domain. This helps to detect and prevent email fraud.
Switch to IPv6 and configure your email server to use IPv6.
Result: Email deliverability is achieved using reverse DNS, MX, A, DKIM, and SPF records for both IPv4 and IPv6.
To reserve an IPv4 in IONOS Cloud, follow these steps:
1. In the DCD, go to Menu > Management > IP Management.
2. In IP Management, click Reserve IPs, and a new pop-up window appears. Enter the following information:
Name: Enter a suitable name.
Number of IPs: Select the number of IP addresses to be reserved.
Region: Select a region that is the same as the region of your Dedicated Core server. Click Reserve IPs to reserve the IP addresses and confirm the reservation by selecting OK.
3. Exit the IP Management window and return to the IONOS Cloud Workspace.
Result: The IPv4 address is reserved.
1. To create an A record for your email server, follow these steps:
Info: We already own the zone mail.demo-ionos.cloud
and will use it for this tutorial. Previously, we have created a zone demo-ionos.cloud using the IONOS Cloud DNS API. For more information on how to create a zone using IONOS Cloud DNS API, see Create a zone using IONOS Cloud DNS API.
Prerequisite: Make sure to use your own <zone_id>
and <your_server_ip>
along with your <authorization token>
.
2. Create an MX record for demo-ionos.cloud using the IONOS Cloud DNS API:
Result: The A and MX records for your email server are created.
Info: For more information on how to create a record for a zone using IONOS Cloud DNS API, see Create a record for a zone using IONOS Cloud DNS API.
Note:
The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.
3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.
4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.
Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 25 for UDP and TCP.
5. In the IPv4 Configuration, click Add IP and select the same IP address that you used to create an A record.
Result: The Network settings for a Dedicated Core server are configured.
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "20" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: You can add the below Cloud-Init user data to your server. This will install Postfix, OpenDKIM, and OpenDKIM tools. Replace <your-email-domain>
with your email domain.
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Result: The Storage settings for a Dedicated Core server are configured.
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and further click Provision Now.
Result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy one of the IPv4 addresses.
Note: You can now connect to your Dedicated Core Server, and send a test email. The email might be marked as spam, depending on your email provider. At this point, you have configured only A and MX records.
1. Connect to your Dedicated Core Server via ssh
:
2. Test the configuration using the following bash command:
Info: Replace <your-email>@<your-domain>
with your email address.
You should receive an email titled Test Email containing the message This is a test email. However, depending on your email provider, the email might be redirected to your spam folder. For example, the email can be in the spam folder with a note Mail system could not verify that demo-ionos.cloud actually sent this message (and not a spammer).
3. Check the mail.log
file to see the status of the email delivery:
4. Get the public key for the DKIM record:
Info: Public key for the DKIM record can be found in the /mail.txt
file. This is necessary to create the DKIM record.
The output should be similar to something like this:
Here, you need to save the public key for the next step.
Result: You have tested email deliverability with A and MX records.
1. Create a PTR record for your email server using the IONOS Cloud DNS API:
2. Create an SPF record for mail.demo-ionos.cloud
using IONOS Cloud DNS API:
Info:
For your SPF record make sure that instead of mail.demo-ionos.cloud
you use your own domain name.
After creating the PTR record and the SPF record, it might take around 10 minutes to propagate.
3. Create a DomainKeys Identified Mail (DKIM) record for mail.demo-ionos.cloud
using the IONOS Cloud DNS API:
4. Test the email deliverability using the following bash command:
Result: You have created reverse DNS, SPF, and DKIM records for your email server and tested email deliverability.
Info: Replace <your-email>@<your-domain>
with your email address.
Once you have configured your email server to use IPv4, you can now configure your email server to use IPv6.
1. To enable IPv6 for your LAN, select the LAN connection connected to the internet, then select the IPv6 enabled option. Provision your changes.
