Setting up your DNS Services instance
Set up a IBM Cloud® DNS Services instance, DNS zones, permitted networks, and resource records by using the UI or API.
Creating a DNS Services instance in the UI
-
Open the IBM Cloud Catalog page.
-
Select the Networking category.
-
Click the DNS Services tile.
-
Choose a plan.
-
Enter Service name and click Create.
You are redirected to the DNS Services instance page showing DNS Zones information.
You can also navigate directly to the DNS Services instance creation by going to the DNS Services catalog entry.
Creating a DNS zone in the UI
- Navigate to the Resource page and select your DNS Services instance.
- On the DNS Zones page, click Create zone.
- In the Create Zone panel, enter your zone name. Optionally, enter a label and description.
- Click Create zone in the panel. If the zone is created successfully, you are redirected to the Zone Details page.
Creating an "A" resource record in the UI
- Navigate to the Resource page and select your DNS Services instance. Then select your zone.
- On the DNS Details page, click the DNS Records tab.
- Click Select record action, and select Add record from the list menu.
- In the Add Record panel, select the type of DNS record that you want to add from the Type menu. In this case, select the type A.
- Enter the required data for the type of DNS record you selected. In this case, for type A, enter Name and IPv4 Address.
- Click Add record in the panel.
Creating a permitted network in the UI
-
Navigate to the Resource page and select your DNS Services instance. Then select your zone.
-
Click the Permitted Networks tab.
-
Click Add network.
-
In the Add Network panel, select the region of your VPC from the Network Region menu.
-
Select the VPC from the Network menu that appears.
-
Click Add network.
This request adds the VPC network to your zone, thereby giving the network access to the zone.
Verifying the setup
To verify that your instance, zone, and record are performing correctly, run the following dig command:
dig @161.26.0.7 <Record type> <record name>
Example:
dig @161.26.0.7 A xyz.example.com
Creating a DNS Services instance with the API
See the create a new resource instance documentation for the Resource Controller API. Note that the resource_group and resource_plan_id must be set. Each account can have multiple resource groups, and each resource group has a unique ID.
Set the variables as follows to create an instance of the standard plan:
"resource_plan_id": "2c8fa097-d7c2-4df2-b53e-2efb7874cdf7",
See the Resource Controller API reference documentation for more information on using the API.
Command lines for instances are using resource controller API, not DNS APIs. These commands are equivalent to commands ibmcloud resource service-instance, which provide convenience for DNS users to manage DNS Services instances.
Creating a DNS zone with the API
You must create a VPC so that you can link your DNS zone to the VPC.
Store the API endpoint in a variable so you can use it in API requests without having to type the full URL. For example, to store the endpoint in a variable, run this command:
DNSSVCS_ENDPOINT=https://api.dns-svcs.cloud.ibm.com
To verify that this variable is saved, run echo $DNSSVCS_ENDPOINT and ensure the response is not empty.
After you gather details about your instance, run the following curl command to create a DNS zone:
Request
- INSTANCE_ID: GUID of the instance
- TOKEN: IAM OAUTH token
curl -X POST \
$DNSSVCS_ENDPOINT/v1/instances/$INSTANCE_ID/dnszones \
-H "Authorization: $TOKEN" \
-d '{
"name": "example.com",
"description": "The DNS zone is used for VPCs in the us-east region",
"label": "us-east"
}'
Response
{
"id": "example.com:2d0f862b-67cc-41f3-b6a2-59860d0aa90e",
"created_on": "2019-01-01T05:20:00.12345Z",
"modified_on": "2019-01-01T05:20:00.12345Z",
"instance_id": "1407a753-a93f-4bb0-9784-bcfc269ee1b3",
"name": "example.com",
"description": "The DNS zone is used for VPCs in the us-east region",
"state": "pending_network_add",
"label": "us-east"
}
Creating a permitted network with the API
DNS Services allows name resolution only from a VPC that was added to the DNS zone.
When a DNS zone gets created, its Status is PENDING_NETWORK_ADD. To move the zone to ACTIVE state, add an entry for your VPC to the zone's permitted network.
By adding your VPC to your zone's permitted network, compute instances on your VPC can access these resource records.
Request
curl -X POST \
$DNSSVCS_ENDPOINT/v1/instances/$INSTANCE_ID/dnszones/$DNSZONE_ID/acls \
-H "Authorization: $TOKEN" \
-d '{
"type": "vpc",
"acl_data": {
"vpc_crn": "crn:v1:staging:public:is:us-east:a/40705ee14536813e2385f26c20be24a5::vpc:ed5e3cdd-8a4f-45ce-bae4-2774cb028caf"
}
}'
Response
{
"id": "fecd0173-3919-456b-b202-3029dfa1b0f7",
"created_on": "2019-01-01T05:20:00.12345Z",
"modified_on": "2019-01-01T05:20:00.12345Z",
"acl_data": {
"vpc_crn": "crn:v1:staging:public:is:us-east:a/40705ee14536813e2385f26c20be24a5::vpc:ed5e3cdd-8a4f-45ce-bae4-2774cb028caf"
},
"type": "vpc"
}
Creating an "A" resource record with the API
An A Record (Address Record) is a DNS resource record that associates a domain or subdomain to an IPv4 address.
Request
name: FQDN, such aswww.example.comor the host, such aswww.type: Type of Record - A, AAAA, SRV, and so on.ip: IP address for the name.ttl: Time to live for the resource record.
curl -X POST \
$DNSSVCS_ENDPOINT/v1/instances/$INSTANCE_ID/dnszones/$DNSZONE_ID/resource_records \
-H "Authorization: $TOKEN" \
-d '{
"name":"www.example.com",
"type":"A",
"rdata": {
"ip":"1.2.6.7"
},
"ttl":300
}'
Response
{
"created_on":"2019-09-13 19:56:42.484382585 +0000 UTC",
"modified_on":"2019-09-13 19:56:42.484382585 +0000 UTC",
"rtype":"A",
"ttl":300,
"name":"www.example.com.testZone.com",
"id":"A:786c07c7-173e-473b-aa09-c186601a5709",
"rdata":{
"ip":"1.2.6.7"
}
}