DNS Record Management

Available on: Plus Pro Elite

1. What This Feature Does

The DNS Record Manager allows you to create, edit, and delete DNS records on your imported zones. It supports MX (mail exchange), TXT (text records for SPF, DKIM, verification codes, etc.), CNAME (canonical name aliases), and NS (nameserver delegation) record types. Each record you create is immediately synchronized to CertaDNS's authoritative DNS servers (PowerDNS) and becomes resolvable through DNS queries.

A and AAAA records are managed separately through the Dynamic DNS Domains feature. The DNS Record Manager is limited to the four record types listed above and requires that you have imported and verified a zone first.

2. When You Should Use It

You need to configure email routing with MX records for your domain.
You want to add SPF, DKIM, or DMARC records to authenticate outbound email.
You need to add domain verification TXT records for third-party services (Google Workspace, Microsoft 365, etc.).
You want to create CNAME aliases pointing to external services (e.g., blog.example.com pointing to a hosting provider).
You need to delegate a subdomain to external nameservers using NS records.

3. When You Should Not Use It

A or AAAA records: These are managed through the Dynamic DNS Domains feature, not the DNS Record Manager.
Zone not imported: You must import and verify your own zone before you can manage DNS records on it. See Managed DNS Zones for instructions on importing a zone.
Free plan: DNS Record Management is only available on Plus, Pro, and Elite plans.
CertaDNS public zones: You cannot create MX, TXT, CNAME, or NS records on CertaDNS public zones (e.g., certadns.com). Only your imported zones support these record types.

4. Prerequisites

A Plus, Pro, or Elite plan subscription.
At least one imported zone in verified status. See Managed DNS Zones for zone import instructions.
Ownership permission for the zone you want to manage records on.

5. How It Works (Brief)

When you create a DNS record, CertaDNS validates the input fields according to the record type, then sends a PATCH request to the PowerDNS API to add the record to the zone. The record is written with the TTL you specify (default: 3600 seconds). For MX records, the priority value is prepended to the content field before being sent to PowerDNS. Hostnames in MX, CNAME, and NS records automatically receive a trailing dot to indicate an absolute domain name.

Edits to existing records replace the previous record entirely. Deletions send a DELETE changetype to PowerDNS, removing the record from the zone. All changes propagate immediately to the authoritative nameservers. Caching resolvers will continue returning the old value until the previous TTL expires.

The system enforces a limit of 500 total DNS records per zone, including both manually created records and DDNS domains. CNAME records cannot coexist with other record types at the same name due to DNS specification constraints.

6. How to Use It

Creating a DNS record

Navigate to Dashboard > DNS Records.
Select the zone you want to manage from the zone dropdown at the top of the page.
In the DNS Record form:
- Enter a subdomain name (or leave blank for the root domain @).
- Select the record type from the dropdown: MX, TXT, CNAME, or NS. Default selection is MX.
- Enter the content (the placeholder text changes based on the record type you selected).
- For MX records only: Enter a priority value (default: 10).
- Optionally adjust the TTL (default: 3600 seconds).
Click Add Record.
The record appears in the record list below the form.

Editing a DNS record

In the record list, find the record you want to modify.
Click the edit icon (pencil) in the Actions column.
Modify the content, TTL, or priority fields in the edit modal.
Click Save Changes.
The updated record syncs to PowerDNS immediately.

Deleting a DNS record

In the record list, click the trash icon in the Actions column for the record.
Confirm the deletion in the dialog.
The DNS record is removed from PowerDNS. The deletion is permanent.

7. Inputs and Settings

Field	Description	Constraints
Subdomain	The hostname label to create the record at. Use `@` for the root domain, `*` for a wildcard. Multi-level subdomains are supported (e.g., `dev.api.service`).	Per label: 1-63 characters, alphanumeric and hyphens only. Must start and end with alphanumeric. Maximum 127 labels total. Leave blank or use `@` for the root domain.
Record Type	The DNS record type. Options: MX, TXT, CNAME, NS.	Cannot be changed after creation. Delete and recreate to change the type.
Content	The record value. Validation rules differ by type.	MX/CNAME/NS: Valid hostname (trailing dot added automatically). TXT: Any content accepted. A/AAAA: Not available in this manager; use DDNS Domains.
Priority	MX records only. Lower values have higher priority.	Integer. Default: 10. Only shown and required for MX records.
TTL	Time to Live in seconds. How long DNS resolvers cache the record before querying again.	Default: 3600 seconds (1 hour). Minimum: 60 seconds. Maximum: 86400 seconds (24 hours).

Subdomain naming rules

@ represents the root domain (e.g., example.com).
* represents a wildcard that matches any subdomain.
Multi-level subdomains are allowed (e.g., dev.api.example.com).
Each label between dots must be 1-63 characters.
Each label must start and end with an alphanumeric character (a-z, 0-9).
Hyphens are allowed within labels but not at the start or end.

Content validation by type

Type	Validation	Example
MX	Valid hostname. Trailing dot added automatically. Priority prepended in PowerDNS.	`mail.example.com`
TXT	Any content accepted. Used for SPF, DKIM, domain verification, etc.	`v=spf1 include:_spf.google.com ~all`
CNAME	Valid hostname. Trailing dot added automatically. Cannot coexist with other records at the same name.	`blog.provider.com`
NS	Valid hostname. Trailing dot added automatically. Used for subdomain delegation.	`ns1.external-dns.com`

8. Outputs and Results

Record list columns

Column	Description
Name	The full FQDN of the record (e.g., `mail.example.com`). Root records show `example.com`.
Type	Record type badge: MX, TXT, CNAME, or NS.
Content	The record value in monospace font. For MX records, priority is shown separately.
Priority	MX records only. The priority value (lower = higher priority).
TTL	Time to Live in seconds.
Actions	Edit (pencil icon) and Delete (trash icon).