2. After the changes are provisioned and IPv6 is enabled you can configure your NIC in the Network tab. Provide the following details:
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
MAC: The Media Access Control (MAC) address will be assigned automatically upon provisioning.
LAN: Select a LAN for which you want to configure the network.
Firewall: To activate the firewall, choose between Ingress / Egress / Bidirectional.
IPv4 Configuration: Provide the following details:
Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IPs from the drop-down list. Private IP addresses should be entered manually. The Network Interface Controller (NIC) has to be connected to the Internet.
Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your High Availability (HA) setup.
Firewall: Configure the firewall.
DHCP: It is often necessary to run a Dynamic Host Configuration Protocol (DHCP) server in your VDC (e.g. Preboot Execution Environment (PXE) boot for fast rollout of VMs). If you use your own DHCP server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCP server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
IPv6 Configuration: Provide the following details:
NIC IPv6 CIDR: You can populate an IPv6 CIDR block with prefix length /80 or allow it to be automatically assigned from the VDCs allocated range, by selecting PROVISION CHANGES. You can also choose 1 or more individual /128 IPs. Only the first IP is automatically allocated. The remaining IPs can be assigned as per your requirement. The maximum number of IPv6 IPs that can be allocated per NIC is 50.
DHCPv6: It is often necessary to run your own DHCPv6 server in your Virtual Data Center (VDC) (e.g. PXE boot for fast rollout of VMs). If you use your own DHCPv6 server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCPv6 server.
Add IP: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
To create the PTR record, use the automatically assigned IPv6 address from the VDCs allocated range. Continue and select PROVISION CHANGES.
3. Create a PTR record for your mail server using IONOS Cloud DNS API:
Note: Replace 2001:0db8::1
with your own IPv6 address.
4. Create an AAAA record for mail.demo-ionos.cloud
pointing to the IPv6 address that was assigned to your server:
Note: Replace 2001:0db8::1
with your own IPv6 address.
5. You need to alter the SPF record to include the IPv6 address. To update the SPF record, you need to get <spf_record_id>
using:
6. Update the SPF record to include the IPv6 address using:
Note: Replace <IPv4 address of email server>
and <IPv6 address of email server>
with IPv4 and IPv6 addresses of the email server.
7. Login to the email server using the new IPv6 address and test again the email deliverability using:
and send an email:
8. We can check the mail.log
using:
Result: You have switched from IPv4 to IPv6 and tested email deliverability.
You can import a DNS zone from your existing DNS provider to IONOS Cloud.
Prerequisite: You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
To import an existing zone to IONOS Cloud DNS, follow these steps:
Create a DNS zone without records.
Perform a PUT request providing the zoneId of the newly created zone and the zone file.
Result: On a successful PUT request, the records provided in the zone file will be added to your DNS zone.
Important: If the zone file you import contains CNAME entries that point to names in another private zone, Azure DNS resolution of the CNAME will fail unless the other private zone is imported or the CNAME entries are modified.
200 Successful operation
The imported file has to be in BIND format, a widely used format supported by most DNS software, including the popular BIND DNS server.
The file should include all the record types associated with the selected zone. The Start of Authority (SOA) and Name Server (NS) records are not to be considered since IONOS Cloud uses its name server configuration.
Notes:
You need an IONOS Cloud account with API credentials configured with the appropriate permissions.
Perform a POST request with name, a description of reverse DNS record (optional), and the IP.
Note:
The IPv4 address must be from a reserved IP range. To reserve an IPv4 address, in the DCD go to the Menu > Management > IP Management. Enter a name and the number of IPv4 addresses, and select a region where you want your IPv4 addresses to be reserved. Select Reserve IP to reserve the IPv4 address, and confirm the reservation by pressing OK.
Result: On a successful POST request, you receive a response containing the reverse DNS record UUID, type, href, metadata, properties of your reverse DNS record, name, description, and IP address.
