Skip to main content

External DNS Configuration

This guide outlines key settings and best practices for configuring External DNS in your environment.

Provider-Specific Setup

External DNS supports various DNS providers. For detailed, provider-specific instructions, refer to the official tutorials.

Note: Some providers require API credentials or secrets to be mounted as volumes in the External DNS pods. Use the extraVolumes and extraVolumeMounts fields in the overlay templates to configure this.

DNS Record Management Policy

The default policy is set to sync in the base HelmRelease. This means:

  • Creating or updating a related resource (e.g. Ingress or Gateway) will create / update the associated DNS record.
  • Deleting such a related resource will also remove the associated DNS record.

Alternative Policies:

  • create-only: Only creates new DNS records; does not delete or update existing ones.
  • upsert-only: Creates new records and updates existing ones, but does not delete records.

Important: If using create-only or upsert-only, you must manually clean up obsolete DNS records.

Gateway API Integration

External DNS is pre-configured to support Gateway API resources. When resources like Gateway or HTTPRoute are deployed, External DNS automatically creates the corresponding DNS records.

TXT Ownership Registry

External DNS uses an ownership registry to track and manage DNS records it controls. This ensures it only modifies records it owns, preventing conflicts with other actors managing the same DNS zones.

Configuration:

  • The txtPrefix is set to external-dns-, so all TXT records created by External DNS will start with this prefix.

Domain Filters

Use the domain-filter setting to restrict External DNS to specific DNS zones. Only hostnames matching the filter (e.g., in Ingress objects) will have records created.

For examples, also see the official documentation.