Skip to content

DNS hosting

In this article

Configuring DNS on the domain name registrar's side

DNS 1 setup can be done with your domain registrar. To accomplish this task, navigate to your domain settings, select your registrar's NS servers, and input the following A-records for your domain for IPv4 or AAAA-records for IPv6.

Record Subdomain IP-address/Data
A @ Server IP
A www Server IP

or

Record Subdomain IP-address/Data
A @ Server IP
CNAME www Server IP

Attention

All additional record changes for the domain must be made in the domain settings at the registrar.

Configuring DNS using HOSTKEY name servers in the control panel

Ensure that the domain name settings on the registrar's side include a link to the HOSTKEY DNS servers. If there is no link, add it.

To specify your list of DNS-servers for your domain, go to the DNS-servers settings in your domain name registrar's personal cabinet and set the following values: ns1.hostkey.com, ns2.hostkey.com, and ns3.hostkey.com.

Attention

Any changes made to the DNS zone, including modifications to naming servers or DNS records, may take up to 24 hours to be applied.

Note

Failure to set an NS server on either the registrar or HOSTKEY side will result in your domain not being delegated.

To navigate to the DNS management in Invapi, use the submenu with the user name and select DNS zones management:

Adding a DNS Zone

DNS is divided into multiple DNS zones 2 that clearly define managed areas within the DNS namespace.

The DNS zone is added using the Add DNS zone dialog box in the DNS zones management section.

  • Name — DNS zone name. This must be a fully qualified domain name FQDN).
  • SOA record (TTL, Mname, and others from the SOA record section) — see SOA record for details;
  • Two NS records — see NS Entry for details.

Note

All fields except the Name field are pre-populated with recommended values, so all you need to do is add your domain and click on Add new DNS zone button.

Deleting a DNS Zone

To delete a DNS zone, select it from the drop-down list next to DNS Zone, and then click Delete DNS Zone.

Modifying DNS records

To configure a DNS record:

  1. Open the DNS Zone Management section by selecting the DNS Hosting submenu from the drop-down menu by clicking on the user name;
  2. To add or modify a DNS record, select the desired zone from the drop-down list next to DNS zone.
  3. If you want to add a new record, click Add a new DNS record button and select the record type from the drop down list.
  4. If you want to modify or delete an existing record, click on the DNS record you want to update or delete.
  5. Fill in the fields or make changes in the dialogue box that opens.
  6. Click Add record to add a new record or Save record to modify an existing one.

You can configure the following records for domains and subdomains:

SOA record

In the dialogue box specify the SOA record fields:

  • TTL — the lifetime. This is a field in DNS records that determines how long each record is valid, and therefore how long it takes for record updates to reach end users. Longer TTLs speed up DNS lookups by increasing the likelihood of cached results, but a longer TTL also means that record updates take longer to take effect.
  • Mname — the primary master name server for this DNS zone.
    • UPDATE requests must be redirected to the master.
    • NOTIFY requests are propagated outward from the main master.
  • Rname — the email address of the administrator responsible for this DNS zone. As usual, the email address is encoded as a name. The part of the email address before the @ becomes the first label of the name; the domain name after the @ becomes the rest of the name. In the zone file format, the dots in the labels are escaped with a backslash, so the email address [email protected] would be represented in the zone file as john\.doe.example.com.
  • Serial — the serial number for this DNS zone. If a secondary name server slave to this server notices an increase in this number, the slave server assumes that the zone has been updated and initiates a zone transfer:
  • Refresh — the number of seconds after which secondary name servers must request a record from the master SOA server to detect changes to the DNS zone. Recommended for small and stable DNS zones: 86400 seconds (24 hours).
  • Retry — the number of seconds after which secondary name servers should retry to request a serial number from the master server if the master server does not respond. This should be smaller than Refresh. Recommended for small and stable DNS zones: 7200 seconds (2 hours).
  • Expire — the number of seconds after which secondary name servers should stop responding to queries for this DNS zone if the primary server does not respond. This value should be greater than the sum of updates and retries. Recommended for small and stable DNS zones: 3600000 seconds (1000 hours).
  • Minimum — is used when calculating the lifetime for negative caching. Authoritative name servers accept the lower of the SOA TTL and the SOA minimum to send as the SOA TTL for negative replies. Resolvers use the resulting SOA TTL to figure out how long they are allowed to cache a negative response. The recommendation for small and stable DNS zones is 172800 seconds (2 days). This field originally had a value of the minimum TTL for resource records in that DNS zone; its current value was changed in RFC 2308.