200 Successful operation
To create an IPv6 reverse DNS record, perform a POST request to the /reverserecords
endpoint with an IPv6 address in the request body.
200 Successful operation
To retrieve all reverse DNS records, perform a GET request to the /reverserecords
endpoint.
Result: On a successful GET request, you receive a response containing all reverse DNS records.
200 Successful operation
To retrieve a reverse DNS record, perform a GET request to the /reverserecords/{id}
endpoint.
Result: On a successful GET request, you receive a response containing the reverse DNS record UUID, type, href, metadata, and properties of your reverse DNS record, name, description, and IP.
200 Successful operation
To modify a reverse DNS record, perform a PUT request to the /reverserecords/{id}
endpoint.
Result: On a successful PUT request, you receive a response containing the reverse DNS record UUID, type, href, metadata, and properties of your reverse DNS record, name, description, and IP.
200 Successful operation
To delete a reverse DNS record, perform a DELETE request to the /reverserecords/{id}
endpoint.
Result: On a successful DELETE request, you receive a HTTP response 202 Successful operation.
202 Successful operation
To retrieve the quota of reverse DNS records, perform a GET request to the /quota
endpoint.
Result: On a successful GET request, you receive a response containing the quota limits and quota usage for your contract.
200 OK
Only contract administrators, owners, and users with accessAndManageDns privilege can create and manage DNS zones and DNS records via the API. You can also set User privileges in the .
Sub-users can create Reverse DNS records only if the user group they belong to has access to the concerned IP block. For more information, see .
supports both IPv4 and IPv6 addresses for Reverse DNS records.
For more information about IPv6 configuration in the DCD see .
Before creating a Reverse DNS record, you must create an A record for the IP address you want to use for the reverse DNS record. For more information, see .
To create a Reverse DNS Record with , follow this step:
To use an IPv6 address for a reverse DNS record, it needs to belong to any of the /56 IPv6 blocks assigned to the VDC and have a prefix length of /128, that is, 2001:db8:1234:5678::1/128 and belongs to a 2001:db8:1234:5678::/56 block. For more information, see .
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Field | Type | Description | Example |
---|
Flag
Description
--authenticator dns-ionos
Specifies the authenticator plugin to be used.
--dns-ionos-credentials
Specifies the path to the credentials.ini
file.
--dns-ionos-propagation-seconds
Specifies the time to wait for DNS propagation.
--agree-tos
Agrees to the terms of service.
--rsa-key-size
Specifies the size of the RSA key.
-d
Specifies the domain name for which the certificate is issued. Provide the previously created zone name.
id | string | UUID of the newly created reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record | 192.0.2.2 or 2001:0db8::1 |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
id | string | UUID of the reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record | 192.0.2.2 or 2001:0db8::1 |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
id | string | UUID of the reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
id | string | UUID of the reverse DNS record | 2a4428b3-dbe0-4357-9c02-609025b3a40f |
createdDate | string | Reverse DNS record creation timestamp | 2023-03-15T09:58:59.147746133Z |
lastModifiedDate | string | Reverse DNS record update timestamp | 2023-03-15T09:58:59.147746133Z |
name | string | Name of the reverse DNS record | mail.example.com |
description | string | Description of the reverse DNS record | The reverse DNS record is used for mail.example.com |
ip | string | IP address of the reverse DNS record | 192.0.2.3 |
type | string | Type of the reverse DNS record | reverserecord |
href | string | URL to the reverse DNS record |
records | string | Number of DNS records | 100000 |
reverseRecords | string | Number of reverse DNS records | 5000 |
secondaryZones | string | Number of secondary DNS zones | 100000 |
zones | string | Number of DNS zones | 50000 |
records | string | Number of DNS records used | 9 |
reverseRecords | string | Number of reverse DNS records used | 1 |
secondaryZones | string | Number of secondary DNS zones used | 6 |
zones | string | Number of DNS zones used | 5 |