How to Create, Edit, and Delete DNS Records

Adding a domain you own to your DigitalOcean account lets you manage the domain’s DNS records with the control panel and API. Domains you manage on DigitalOcean integrate with DigitalOcean Load Balancers and Spaces to streamline automatic SSL certificate management.


Each type of DNS record has its own values and settings, and the sections below explain what each of these records are used for and what goes into the fields they contain.

All DNS records have one value in common: TTL, or time to live, which determines how long the record can remain cached before it expires. Loading data from a local cache is fast, but visitors won’t see DNS changes until their local cache expires and updates with a new DNS lookup. As a result, higher TTL values give visitors faster performance and lower TTL values ensure that DNS changes are picked up quickly. All DNS records require a minimum TTL value of 30 seconds.

Create, Update, or Delete Records Using the CLI

Some of these commands require you to provide the record’s ID. You can retrieve a list of records and their IDs for a domain by using the doctl compute domain records list <domain> command.

How to add a record using the DigitalOcean CLI

To add a record via the command-line, follow these steps:

  1. Install doctl, the DigitalOcean command-line tool.

  2. Create a personal access token, and save it for use with doctl.

  3. Use the token to grant doctl access to your DigitalOcean account.

                  doctl auth init
                
  4. Finally, add a record with doctl compute domain records create. The basic usage looks like this, but you'll want to read the usage docs for more details:

                  doctl compute domain records create <domain> [flags]
                

    The following command creates an A record for the domain example.com

                       doctl compute domain records create example.com --record-type A --record-name example.com --record-data 198.51.100.215
                    
How to update a record using the DigitalOcean CLI

To update a record via the command-line, follow these steps:

  1. Install doctl, the DigitalOcean command-line tool.

  2. Create a personal access token, and save it for use with doctl.

  3. Use the token to grant doctl access to your DigitalOcean account.

                  doctl auth init
                
  4. Finally, update a record with doctl compute domain records update. The basic usage looks like this, but you'll want to read the usage docs for more details:

                  doctl compute domain records update <domain> [flags]
                

    The following command updates the record with the ID 98858421 for the domain example.com

                       doctl compute domain records update example.com --record-id 98858421 --record-name example.com --record-data 198.51.100.215
                    
How to delete a record using the DigitalOcean CLI

To delete a record via the command-line, follow these steps:

  1. Install doctl, the DigitalOcean command-line tool.

  2. Create a personal access token, and save it for use with doctl.

  3. Use the token to grant doctl access to your DigitalOcean account.

                  doctl auth init
                
  4. Finally, delete a record with doctl compute domain records delete. The basic usage looks like this, but you'll want to read the usage docs for more details:

                  doctl compute domain records delete <domain> <record-id>... [flags]
                

    The following command deletes a DNS record with the ID 98858421 from the domain example.com

                       doctl compute domain records delete example.com 98858421
                    

Create, Update, or Delete Records Using the API

Some of these calls require you to provide the record’s ID. You can retrieve a list of records and their IDs for a domain using the /v2/domains/$DOMAIN_NAME/records endpoint.

How to add a record using the DigitalOcean API

To add a record using the DigitalOcean API, follow these steps:

  1. Create a personal access token, and save it for use with the API.

  2. Send a POST request to https://api.digitalocean.com/v2/domains/{domain_name}/records

    cURL

    To add a record with cURL, call:

    
                    curl -X POST \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
      -d '{"type":"A","name":"www","data":"162.10.66.0","priority":null,"port":null,"ttl":1800,"weight":null,"flags":null,"tag":null}' \
      "https://api.digitalocean.com/v2/domains/example.com/records"

    Go

    Go developers can use Godo, the official DigitalOcean V2 API client for Go. To add a record with Godo, use the following code:

    
                    import (
        "context"
        "os"
    
        "github.com/digitalocean/godo"
    )
    
    func main() {
        token := os.Getenv("DIGITALOCEAN_TOKEN")
    
        client := godo.NewFromToken(token)
        ctx := context.TODO()
    
        createRequest := &godo.DomainRecordEditRequest{
          Type: "A",
          Name: "www",
          Data: "1.2.3.4",
        }
    
        domainRecord, _, err := client.Domains.CreateRecord(ctx, "example.com", createRequest)
    }

    Ruby

    Ruby developers can use DropletKit, the official DigitalOcean V2 API client for Ruby. To add a record with DropletKit, use the following code:

    
                    require 'droplet_kit'
    token = ENV['DIGITALOCEAN_TOKEN']
    client = DropletKit::Client.new(access_token: token)
    
    record = DropletKit::DomainRecord.new(
      type: 'A',
      name: 'www',
      data: '162.10.66.0'
    )
    client.domain_records.create(record, for_domain: 'example.com')