Attention

Only change SOA record values if you are sure they are correct. Incorrect values will cause problems when resolving access to your server by domain name.

NS record

In the dialogue box specify NS record fields:

  • Name — record name, empty for the DNS zone itself;
  • TTL — the lifetime (caching) of the record in seconds. This is how long other DNS servers can cache this record. This is usually set to 3600;
  • Data — one or more FQDN separated by a space. For example: ns1.example.com ns2.example.com.

A record

In the dialogue box specify the A record fields:

The following are the A fields of the record:

  • Name — record name for the subdomain, empty for the DNS zone itself (@);
  • TTL — the lifetime. Usually taken to be equal to 3600;
  • Data — one or more IPv4 addresses separated by a space. For example: 104.17.210.9 104.17.210.20. This is usually your server's address.

Note

You can find your server's IP address in the Network tab of your server's control panel in Invapi.

AAAA record

In the dialogue box, specify the AAAA record fields:

  • Name — record name, empty for the DNS zone itself;
  • TTL — the lifetime, usually taken as 3600;
  • Data — one or more IPv6 addresses separated by a space. For example: 2606:4700:4700::1111 2606:4700:4700::1001.

CNAME record

In the dialogue box specify the CNAME record fields:

  • Name — record name, empty for the DNS zone itself;
  • TTL — the lifetime, usually taken as 3600;
  • Data — one FQDN. For example: example.com.

MX record

In the dialogue box specify the MX record fields:

  • Name — record name, empty for the DNS zone itself;
  • TTL — the lifetime, usually taken as 3600;
  • Priority — specifies which mail server should be preferred. A lower "priority" value, such as 10 or 20, is preferred;
  • Data — one or more mail server FQDN, IPv4 and IPv6. For example mail.example.com 2606:4700:4700::1001 104.17.210.20:

TXT record

In the dialogue box specify the TXT record fields:

  • Name — record name, empty for the DNS zone itself;
  • TTL — the lifetime, usually taken as 3600;
  • Data — Text (without quotation marks):

Note

For example, using a TXT record to create a DKIM record

DKIM record

In the dialogue box specify the DKIM record fields:

  • Name — record name, empty for the DNS zone itself;
  • TTL — the lifetime, usually taken as 3600;
  • Datav=DKIM1; p=[Public key]

SPF record

In the dialogue box specify the SPF record fields:

  • TTL - the lifetime, usually taken as 3600;
  • Datav=spf1 ip4=192.0.2.0 ip4=192.0.2.1 include:examplesender.email [-//+]all

SRV record

In the dialogue box specify the SRV record fields:

  • Service — symbolic name of the desired service;
  • Protocol — the transport protocol of the service you want to use, usually TCP or UDP;
  • TTL — the lifetime, usually taken as 3600;
  • Priority — the priority of the target host; a lower value means more preferred;
  • Weight — the relative weight of entries with the same priority, a higher value means a higher chance of being selected;
  • Port — TCP or UDP port where the service should be found;
  • Target — canonical hostname of the machine providing the service:

Configuring a subdomain

A subdomain 3 is an additional part of the main domain name. Subdomains are created to organize and navigate different areas of the site. You can create multiple subdomains or child domains within the main domain.

