Managing Records

Managing DNS records for the Cloud DNS API involves sending change requests to the API. This page describes how to make changes, consisting of additions and deletions to your resource record sets collection. This page also describes how to send the desired changes to the API using the import, export, and transaction commands.

Before you begin

You must have already created a managed zone and completed the prerequisites for that task.

Adding or removing a record

You add or remove DNS records in a record set by creating and executing a transaction that specifies the operations you want to perform. A transaction is a group of one or more record changes that should be propagated together. The entire transaction either succeeds or fails, so your data is never left in an intermediate state.

Console

To create a record set in the Cloud Console:

  1. Go to the Cloud DNS page
  2. Click the name of the managed zone you want to add the record to.
  3. On the Zone details screen, click Add record set.
  4. On the Create record set screen, in the DNS Name field, enter the subdomain of the DNS zone. For example, mail. The trailing dot is automatically added at the end.

    To create a wildcard DNS record, enter an asterisk. For example, *.example.com.

  5. Select the Resource record type. For example, MX.

  6. In the TTL field, enter a numeric value for the resource record's time to live, which is the amount of time it can be cached. This value must be a positive integer. From the TTL Unit dropdown menu, select the unit of time. For example, 30 minutes.

  7. Depending on the resource record type you have selected, populate the remaining fields as described in the table.

  8. You can enter additional information by clicking Add item.

  9. Click Create.

gcloud

a. To start a transaction, use the gcloud dns record-sets transaction start command:

gcloud dns record-sets transaction start --zone="my-zone-name"
  

where

  • --zone is the name of the managed-zone whose record sets you want to manage.

b. To add a record set as part of a transaction, use the gcloud dns record-sets transaction add command:

gcloud dns record-sets transaction add 10.2.3.4 --name="test.example.com" \
  --ttl="30" \
  --type="A" \
  --zone="my-zone-name"
  

where

  • --name is the DNS or domain name of the record set to add.
  • --ttl is the TTL (time to live) for the record set.
  • --type is the record type described in the table.
  • --zone is the name of the managed-zone whose record sets you want to manage.

c. To execute the transaction, use the gcloud dns record-sets transaction execute command:

gcloud dns record-sets transaction execute --zone="my-zone-name"

To add a wildcard transaction:

gcloud dns record-sets transaction add --zone="my-zone-name" \
    --name="*.example.com." \
    --type=CNAME \
    --ttl=300 "sinkhole.example.com"
 

where

  • --name is the DNS or domain name of the record set to add.
  • --ttl is the TTL (time to live) for the record set.
  • --type is the record type described in the table.
  • --zone is the name of the managed-zone whose record sets you want to manage..

To remove a transaction, use the gcloud dns record-sets transaction remove command:

gcloud dns record-sets transaction remove 10.2.3.4 --name="test.example.com" \
    --ttl="number of seconds" \
    --type="record type" \
    --zone="zone name"
  

where

  • --name is the DNS or domain name of the record set to remove.
  • --ttl is the TTL (time to live) for the record set.
  • --type is the record type described in the table.

To replace an existing record, issue the remove command followed by the add command.

Details on selecting resource record types

For record type Enter
A

The host's numeric IP address, in dotted decimal format.

AAAA

The host's numeric IP address, in IPv6 hexadecimal format.

CAA

The Certificate Authorities that are authorized to issue certificates for this domain.

CNAME

The canonical name for which the DNS name is an alias.

DNSKEY

The DNSSEC key from another operator for secure transfer. This record set type can only be added to a DNSSEC-enabled zone in Transfer state.

DS

The DNSSEC Key fingerprint for secure delegated zone. This record set type does not activate DNSSEC for a delegated zone unless you enable (and activate) DNSSEC for this zone.

IPSECVPNKEY

The IPSec public VPN key. DNSSEC is recommended when using this record set type, but it is not enabled for this zone.

MX

A number and DNS name of a mail exchange server, indicating priority of the server. Servers with lower numbers are tried first. Make sure there is a space between the number and DNS name.

NAPTR

Name authority pointer rules used for mapping Uniform Resource Names.

NS

The DNS name of the authoritative nameserver. Your NS records must match the nameservers for your zone.

PTR

The resource's canonical name, typically used for reverse lookups.

SPF

The SPF record set type is deprecated. Use TXT records starting with "v=spf1 " instead. SPF type records are not used by modern e-mail software.

SRV

The data that specifies the location, that is, the hostname and port number, of servers for a particular service. For more details, refer to RFC 2782.

SSHFP

The SSH server algorithm number, fingerprint type number, and key fingerprint. Use this record type if you have enabled DNSSEC for this zone.

TLSA

The DNS-based Authentication of Named Entities (DANE) TLSA Certificate Association information.

TXT

Text data, which can contain arbitrary text and can also be used to define machine-readable data, such as security or abuse prevention information. A TXT record may contain one or more text strings; the maximum length of each string is 255 characters. Mail agents and other software agents concatenate multiple strings. Enclose each string in quotation marks. For example:

"Hello world" "Bye world"

Importing and exporting record sets

You can use import and export to copy record sets into and out of a managed zone. The formats you can import from and export to are either BIND zone file format, or YAML records format.

To import record sets, you use the dns record-sets import command. The --zone-file-format flag tells import to expect a BIND zone formatted file. If you omit this flag, import expects a YAML formatted records file:

gcloud dns record-sets import -z=examplezonename \
   --zone-file-format path-to-example-zone-file

To export record sets, you use the dns record-sets export command. Use the --zone-file-format flag to tell export to export the record sets into a BIND zone formatted file. For example:

example.com. 21600 IN NS ns-gcp-private.googledomains.com.
example.com. 21600 IN SOA ns-gcp-private.googledomains.com.
cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
host1.example.com. 300 IN A 192.0.2.91

If you omit this flag, export exports the record set into a YAML formatted records file:

gcloud dns record-sets export example.zone -z=examplezonename \
   --zone-file-format
   

For example:

---
kind: dns#resourceRecordSet
name: example.com.
rrdatas:
- ns-gcp-private.googledomains.com.
ttl: 21600
type: NS
---
kind: dns#resourceRecordSet
name: example.com.
rrdatas:
- ns-gcp-private.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600
  259200 300
ttl: 21600
type: SOA
---
kind: dns#resourceRecordSet
name: host1.example.com.
rrdatas:
- 192.0.2.91
ttl: 300
type: A

Displaying the current record set

To display the current DNS records for your zone:

gcloud

gcloud dns record-sets list --zone="myzonename"
The command outputs the JSON response for the resource record set for the first 100 records. You can specify these additional parameters:
  • limit: Maximum number of record sets to list.
  • name: Only list record sets with this exact domain name.
  • type: Only list records of this type. If present, the --name parameter must also be present.

Python

def list_resource_records(project_id, zone_name):
    client = dns.Client(project=project_id)
    zone = client.zone(zone_name)

    records = zone.list_resource_record_sets()

    return [(record.name, record.record_type, record.ttl, record.rrdatas)
            for record in records]

Next steps

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud DNS Documentation