Key Concepts
KakaoCloud's DNS (Domain Name System) service responds to domain names entered by users with the actual IP address of the computer hosting the corresponding site. Without the need for separate DNS server management, users can create and manage DNS zones and DNS records, receiving the address information they need on the internet. For example, when a user enters the URL https://kakaocloud.com/ in their web browser, DNS converts it to the actual IP address of the computer hosting the site, allowing the user to connect.
- As of July 2023, the DNS service is only available in the
kr-central-2region. - The DNS service does not support domain name purchase or renewal services. For domain purchases or renewals, please contact a separate domain registrar.
DNS zone
A DNS zone is an object composed of multiple records that defines a DNS information area managed by the user. Users can create DNS records in the DNS zone and receive queries from the internet. For more details on creating and managing DNS zones, refer to the Create and manage DNS zones guide.
DNS record
DNS records are mappings between domain names and DNS resource definitions that provide instructions for how to handle requests received by the DNS server. KakaoCloud supports the following types of DNS records. DNS record statuses are as follows:
| Parameter | Description |
|---|---|
Active | The recordset is in a normal state |
Pending | The recordset is being created, updated, or deleted - DNS resolution may not be guaranteed in some cases |
Error | The recordset has timed out while in the Pending state - DNS resolution may not be guaranteed in some cases |
A record
An A (Address) record maps a domain to an IPv4 address.
192.168.10.1
AAAA record
An AAAA (quad-A) record maps a domain to an IPv6 address.
2001:0DB8:1000:0000:0000:0000:1111:2222
2001:DB8:1000::1111:2222
CAA record
A CAA (Certification Authority Authorization) record specifies which certification authorities (CAs) are allowed to issue certificates for a domain, preventing unauthorized CAs from issuing certificates.
[ flags tag value ]
| Parameter | Description |
|---|---|
| flags | Each flag has a specific meaning - Supported range: 0, 1 |
| tag | Can be set to the following values - issue: Specifies the CA allowed to issue certificates for the domain - issuewild: Specifies the CA allowed to issue wildcard certificates - iodef: Specifies an email address to receive violation reports for the CAA record |
| value | Enter the value based on the tag - For issue: 0 issue "letsencrypt.org" - For issuewild: 0 issuewild "letsencrypt.org" - For iodef: 0 iodef "<mailto:admin@example.com>" |
[ 0 issue abc.example.com ]
CNAME record
A CNAME (Canonical NAME) record maps one domain name to another.
abc.example.com.
MX record
An MX (Mail Exchanger) record specifies the mail server for a domain. If multiple mail servers are used, a priority can be set.
[ Preference DomainName ]
| Parameter | Description |
|---|---|
| Preference | Priority value for mail delivery if multiple mail servers are available - Range: 0 ~ 65535 |
| DomainName | Domain name of the email server - Example: mail.example.com. |
10 mail.example.com.
NAPTR record
A NAPTR (Name Authority Pointer) record is most commonly used in internet telephony applications. It is generally used to convert phone numbers into SIP URIs.
For more details, refer to the RFC.
[Order Preference Flags Service Regexp Replacement]
| Parameter | Required | Description |
|---|---|---|
| Order | Required | Specifies the order in which the NAPTR record should be processed - Lower values indicate higher priority - Range: 0 ~ 65535 |
| Preference | Required | Specifies the order in which NAPTR records with the same Order value should be processed - Range: 0 ~ 65535 |
| Flags | Required | Controls how the fields in the record are interpreted - Uppercase input: "A", "P", "S", "U" |
| Service | Required | Determined by the application specification - For URL resolution: RFC - For SRV - NAPTR applications: RFC - For URI - NAPTR applications: RFC |
| Regexp | Optional | Constructs an alternate expression in the DDDS algorithm - Enter ASCII characters - For more on Regexp syntax, refer to RFC 3402 |
| Replacement | Optional | Constructs an alternate expression in the DDDS algorithm - Domain name format; composed of a-z, 0-9, and hyphen ( -) - If specifying a value in Regexp, enter a period ( .) after the domain name in Replacement |
100 50 U E2U+sip !^+441632960083$!sip:1@example.com! test.com.