    Python

    
                    import os
    from pydo import Client
    
    client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
    
    req = {
      "type": "A",
      "name": "www",
      "data": "162.10.66.0",
      "priority": None,
      "port": None,
      "ttl": 1800,
      "weight": None,
      "flags": None,
      "tag": None
    }
    
    resp = client.domains.create_record(domain_name="example.com", body=req)
How to update a record using the DigitalOcean API

To update a record using the DigitalOcean API, follow these steps:

  1. Create a personal access token, and save it for use with the API.

  2. Send a PATCH request to https://api.digitalocean.com/v2/domains/{domain_name}/records/{domain_record_id}

    cURL

    To update a record with cURL, call:

    
                    curl -X PATCH \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
      -d '{"name":"blog","type":"A"}' \
      "https://api.digitalocean.com/v2/domains/example.com/records/3352896"

    Python

    
                    import os
    from pydo import Client
    
    client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
    
    req = {
      "name": "blog",
      "type": "A"
    }
    
    resp = client.domains.patch_record(domain_name="example.com", domain_record_id=2432342, body=req)
How to delete a record using the DigitalOcean API

To delete a record using the DigitalOcean API, follow these steps:

  1. Create a personal access token, and save it for use with the API.

  2. Send a DELETE request to https://api.digitalocean.com/v2/domains/{domain_name}/records/{domain_record_id}

    cURL

    To delete a record with cURL, call:

    
                    curl -X DELETE \
      -H "Content-Type: application/json" \
      -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
      "https://api.digitalocean.com/v2/domains/example.com/records/3352896"

    Go

    Go developers can use Godo, the official DigitalOcean V2 API client for Go. To delete a record with Godo, use the following code:

    
                    import (
        "context"
        "os"
    
        "github.com/digitalocean/godo"
    )
    
    func main() {
        token := os.Getenv("DIGITALOCEAN_TOKEN")
    
        client := godo.NewFromToken(token)
        ctx := context.TODO()
    
        _, err := client.Domains.DeleteRecord(ctx, "example.com", 3352896)
    }

    Ruby

    Ruby developers can use DropletKit, the official DigitalOcean V2 API client for Ruby. To delete a record with DropletKit, use the following code:

    
                    require 'droplet_kit'
    token = ENV['DIGITALOCEAN_TOKEN']
    client = DropletKit::Client.new(access_token: token)
    
    client.domain_records.delete(for_domain: 'example.com', id: 3352896)

    Python

    
                    import os
    from pydo import Client
    
    client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))
    
    req = {
      "name": "example.com"
    }
    
    resp = client.domains.delete_record(domain_name="example.com", domain_record_id=3352896)

Create, Update, and Delete Records Using the Control Panel

You can add, modify, and delete DNS records for a domain from the Networking page. From the control panel, click the Networking in the main menu, then click on the domain you would like to manage.

To create a record, select the record type below the heading, fill in the fields required for that record type, and click Create record. The supported record types sections below have detailed instructions for each type of record.

To modify or delete a record, open the record’s More menu.

DNS record more menu expanded with Edit record and Delete options visible

Click Edit record to change the values for that record. To permanently delete the record, click Delete, then click Delete Record in the confirmation window.

These records will not take effect until you have updated your name servers with your domain registrar and those changes have propagated, which can take up to 48 hours.

Supported Record Types

A Records

An A record maps an IPv4 address to a domain name. This determines where to direct any requests for a domain name.

On DigitalOcean, A records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map an apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (for example, www). To create a subdomain, enter a subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). Wildcard records direct requests for a non-existent subdomain to a specified resource or IP address. For example, if you type help.example.com into your browser and the domain example.com doesn’t have a defined DNS record for the subdomain help.example.com, the wildcard record directs you to the defined resource or IP address in its WILL DIRECT TO field. However, if any kind of DNS record exists for a subdomain, the wildcard will not apply; you will need to explicitly create an A record for it. To create a wildcard record, enter a * into the HOSTNAME field.
  • WILL DIRECT TO, which can be set to:
    • A DigitalOcean Droplet or Load Balancer by typing its name and selecting it from the menu.
    • A non-DigitalOcean resource by entering its IP address.

Setting an A record using DigitalOcean DNS looks like this:

A record

In this example, we entered the subdomain prefix test for the hostname. This will make DNS lookups for test.digitalocean.love will redirect to the Droplet we’ve chosen named ubuntu-1gb-sfo2-01 with the IP address 203.0.113.5.

Note
It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as Round Robin DNS.

AAAA Records

An AAAA record, also called a Quad A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.

