Managing Dns

Record Type Selection

Quick Reference

Address Resolution:

• A Record: Map hostname to IPv4 address (example.com → 192.0.2.1)
• AAAA Record: Map hostname to IPv6 address (example.com → 2001:db8::1)
• CNAME Record: Alias to another domain (www.example.com → example.com)
  • Cannot use at zone apex (@)
  • Cannot coexist with other records at same name

Email Configuration:

• MX Record: Direct email to mail servers with priority
• TXT Record: Email authentication (SPF, DKIM, DMARC) and verification

Service Discovery:

• SRV Record: Specify service location (protocol, priority, weight, port, target)

Delegation and Security:

• NS Record: Delegate subdomain to different nameservers
• CAA Record: Restrict which Certificate Authorities can issue certificates

Cloud-Specific:

• ALIAS Record: Like CNAME but works at zone apex (Route53, Cloudflare)

Decision Tree

Need to point domain to:
├─ IPv4 Address? → A record
├─ IPv6 Address? → AAAA record
├─ Another Domain?
│  ├─ Zone apex (@) → ALIAS/ANAME or A record
│  └─ Subdomain → CNAME
├─ Mail Server? → MX record (with priority)
├─ Email Authentication? → TXT record (SPF/DKIM/DMARC)
├─ Service Discovery? → SRV record
├─ Domain Verification? → TXT record
├─ Certificate Control? → CAA record
└─ Subdomain Delegation? → NS record

For detailed record type examples and patterns, see references/record-types.md.

TTL Strategy

Standard TTL Values

By Change Frequency:

• Stable records: 3600-86400s (1-24 hours) - NS, stable A/AAAA
• Normal operation: 3600s (1 hour) - Standard websites, MX
• Moderate changes: 300-1800s (5-30 min) - Development, A/B testing
• Failover scenarios: 60-300s (1-5 min) - Critical records needing fast updates

Key Principle: Lower TTL = faster propagation but higher DNS query load

Pre-Change Process

When planning DNS changes:

T-48h: Lower TTL to 300s
T-24h: Verify TTL propagated globally
T-0h:  Make DNS change
T+1h:  Verify new records propagating
T+6h:  Confirm global propagation
T+24h: Raise TTL back to normal (3600s)

Propagation Formula: Max Time = Old TTL + New TTL + Query Time

Example: Changing a record with 3600s TTL takes up to 2 hours to fully propagate.

TTL by Use Case

For detailed TTL scenarios and calculations, see references/ttl-strategies.md.

DNS-as-Code Tools

Tool Selection by Use Case

Kubernetes DNS Automation → external-dns

• Annotation-based configuration on Services/Ingresses
• Automatic sync to DNS providers (20+ supported)
• No manual DNS updates required
• See examples/external-dns/

Multi-Provider DNS Management → OctoDNS or DNSControl

• Version control for DNS records
• Sync configuration across multiple providers
• Preview changes before applying
• OctoDNS (Python/YAML) - See examples/octodns/
• DNSControl (JavaScript) - See examples/dnscontrol/

Infrastructure-as-Code → Terraform

• Manage DNS alongside cloud resources
• Provider-specific resources (aws_route53_record, etc.)
• See examples/terraform/

Tool Comparison

Quick Start: external-dns

# Kubernetes Service with DNS annotation
apiVersion: v1