100 51 U E2U+h323 !^+441632960083$!h323:operator@example.com! test.com.
100 52 U E2U+emailmailto !^.*$!mailto:info@example.com! test.com.
NS record
An NS (Name Server) record assigns name servers to a domain and delegates domain name server handling to other domain name servers.
ns1.example.com.
SRV record
An SRV (Service) record is used to identify the location of a server hosting a specific service, storing hostname and port information.
- The SRV record name follows the format
_service._proto.name(e.g., _ldap._tcp.example).
[ Priortity Weight Port DomainName ]
| Parameter | Description |
|---|---|
| Priority | Lower values indicate higher priority - Range: 0 ~ 65535 |
| Weight | Weight for balancing between servers with the same priority - Range: 0 ~ 65535 |
| Port | Port number of the service - Range: 0 ~ 65535 |
| DomainName | Domain name of the service |
10 30 443 abc.example.com.
SPF record
An SPF (Sender Policy Framework) record is used for email validation by verifying that the mail server information matches the sender's domain.
The SPF record type is deprecated. It is recommended to create a TXT record with the SPF value instead.
"v=spf1 mx:example.com -all"
TXT record
A TXT (Text) record stores text information. It can be used to freely store unstructured text. The record value is written within quotation marks “ ”.
Each record can contain up to 255 characters, and the record set can have a maximum of 2,048 characters.
"v=spf1 mx:example.com -all"
SOA record
An SOA (Start of Authority) record contains authoritative information about the DNS zone. SOA records are created by default when a DNS zone is created and cannot be modified or deleted.
[ primary-name-server email-of-responsible-person serial-number refresh-interval retry-interval expiration-time minimum-TTL ]
| Parameter | Description |
|---|---|
| primary-name-server | Hostname of the primary name server. |
| email-of-responsible-person | Email address of the zone administrator. The email address is displayed as an ASCII string with @ and . symbols. |
| serial-number | Serial number used to track changes made in the zone since the last SOA record update. It typically includes the date and version information and is represented as a 32-bit integer. |
| refresh-interval | Interval used to periodically refresh zone information. This value is represented as a 32-bit integer in seconds. |
| retry-interval | Time to wait before retrying after a failed zone information update. This value is represented as a 32-bit integer in seconds. |
| expiration-time | Time after which zone information expires. This value is represented as a 32-bit integer in seconds. |
| minimum-TTL | Minimum TTL (Time To Live) for all records in the zone. This value is represented as a 32-bit integer in seconds. |
The SOA record format cannot be user-defined, so no example is provided.
TTL settings
TTL (Time To Live) is a value in DNS records that determines how long (in seconds) changes to the record take to apply. It controls the caching behavior of DNS resolvers by setting the time in seconds.
The TTL value can be adjusted between 0 and 604800 seconds, depending on your service environment. For example, if you're planning to change services quickly, you can set a shorter TTL value to reduce caching time, enabling faster updates to new record settings. Once the changes are complete, reverting to the previous TTL value can reduce the load on DNS resolvers.
IAM role management
IAM role management in DNS follows Role-Based Access Control (RBAC). Therefore, users with permissions within a project can create DNS zones and manage records.
Project Admins and Project Members can manage DNS zones and records, while Project Readers can only view DNS zones and records.
- You can check your IAM role permissions under KakaoCloud Console > Profile (top-right) > Account Information.
DNS zone permissions
| Permission | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create DNS zones, records | ✓ | ✓ | |
| View DNS zones, records | ✓ | ✓ | ✓ |
| Configure DNS zones, records | ✓ | ✓ | |
| Delete DNS zones, records | ✓ | ✓ |
DNS record permissions
| Permission | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Create records | ✓ | ✓ | |
| View records | ✓ | ✓ | ✓ |
| Configure records | ✓ | ✓ | |
| Delete records | ✓ | ✓ |