To configure subdomains you need to:

  1. Open the DNS zones management.
  2. If you want to add a new subdomain, click on the Add subdomain button. The appropriate dialogue box opens
  3. If you want to modify or delete an existing subdomain, click on the subdomain you want to update or delete.

In the window that opens, there are 2 fields to fill in:

  • Name — The name of the subdomain. It must be between 1 and 63 characters long and consist of the letters a-z, A-Z, 0-9 and may contain the .- characters in the middle.
  • Server — The server on which the subdomain is located. May be empty. Selecting a server will add an A record using the server's IP address in the subdomain's DNS zone. If you deselect the server, the A record will be deleted accordingly.

Verifying DNS record additions

To confirm the addition and assignment of DNS zones and records for a domain, use the dig utility from the console or check through online tools such as Google's DNS Lookup service or DNS Checker.

Managing DNS with the API

API calls can be used to add, modify, or delete DNS zones and records, as well as retrieve their current values.

Types of DNS records

DNS records are instructions stored on authoritative DNS servers. They provide information about a zone, including the associated IP address and how to handle queries. The records use DNS syntax, which is a string of characters that commands the DNS server. DNS records have a TTL, which stands for time to live. This indicates how often the DNS server updates the record.

Every DNS zone should have a minimum set of DNS records to enable users to access their website using the domain name. Additional records may serve other purposes.

The main types of DNS records:

  • SOA record

    A "start of authority" (SOA) DNS record contains essential information about a DNS zone, including the email address of the administrator, the last time the zone was updated, and the interval the server waits between updates.

    To comply with IETF standards, all DNS zones require a Start of Authority (SOA) record. This record is also crucial for zone transfers and will be automatically added upon creation of the DNS zone.

  • NS record

    NS is an abbreviation for nameserver. An NS record specifies the DNS server that is authoritative for a DNS zone, i.e. the server that contains the actual DNS records. NS records inform the Internet where to find the IP address of the DNS zone. A DNS zone usually has multiple NS records that indicate the primary and secondary name servers for that zone. Properly configured NS records are essential for users to access a website or application.

  • A record

    "A" represents the address record, which is the most basic type of DNS record. It specifies the IP address of a particular DNS zone.

    A records are limited to IPv4 addresses, while AAAA records are used for websites with IPv6 addresses.

  • AAAA record

    AAAA records map a domain name to an IPv6 address. They are similar to A records, but store the IPv6 address instead of the IPv4 address.

  • CNAME record

    A "Canonical Name" (CNAME) record points from a domain alias to a "canonical" domain. A CNAME record is used instead of an A record when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, not an IP address.

    Suppose blog.example.com has a CNAME record with the value example.com (without blog). This means that when the DNS server hits the DNS record for blog.example.com, it actually performs another DNS lookup for example.com and returns the IP address of example.com via its A record. In this case, we would say that example.com is the canonical (or true) name of blog.example.com.

  • MX record

    The "Mail Exchange" (MX) DNS record directs email to the mail server. An MX record specifies how email messages should be routed according to SMTP, the standard protocol for all email. Like CNAME records, an MX record must always point to a different domain.

  • TXT record

    A text (TXT) record allows a domain administrator to enter text into the Domain Name System (DNS). A TXT record was originally designed to store human readable notes. However, TXT records can now also contain some machine-readable data. A single domain may have several TXT records.

  • DKIM record

    DomainKeys Identified Mail (DKIM) is an email authentication method that helps prevent spammers and other attackers from masquerading as a legitimate domain.

    All email addresses have a domain - the part of the address after the @ symbol. Spammers and attackers can try to impersonate the domain when sending emails to carry out phishing attacks or other types of fraud.

  • SPF record

    "A Sender Policy Framework" (SPF) record is a type of TXT record that lists all the servers that have permission to send email from a particular domain.