Empty state

When the selected zone has no MX, TXT, CNAME, or NS records, the table displays:

"No DNS records found. A/AAAA records are managed via Add Domain."

Loading state

While fetching records from the API, the table displays:

"Loading records..."

API response

The DNS record list endpoint returns an array of record objects:

[
  {
    "id": 123,
    "zone": "example.com",
    "name": "mail.example.com",
    "type": "MX",
    "content": "mail.provider.com.",
    "ttl": 3600,
    "priority": 10
  },
  ...
]

9. How to Interpret Results

Normal

Record appears in the table immediately after creation with the values you specified.
DNS queries for the record return the expected content. Allow time for TTL expiration on caching resolvers if the record was recently updated.
MX records show priority values in a separate column. Lower priority values (e.g., 10) are preferred over higher values (e.g., 20).

Unexpected or worth investigating

Record not appearing in DNS lookups: Verify the zone's nameservers are set to CertaDNS's nameservers (ns1.certadns.com and ns2.certadns.com) at your domain registrar. If the nameservers are correct, wait for the previous TTL to expire at caching resolvers.
CNAME creation failed: Check if other records (A, AAAA, MX, TXT, NS) exist at the same name. CNAME records cannot coexist with other record types at the same hostname.
Record limit reached: The zone has reached 500 total DNS records (including DDNS domains). Delete unused records to create new ones.

Common interpretation mistakes

Expecting instant propagation everywhere: After creating or updating a record, the change is live on CertaDNS's authoritative nameservers immediately. However, external DNS resolvers cache records for the TTL duration and will not query the authoritative servers again until the cache expires.
Confusing @ with a literal @ character: The @ symbol in the subdomain field represents the root domain (e.g., example.com), not a record named @.example.com.
Misunderstanding MX priority: Lower priority numbers have higher preference. An MX record with priority 10 is preferred over one with priority 20.

10. Common Issues and Explanations

"You don't have permission to manage this zone" error

You are not the owner of the zone you selected. Only the user who imported the zone can manage DNS records on it. If you need to manage a zone owned by another user, contact the zone owner to request access or ask them to create the records for you.

"DNS record limit reached for zone [zone]" error

The selected zone has reached the 500-record limit. This count includes both manually created DNS records and DDNS domains. The error message shows the breakdown (e.g., "You have 500/500 records (including 120 DDNS domains)"). Delete unused records or DDNS domains to create new records.

"CNAME cannot coexist with other record types" error

You attempted to create a CNAME record at a hostname where other records (A, AAAA, MX, TXT, NS) already exist. DNS specifications prohibit this. Delete the conflicting records first, or create the CNAME at a different hostname.

"Cannot create record where CNAME exists" error

You attempted to create a record at a hostname where a CNAME already exists. Delete the CNAME first, or create the new record at a different hostname.

"Invalid IPv4 address" or "Invalid IPv6 address" error

You attempted to create an A or AAAA record through the DNS Record Manager. A and AAAA records must be created through the Dynamic DNS Domains feature. Navigate to Dashboard > Domains to add A or AAAA records.

DNS queries return NXDOMAIN despite record creation

Verify that your zone's nameservers are set to ns1.certadns.com and ns2.certadns.com at your domain registrar. If the nameservers are not configured correctly, DNS queries will not reach CertaDNS's authoritative servers. After correcting the nameservers, allow 24-48 hours for nameserver changes to propagate globally.

TXT record content is truncated or malformed in DNS queries

Ensure long TXT records are properly quoted. TXT records longer than 255 characters must be split into multiple strings. CertaDNS handles this automatically, but third-party DNS clients may display the content differently. Use dig or nslookup to verify the exact format returned by the authoritative nameservers.

11. Limits and Constraints

Constraint	Limit
Maximum records per zone	500 (includes DDNS domains and manually created records combined)
Minimum TTL	60 seconds
Maximum TTL	86400 seconds (24 hours)
Default TTL	3600 seconds (1 hour)
Subdomain label length	1-63 characters per label
Maximum labels per FQDN	127
FQDN maximum length	253 characters
Supported record types	MX, TXT, CNAME, NS only (A/AAAA managed separately)
Zone ownership	Must own the zone to create/edit/delete records

CNAME records cannot coexist with other record types at the same hostname.
Only imported zones support DNS Record Management. CertaDNS public zones do not allow MX, TXT, CNAME, or NS records.
Subdomain names must be alphanumeric with hyphens only. No underscores, spaces, or special characters.
Hostnames in MX, CNAME, and NS records must be valid FQDNs. Trailing dots are added automatically.

12. Related Features

Managed DNS Zones — Import and verify your own domain to use as a zone for DNS record management.
Dynamic DNS Domains — Manage A and AAAA records on your imported zones or CertaDNS public zones.
Email Authentication — Configure SPF, DKIM, and DMARC records to authenticate outbound email (creates TXT records).
SSL Certificates — Issue SSL certificates with ACME DNS-01 challenge (creates temporary TXT records automatically).

13. Updates and Behavior Changes

DNS Record Management was introduced with the initial release of Managed DNS Zones for Plus, Pro, and Elite plans.
The 500-record limit per zone was established to prevent abuse and ensure PowerDNS performance. This limit includes both DDNS domains and manually created records.
CNAME conflict validation was added to enforce DNS specification requirements that prohibit CNAME records from coexisting with other record types at the same hostname.
Automatic trailing dot addition for hostnames in MX, CNAME, and NS records was implemented to ensure proper FQDN formatting in PowerDNS.