Key concepts
KakaoCloud's DNS (Domain Name System) is a service that responds to the domain entered by a user to access a site with the actual IP address of the computer hosting the site. Using the DNS service, users can create DNS zones and DNS records without managing their own DNS servers and receive address information over the Internet. For example, when a user enters https://kakaocloud.com/ in a web browser, DNS converts it into the actual IP address of the computer hosting https://kakaocloud.com/ and responds so that the user can access the site via the resolved IP.
- The DNS service does not support domain name purchase or renewal. Please contact a separate domain registrar for domain registration or renewal.
DNS zone
A DNS zone is an object composed of multiple records and represents the DNS information managed by the user. Users can create DNS records in the created DNS zone and receive queries from the internet. For details on managing zones, see Create and manage DNS zone.
DNS records
DNS records are mappings between domain names and DNS resources, defining how the DNS server handles access requests. KakaoCloud supports the following record types. The record statuses are:
| Parameter | Description |
|---|---|
Active | Record set is in a healthy state |
Pending | Record set is in progress (Create, Update, Delete) - DNS resolution may not be guaranteed |
Error | Timeout occurred during Pending - DNS resolution may not be guaranteed |
A record
An A (Address) record maps a domain name to an IPv4 address.
192.168.10.1
AAAA record
An AAAA (quad-A) record maps a domain name to an IPv6 address.
2001:0DB8:1000:0000:0000:0000:1111:2222
2001:DB8:1000::1111:2222
CAA record
A CAA (Certification Authority Authorization) record specifies which certificate authorities (CAs) are permitted to issue certificates for a domain.
[ flags tag value ]
| Parameter | Description |
|---|---|
| flags | Special meaning per value - Supported: 0, 1 |
| tag | Possible values: - issue: CA that can issue certificates - issuewild: CA that can issue wildcard certificates - iodef: Email address to report policy violations |
| value | Depends on tag: - 0 issue "letsencrypt.org" - 0 issuewild "letsencrypt.org" - 0 iodef "<mailto:admin@example.com>" |
[ 0 issue abc.example.com ]
CNAME record
CNAME (Canonical NAME) records map one domain name to another.
abc.example.com.
MX record
MX (Mail Exchanger) records define mail servers for a domain and their priorities.
[ Preference DomainName ]
| Parameter | Description |
|---|---|
| Preference | Mail delivery priority value used when one or more mail servers are available - Range: 0 ~ 65535 |
| DomainName | Mail server domain name - Example: mail.example.com. |
10 mail.example.com.
NAPTR record
NAPTR (Name Authority Pointer) records are primarily used in Internet telephony to map phone numbers to SIP URIs.
For details, refer to RFC 4848 Section 4.
[Order Preference Flags Service Regexp Replacement]
| Parameter | Required | Description |
|---|---|---|
| Order | Yes | Lower value = higher priority Range: 0 ~ 65535 |
| Preference | Yes | Order within the same Order value Range: 0 ~ 65535 |
| Flags | Yes | Interpret field values Accepted: "A", "P", "S", "U" |
| Service | Yes | Value determined by the application specification - DDDS application for URL resolution: RFC - SRV-NAPTR DDDS application: RFC - URI-NAPTR DDDS application: RFC |
| Regexp | Optional | Constructs a replacement expression in the DDDS algorithm - Enter ASCII characters - For details about regexp syntax, see RFC 3402 |
| Replacement | Optional | Constructs a replacement expression in the DDDS algorithm - Domain name format; use a-z, 0-9, and hyphens ( -) - If a value is specified in Regexp, enter a period ( .) after the domain name in Replacement |
100 50 U E2U+sip !^+441632960083$!sip:1@example.com! test.com.
100 51 U E2U+h323 !^+441632960083$!h323:operator@example.com! test.com.
100 52 U E2U+emailmailto !^.*$!mailto:info@example.com! test.com.
NS record
NS (Name Server) records designate authoritative name servers for a domain.
ns1.example.com.
SRV record
SRV (Service) records define the host and port for specific services.
- Name format:
_service._proto.name(e.g.,_ldap._tcp.example)
[ Priority Weight Port DomainName ]
| Parameter | Description |
|---|---|
| Priority | Lower = higher priority Range: 0 ~ 65535 |
| Weight | Weight among records with the same priority Range: 0 ~ 65535 |
| Port | Port number Range: 0 ~ 65535 |
| DomainName | Target service domain |
10 30 443 abc.example.com.
SPF record
SPF (Sender Policy Framework) records help validate mail senders.
SPF records are supported but not recommended. Use TXT records with SPF values instead.
"v=spf1 mx:example.com -all"
TXT record
TXT (Text) records store arbitrary text data. Enter the record value inside double quotation marks (" ").
You can enter up to 255 characters per record, and a record set can contain up to 2,048 characters.
"v=spf1 mx:example.com -all"
SOA record
SOA (Start of Authority) records store authoritative DNS zone data. Created by default; cannot be modified or deleted.
[ primary-name-server email-of-responsible-person serial-number refresh-interval retry-interval expiration-time minimum-TTL ]
| Parameter | Description |
|---|---|
| primary-name-server | Host name of the primary name server |
| email-of-responsible-person | Email address of the zone administrator. The email address is displayed as an ASCII string that includes @ and . characters. |
| serial-number | Serial number that identifies changes made in the zone since the previous SOA record change. It usually includes date and version information and is represented as a 32-bit integer. |
| refresh-interval | Interval used to periodically refresh zone information. This value is represented as a 32-bit integer and specified in seconds. |
| retry-interval | Time to wait before retrying when refreshing zone information fails. This value is represented as a 32-bit integer and specified in seconds. |
| expiration-time | Time when zone information expires. This value is represented as a 32-bit integer and specified in seconds. |
| minimum-TTL | Minimum TTL (Time To Live) for all records in the zone. This value is represented as a 32-bit integer and specified in seconds. |
SOA record format is system-generated and cannot be manually entered, so examples are omitted.
TTL settings
TTL (Time To Live) defines how long DNS record changes are cached by DNS resolvers.
You can set TTL from 0 to 604800 seconds depending on your operational requirements.
Use shorter TTLs for faster updates and longer TTLs to reduce load after stabilization.
IAM-based role management
Role management for the DNS service follows KakaoCloud's IAM role-based access control (RBAC). For details on IAM roles and user role management, see IAM > Key concepts and Manage user IAM roles.
You can check your role via KakaoCloud Console > Top-right profile > Organization roles or Project roles.
Project roles
DNS zone permissions
| Permission | Project Admin | DNS Manager | DNS Viewer | Project Member | Project Reader |
|---|---|---|---|---|---|
| Create DNS zone, record | ✓ | ✓ | ✓ | ||
| View DNS zone, record | ✓ | ✓ | ✓ | ✓ | ✓ |
| Configure DNS zone, record | ✓ | ✓ | ✓ | ||
| Delete DNS zone, record | ✓ | ✓ | ✓ |
DNS record permissions
| Permission | Project Admin | DNS Manager | DNS Viewer | Project Member | Project Reader |
|---|---|---|---|---|---|
| Create record | ✓ | ✓ | ✓ | ||
| View record | ✓ | ✓ | ✓ | ✓ | ✓ |
| Configure record | ✓ | ✓ | ✓ | ||
| Delete record | ✓ | ✓ | ✓ |