Managing DNS records for the Cloud DNS API involves sending change
requests to the API. This page describes how to make changes, consisting
of additions and deletions to your resource record sets collection. This page
also describes how to send the desired changes to the API using the import,
export, and transaction commands.
Before you begin
You must have already created a managed zone and completed the prerequisites for that task.
Adding or removing a record
You add or remove DNS records in a record set by creating and executing a transaction that specifies the operations you want to perform. A transaction is a group of one or more record changes that should be propagated together. The entire transaction either succeeds or fails, so your data is never left in an intermediate state.
Console
To create a record set in the GCP Console:
- Go to the Cloud DNS page
- Click the name of the managed zone you want to add the record to.
- On the Zone details screen, click Add record set.
On the Create record set screen, in the DNS Name field, enter the subdomain of the DNS zone. For example,
mail.
To create a wildcard DNS record, enter an asterisk. For example,*.example.com.Select the Resource record type. For example,
MX.In the TTL field, enter a numeric value for the resource record's time to live, which is the amount of time it can be cached. This value must be a positive integer. From the TTL Unit dropdown menu, select the unit of time. For example,
30 minutes.Depending on the resource record type you have selected, populate the remaining fields as described in the table.
You can enter additional information by clicking Add item.
Click Create.
gcloud
a. To start a transaction, use the gcloud dns record-sets transaction start command:
gcloud dns record-sets transaction start --zone="my-zone-name"
where
--zoneis the name of the managed-zone whose record sets you want to manage.
b. To add a record set as part of a transaction, use the gcloud dns record-sets transaction add command:
gcloud dns record-sets transaction add 10.2.3.4 --name="test.example.com" \ --ttl="30" \ --type="A" \ --zone="my-zone-name"
where
--nameis the DNS or domain name of the record set to add.--ttlis the TTL (time to live) for the record set.--typeis the record type described in the table.--zoneis the name of the managed-zone whose record sets you want to manage.
c. To execute the transaction, use the gcloud dns record-sets transaction execute command:
gcloud dns record-sets transaction execute --zone="my-zone-name"
To add a wildcard transaction:
gcloud dns record-sets transaction add --zone="my-zone-name" \
--name="*.example.com." \
--type=CNAME \
--ttl=300 "sinkhole.example.com"
where
--nameis the DNS or domain name of the record set to add.--ttlis the TTL (time to live) for the record set.--typeis the record type described in the table.--zoneis the name of the managed-zone whose record sets you want to manage..
To remove a transaction, use the gcloud dns record-sets transaction remove command:
gcloud dns record-sets transaction remove --name="test.example.com" \
--ttl="number of seconds" \
--type="record type"
where
--nameis the DNS or domain name of the record set to add.--ttlis the TTL (time to live) for the record set.--typeis the record type described in the table.
To replace an existing record, issue the remove command followed by the
add command.
Details on selecting resource record types
| For record type | Enter |
|---|---|
A |
The host's numeric IP address, in dotted decimal format. |
AAAA |
The host's numeric IP address, in IPv6 hexadecimal format. |
CAA |
The Certificate Authorities that are authorized to issue certificates for this domain. |
CNAME |
The canonical name for which the DNS name is an alias. |
DNSKEY |
The DNSSEC key from another operator for secure transfer. This record set type can only be added to a DNSSEC-enabled zone in Transfer state. |
DS |
The DNSSEC Key fingerprint for secure delegated zone. This record set type does not activate DNSSEC for a delegated zone unless you enable (and activate) DNSSEC for this zone. |
IPSECVPNKEY |
The IPSec public VPN key. DNSSEC is recommended when using this record set type, but it is not enabled for this zone. |
MX |
A number and DNS name of a mail exchange server, indicating priority of the server. Servers with lower numbers are tried first. Make sure there is a space between the number and DNS name. |
NAPTR |
Name authority pointer rules used for mapping Uniform Resource Names. |
NS |
The DNS name of the authoritative nameserver. Your NS records must match the nameservers for your zone. |
PTR |
The resource's canonical name, typically used for reverse lookups. |
SPF |
The SPF record set type is deprecated. Use TXT records starting with "v=spf1 " instead. SPF type records are not used by modern e-mail software. |
SRV |
The data that specifies the location, that is, the hostname and port number, of servers for a particular service. For more details, refer to RFC 2782. |
SSHFP |
The SSH server algorithm number, fingerprint type number, and key fingerprint. Use this record type if you have enabled DNSSEC for this zone. |
TLSA |
The DNS-based Authentication of Named Entities (DANE) TLSA Certificate Association information. |
TXT |
Text data, which can contain arbitrary text and can also be used to define machine-readable data, such as security or abuse prevention information. A TXT record may contain one or more text strings; the maximum length of each string is 255 characters. Mail agents and other software agents concatenate multiple strings. Enclose each string in quotation marks. For example: "Hello world" "Bye world" |
Importing and exporting record sets
You can use import and export to copy record sets into and out of a
managed zone. The formats you can import from and export to are either
BIND zone file format, or YAML records format.
To import record sets, you use the dns record-sets import command.
The --zone-file-format flag tells import to expect a BIND zone
formatted file. If you omit this flag,
import expects a YAML formatted records file:
gcloud dns record-sets import -z=examplezonename \ --zone-file-format path-to-example-zone-file
To export record sets, you use the dns record-sets export command.
Use the --zone-file-format flag to tell export to export the
record sets into a BIND zone formatted file. For example:
example.com. 21600 IN NS ns-gcp-private.googledomains.com. example.com. 21600 IN SOA ns-gcp-private.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300 host1.example.com. 300 IN A 192.0.2.91
If you omit this flag,
export exports the record set into a YAML formatted records file:
gcloud dns record-sets export example.zone -z=examplezonename \ --zone-file-format
For example:
--- kind: dns#resourceRecordSet name: example.com. rrdatas: - ns-gcp-private.googledomains.com. ttl: 21600 type: NS --- kind: dns#resourceRecordSet name: example.com. rrdatas: - ns-gcp-private.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300 ttl: 21600 type: SOA --- kind: dns#resourceRecordSet name: host1.example.com. rrdatas: - 192.0.2.91 ttl: 300 type: A
Displaying the current record set
To display the current DNS records for your zone:
gcloud
gcloud dns record-sets list --zone="myzonename"The command outputs the JSON response for the resource record set for the first 100 records. You can specify these additional parameters:
limit: Maximum number of record sets to list.name: Only list record sets with this exact domain name.type: Only list records of this type. If present, the--nameparameter must also be present.