    SPF records were originally created because the standard protocol used for email, Simple Mail Transfer Protocol (SMTP), does not inherently authenticate the from address in an email. This means that without SPF or other authentication records, an attacker could easily impersonate the sender and trick the recipient into taking an action or sharing information that they would not otherwise do.

  • SRV record

    The "Service" (SRV) record specifies the host and port for specific services such as Voice over IP (VoIP), instant messaging, etc. Most other DNS records only specify a server or IP address, but SRV records also include a port on that IP address. Some Internet protocols require SRV records to function.

Adding a Domain Name Example

Adding DNS Zone and Records

To set up a domain name on Invapi, follow these steps.

  1. Log in to your Invapi account.

    • Navigate to the DNS Hosting section in your account menu.
    • Click the Add DNS zone button.
    • In the Add DNS zone form, enter your domain name (myowndomain.com) in the Name field.
    • Click the Add a new DNS zone button to create a new DNS zone.

  2. Add an A record for the domain.

    • In Invapi's DNS settings, click the Add new DNS record button and select A.
    • In the form that appears, enter @ in the Name field, and your server IP address in the Data field.
    • Click the Add Record button.

  3. Add a CNAME record for the www. subdomain.

    • In Invapi's DNS settings, click the Add new DNS record button and select CNAME.
    • In the form that appears, enter www in the Name field, and your domain name (myowndomain.com) in the Data field.
    • Click the Add Record button.

Note

Alternatively, you can add a second A record with values Name = www and Data = server IP address.

If everything is correct, you should see similar parameter settings for your DNS zone:

Name Type Data
@ SOA ns1.hostkey.com. johnhostkey@example.net. 2024050803 14400 3600 604800 3600
@ NS ns1.hostkey.com ns2.hostkey.com
@ A 176.222.34.23
www CNAME myowndomain.com

Verifying DNS Record Propagation

Wait for the DNS records to propagate across the entire internet (this may take anywhere from 2 to 24 hours). Use commands dig or nslookup to verify that your DNS records are being served by HOSTKEY's NS servers:

dig myowndomain.com
dig www.myowndomain.com

nslookup myowndomain.com
nslookup www.myowndomain.com

Standard NGINX-Certbot for Automatic SSL Certificate Acquisition

The HOSTKEY infrastructure utilizes a standard solution based on NGINX and Certbot for managing SSL certificates. This solution leverages the official docker-nginx-certbot image and automatically manages SSL certificates for all client control panels.

After deploying the nginx-certbot container, the docker-compose file is located in the /root/data/nginx directory, and the default configuration resides in the user_conf.d subdirectory of that same directory. This structure enables configuring additional parameters, such as:

  • Changing the email address for Let's Encrypt;
  • Customizing Nginx configuration;
  • Adding custom domains.

To ensure service functionality, the following prerequisites are required:

  1. Properly configured DNS records for the domains;
  2. Open port 80 for Let's Encrypt validation;
  3. Open port 443 for HTTPS connections.

  1. The Domain Name System (DNS) is the "phone book" of the Internet. When users type domain names such as google.com or hostkey.com into web browsers, the DNS is responsible for finding the correct IP address for these sites. The browsers then use these addresses to communicate with source servers or CDN edge servers to access the website information. All this happens thanks to DNS servers: machines designed to respond to DNS queries. 

  2. This is a portion of the DNS namespace that is under the management of a specific organization or administrator. It is an administrative space that provides more granular control over DNS components, such as authoritative name servers. The domain name space is a hierarchical tree with the DNS root domain at the top. A DNS zone begins with a domain in the tree and can extend to subdomains, allowing a single entity to manage multiple subdomains. 

  3. Subdomains function as a website separate from its domain. This distinction allows a section of a website to develop without confusing the overall purpose of the site. Because they are different from a TLD, a subdomain may require additional resources for content management, technical SEO and website infrastructure to be effective. But well-managed subdomains can increase the chances of gaining niche authority, adding value for customers, improving search visibility and driving organic traffic for the brand as a whole.