DNS controls how your domain connects to websites, email, and other internet services. You can manage DNS in two main ways: by editing individual DNS records in our dashboard, or by pointing your domain to external nameservers at a third party DNS provider. Record changes are ideal when you only need to adjust a few settings, for example, an A record for your website or TXT records for email. Nameserver changes are best when a third party manages your entire zone, for example, with a managed DNS platform, traffic steering, failover, or automation.
• A record – Maps a hostname to an IPv4 address, e.g., 203.0.113.10.
• AAAA record – Maps a hostname to an IPv6 address, e.g., 2001:db8::10.
• CNAME record – Creates an alias from one hostname to another, e.g., www → example.hosting.com. Cannot mix with other records on the same hostname.
• MX record – Directs email to mail servers. Use hostnames and priorities exactly as given.
• TXT record – General-purpose text. Used for SPF, DKIM, DMARC, site verification, and vendor-specific settings.
• NS record – Defines authoritative nameservers for a zone or delegated subzone.
• TTL – Time-to-live in seconds. Lower TTL = faster changes; higher TTL = more stability.
• Apex or root – The bare domain, e.g., example.com, often shown as @. CNAME is not allowed at the apex; some providers offer ALIAS/ANAME as alternatives.
• Propagation – Period for cached answers to expire and new data to replace them. Usually minutes to hours, up to 24–48h for nameserver changes.
• DNSSEC – Security extension that signs DNS data. Requires coordination when changing nameservers.
• Edit DNS records in our dashboard – For simple changes (A, MX, TXT) with short propagation and when you don’t need advanced DNS features.
• Change nameservers – When a third party manages your full zone (e.g., CDN, geo-routing, traffic steering, API-driven workflows) or when you need advanced features.
Step by step:
• Open the domain in our dashboard → DNS/DNS Records.
Website hosting
• A record: host @ → your IPv4 address, TTL 300–3600.
• AAAA record: host @ → your IPv6 address (if supported).
• CNAME: host www → @ or hosting target, e.g., example.hosting.com.
Email setup
• MX records: add provider’s hosts and priorities.
• TXT SPF: one SPF record at apex, e.g., v=spf1 include:provider.com ~all. Merge includes; do not create multiple SPF TXT records.
• TXT DKIM: add selector hostname (e.g., selector1._domainkey) with full DKIM key string.
• TXT DMARC: at _dmarc.example.com, e.g., v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com. Start with p=none, then move to quarantine/reject.
Other services
• Add SRV, subzone NS, or vendor-specific TXT as directed.
• Save changes and wait for propagation.
• Record edits: minutes to a few hours.
• Nameserver changes: up to 24–48 hours globally.
• Lower TTL to 300–900s before planned changes; raise later for stability.
• Avoid conflicting records on the same hostname (no A + CNAME on the same host).
• Keep exactly one SPF TXT at apex; merge vendors; keep lookups under 10.
• Save old values before changing so you can roll back quickly.
• Update both @ and www consistently when moving a site.
• Switch MX during low-traffic windows; overlap old/new mail systems briefly.
• Use dig or nslookup to query A, AAAA, CNAME, MX, TXT.
• Test email: check SPF, DKIM, DMARC alignment.
• Confirm propagation across regions using multiple resolvers.
What it does – Delegates your entire zone to another provider. All record edits then happen there.
Prepare at the external provider
• Create the zone (e.g., example.com).
• Pre-create all required records (A, AAAA, CNAME, MX, TXT, DMARC, SRV, verification TXT, subdomains).
• Lower TTL at current provider to 300s, 24–48h before cutover.
• If DNSSEC is active, disable before switching; re-enable with new DS record after cutover.
• Obtain NS hostnames from your DNS provider (e.g., ns1.dnsprovider.com, ns2.dnsprovider.com).
• In our dashboard → Nameservers → Custom Nameservers.
• Enter NS hostnames exactly, save.
• Wait for registry update, then validate new provider answers for your zone.
• Parent zone delegation updates quickly.
• Resolver caches may serve old data until TTL expiry (up to 48h).
• Keep old records valid until propagation settles.
• Disable DNSSEC on current zone before switching.
• Change nameservers, confirm new provider serves your zone.
• Enable DNSSEC at new provider, obtain DS values, add them to registry if required.
• Validate with DNSSEC checker. Incorrect DS data = immediate failures.
• Nameserver changes affect the entire zone—review all records first.
• If using vanity nameservers/child NS, configure glue records with correct IPs.
• If using CDN/proxy, confirm SSL, origin, firewall before cutover.
• Keep old provider active during overlap for rollback safety.
Record edits only
• Lower TTL to 300s a day in advance.
• Add new records in parallel; remove old after stable.
• Test, then raise TTL back to 3600–14400s.
Nameserver change
• Export current zone file, replicate at new provider.
• Lower TTL 24–48h in advance.
• Switch NS, validate with dig @ns1.newprovider.com example.com any.
• Keep old provider active 24–48h, then retire it after validation.
• Re-enable DNSSEC with new DS record.
Point root + www
• @ A 203.0.113.10 TTL 600
• @ AAAA 2001:db8::10 TTL 600
• www CNAME @ TTL 600
Email setup
• @ MX 10 mx1.mail.example TTL 3600
• @ MX 20 mx2.mail.example TTL 3600
• @ TXT "v=spf1 include:mail.example ~all" TTL 3600
• selector1._domainkey TXT "k=rsa; p=MIIBIjANBgkqh..." TTL 3600
• _dmarc TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com" TTL 3600
Delegate a subdomain
• sub NS ns1.otherdns.example TTL 3600
• sub NS ns2.otherdns.example TTL 3600
• A record not updating – TTL caching, wait for expiry, test with different resolvers.
• Email down after MX change – Verify hostnames/priorities, SPF, DKIM, single SPF TXT, mailbox setup.
• CNAME not working at root – CNAME not allowed at apex; use A/AAAA or ALIAS/ANAME.
• No resolution after NS change – Check zone at new provider, DNSSEC config, parent zone delegation.
• DMARC rejects mail – Start with p=none, move gradually to quarantine/reject.
• SPF too many lookups – Limit to 10, consolidate includes, flatten SPF, remove unused vendors.
• Enable 2FA on your account and restrict roles.
• Re-enable transfer lock after changes.
• Review DNS quarterly; remove stale records.
• If using DNSSEC, plan key rollovers/DS updates with provider.
Edit DNS records in our dashboard for quick, targeted changes (A, AAAA, CNAME, MX, TXT) with minimal propagation. Switch nameservers when a third party will manage the entire zone—prepare the new zone first, lower TTL, and coordinate DNSSEC. Record edits propagate in minutes to hours; nameserver changes can take 24–48h. Follow checklists, validate widely, and keep a rollback plan for smooth changes.