On DigitalOcean, AAAA records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv6 address, enter the @ symbol.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). Wildcard records direct requests for a non-existent subdomains to a specified resource or IP address. For example, if a user types in help.example.com into their browser and the domain example.com doesn’t have a defined DNS record for the subdomain help.example.com, the wildcard record directs the user to the defined resource or IP address in its WILL DIRECT TO field. However, if any kind of DNS record exists for a subdomain, the wildcard will not apply; you will need to explicitly create an A record for it. To create a wildcard record, enter a * into the HOSTNAME field.
  • WILL DIRECT TO, which can be set to:
    • A DigitalOcean Droplet by typing its name and selecting it from the menu. All Droplets will be displayed on the list, but only those with IPv6 addresses can be selected. DigitalOcean Load Balancers do not currently support IPv6.
    • A non-DigitalOcean resource by entering its IPv6 address.

Setting an AAAA record using DigitalOcean DNS looks like this:

AAAA record

In this example, we entered the subdomain prefix test for the same hostname from the A record example, digitalocean.love. This will make DNS lookups for test.digitalocean.love will redirect to the Droplet we’ve chosen named ubuntu-1gb-sfo2-01 with the IP address 2001:0d8:2:d0::24:9001.

CNAME Records

A CNAME record defines an alias for an A record; it points one domain to another domain instead of to an IP address. When the associated A record’s IP address changes, the CNAME will follow to the new address.

On DigitalOcean, CNAME records have the following fields.

  • HOSTNAME, which should be set to the subdomain prefix for the new alias you want to create.
  • IS AN ALIAS OF, which should be set to the hostname where the alias should point. For the alias to work, the hostname must have an A record or be handled by a wildcard A record. This can be:
    • The apex domain (@). To map a apex domain, like example.com, enter the @ symbol.
    • A subdomain (for example, site.example.com).

Setting an CNAME record using DigitalOcean DNS looks like this:

CNAME record

In this example, we entered the subdomain prefix staging for the hostname and @ for the hostname to redirect to. This will make DNS lookups for staging.digitalocean.love will redirect to the apex domain, digitalocean.love.

MX Records

An MX record specifies the mail servers responsible for accepting email on behalf of your domain. Providers often make multiple name servers available so that if one is offline, another can respond. Each server needs its own MX record.

On DigitalOcean, MX records have the following fields.

  • HOSTNAME, which determines which host should accept email. In most cases, the hostname field should be set to @ so that it applies to the apex domain.
  • MAIL PROVIDERS MAIL SERVER, which points to the hostname with the A record for the mail server.
  • PRIORITY, which indicates the order in which the mail servers should contacted. This field takes a positive whole number where 1 is the highest priority.

Setting an MX record using DigitalOcean DNS looks like this:

MX record

The Add Gmail MX Records will add records for each of Google’s mail servers automatically for use with G Suite. You’ll see entries like aspmx.l.google.com.

TXT Records

A TXT record is used to associate a string of text with a hostname. These are primarily used to verify that you own a domain.

On DigitalOcean, TXT records have the following fields.

  • VALUE (for example, example_name=example_value), which is a name-value pair separated by an equal sign, =.
  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.

Setting a TXT record using DigitalOcean DNS looks like this:

TXT record with google-site-verification token entered

In this example, we added the verification token google-site-verification=EXAMPLEV0vtDHmdYgP4H4eHxjgoM8LHtkfRcKmt_5Rt to our apex domain to prove domain ownership for G Suite.

SPF Records

Sender Policy Framework (SPF) records contain lists of email servers that are authorized to send email on behalf of your domain. SPF records increase your email sending reputation with inbox providers by providing a means to check that your emails are being sent from your domain and not by a malicious user.

SPF records are special TXT records. You can create them using the TXT record option in the control panel.

Setting an SPF record using the TXT record option looks like this:

TXT record with SPF information entered

In this example, we added the SPF record information v=spf1 a ip4:198.51.100.0/24 include:email-provider.net -all to the apex of the domain. The record authorizes an IP address (in CIDR notation) and an email provider to send email on example domain’s behalf.

DKIM Record

Domain Keys Identified Mail (DKIM) records contain public keys used to authenticate email arriving from a domain. When you use DKIM on your email server, your server signs emails with a private key that receiving email servers then validate using the public key contained in a DKIM DNS record. DKIM records increase your email sending reputation with inbox providers by providing a means to check that no one has intercepted or altered the email during transit.

DKIM records are special TXT records. You can create them using the TXT record option in the control panel.

Setting a DKIM record using the TXT record option looks like this:

TXT record with SPF information entered

In this example, we added a DKIM public key to the hostname dk1024._domainkey.example.com.

NS Records

An NS record specifies the name servers, or servers that provide DNS services, for a domain or subdomain. You can use these to direct part of your traffic to another DNS service or to delegate DNS administration for a subdomain.

On DigitalOcean, NS records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). Wildcard records direct requests for a non-existent subdomains to a specified resource or IP address. For example, if a user types in help.example.com into their browser and the domain example.com doesn’t have a defined DNS record for the subdomain help.example.com, the wildcard record directs the user to the defined resource or IP address in its WILL DIRECT TO field. However, if any kind of DNS record exists for a subdomain, the wildcard will not apply; you will need to explicitly create an A record for it. To create a wildcard record, enter a * into the HOSTNAME field.
  • WILL DIRECT TO, which should be set to the name server.

Setting an NS record using DigitalOcean DNS looks like this:

NS record with example nameserver

In the example, we entered ocean as the hostname and dns1.example.com as the name server. This means that DNS lookups for ocean.digitalocean.love will be directed to dns1.example.com.

Note
When you add a domain to DigitalOcean DNS, NS records pointing at DigitalOcean’s name servers are automatically created for it.

SRV Records

A SRV record specifies a hostname and port number for a specific service to direct certain types of traffic to particular servers. Some services, like SIP (Session Initiation Protocol) and XMPP/Jabber (Extensible Messaging and Presence Protocol), require SRV records.

On DigitalOcean, SRV records have the following fields.

  • HOSTNAME (for example, _service._protocol), which should be set to the service, like SIP, and protocol, like TCP or UDP. This field needs to begin with an underscore, _, and the service and protocol must be separated by a period and underscore, ._, resulting in an entry like _sip._udp.
  • WILL DIRECT TO, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A fully qualified domain name, or FQDN (for example, fqdn.example.com.). To use an FQDN, enter the FQDN with a period (.) at the end. This distinguishes it from a subdomain prefix.
  • PORT (for example, 5060), which should be set to the port that the service listens on.
  • PRIORITY (for example, 10), which indicates the importance of the host. This field takes a positive whole number where 1 is the highest priority.
  • WEIGHT (for example, 100), which indicates the relative importance of the host between multiple records with the same priority. This field takes a positive whole number where the higher the number is, the more preference the record is given.

Setting a SRV record using DigitalOcean DNS looks like this:

SRV record with SIP configuration

In the example, we specified that our service uses SIP over UDP on port 5060, and we entered a subdomain prefix sip. This means that SIP requests will be directed to sip.digitalocean.love.

CAA Records

A CAA record specifies which certificate authorities are permitted to issue certificates for a domain. You can use them to reduce the risk of unintended certificate mis-issue. This section is only a brief overview; our detailed CAA record documentation has more information.

On DigitalOcean, CAA records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A subdomain prefix (for example, www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). Wildcard records direct requests for a non-existent subdomains to a specified resource or IP address. For example, if a user types in help.example.com into their browser and the domain example.com doesn’t have a defined DNS record for the subdomain help.example.com, the wildcard record directs the user to the defined resource or IP address in its WILL DIRECT TO field. However, if any kind of DNS record exists for a subdomain, the wildcard will not apply; you will need to explicitly create an A record for it. To create a wildcard record, enter a * into the HOSTNAME field.
  • AUTHORITY GRANTED FOR, which can be set to:
    • The domain name for the certificate authority (for example, letsencrypt.org).
    • A valid URI with contact information (for example, https://contact.example.com or mailto:contact@example.com) as either the web address of a contact from or an email address. The iodef flag must be chosen to use this option.
  • TAG, which can be set to:
    • One of the three defined CAA tags, which are issue, issuewild, and iodef.
    • Custom tags defined by the certificate authority.
  • FLAGS, which is currently used to set an Issuer Critical flag. This is an unsigned integer between 0 and 255 that specifies how a CA should behave when it encounters a tag it doesn’t understand. For example, a zero (0) tells the CA to issue a certificate anyway, and a one (1) tells the CA to refuse.

Setting a CAA record using DigitalOcean DNS looks like this.

CAA record

In this example, we entered @ for so that a certificate can be issued for the apex domain, digitalocean.love. In the example, we’ve entered letsencrypt.org as the CA to grant them authority to issue certs for the apex domain (@), which is digitalocean.love.

PTR (rDNS) Records

A PTR (pointer) record, also known as an rDNS (reverse DNS) record, maps a domain name to an IP address.

We automatically create PTR records for Droplets based on the name you give that Droplet in the control panel. The name must be a valid FQDN, so using example.com as the Droplet name will create a PTR record, but ubuntu-s-4vcpu-8gb-fra1-01 or my-droplet will not. Droplets with IPv6 enabled will only have PTR records enabled for the first IPv6 address assigned to it, not to all 16 addresses available.