How to Create, Edit, and Delete DNS Records

Adding a domain you own to your DigitalOcean account lets you manage the domain's DNS records with the control panel and API. Domains you manage on DigitalOcean also integrate with DigitalOcean Load Balancers and Spaces to streamline automatic SSL certificate management.

Each type of DNS record has its own values and settings, and the sections below explain what each of these records are used for and what goes into the fields they contain.

All DNS records have one value in common: TTL, or time to live, which determines how long the record can remain cached before it expires. Loading data from a local cache is fast, but visitors won't see DNS changes until their local cache expires and updates with a new DNS lookup. As a result, higher TTL values give visitors faster performance and lower TTL values ensure that DNS changes are picked up quickly. All DNS records require a minimum TTL value of 30 seconds.

Create and Delete Records

You can add, modify, and delete DNS records for a domain from the Networking page. From the control panel, click the Networking in the main menu, then click on the domain you would like to manage.

To create a record, select the record type just below the heading, fill in the fields required for that record type, and click Create record. The supported record types sections below have detailed instructions for each type of record.

To modify or delete a record, open the record's More menu.

DNS record more menu expanded with Edit record and Delete options visible

Click Edit record to change the values for that record. To permanently delete the record, click Delete, then click Delete Record in the confirmation window.

These records will not take effect until you have updated your nameservers with your domain registrar and those changes have propagated, which can take up to 48 hours.

Supported Record Types

A Records

An A record maps an IPv4 address to a domain name. This determines where to direct any requests for a domain name.

On DigitalOcean, A records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (e.g. www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). To direct requests for a non-existent subdomain to a server or load balancer, enter *. However, if any kind of DNS record exists for a hostname, the wildcard will not apply; you will need to explicitly create an A record for it.
  • WILL DIRECT TO, which can be set to:
    • A DigitalOcean Droplet or Load Balancer by typing its name and selecting it from the menu.
    • A non-DigitalOcean resource by entering its IP address.

Setting an A record using DigitalOcean DNS looks like this:

A record

In this example, we entered the subdomain prefix test for the hostname. This will make DNS lookups for test.digitalocean.love will redirect to the Droplet we've chosen named ubuntu-1gb-sfo2-01 with the IP address 203.0.113.5.

Note
It is possible to add multiple records for the same DNS entry, each pointing to a different IP address. This supports a load distribution and balancing strategy known as Round Robin DNS.

AAAA Records

An AAAA record, also called a Quad A record, maps an IPv6 address to a domain name. This determines where to direct requests for a domain name in the same way that an A record does for IPv4 addresses.

On DigitalOcean, AAAA records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv6 address, enter the @ symbol.
    • A subdomain prefix (e.g. www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). To direct requests for a non-existent subdomain to a server or load balancer, enter *. However, if any kind of DNS record exists for a hostname, the wildcard will not apply; you will need to explicitly create an AAAA record for it.
  • WILL DIRECT TO, which can be set to:
    • A DigitalOcean Droplet by typing its name and selecting it from the menu. All Droplets will be displayed on the list, but only those with IPv6 addresses can be selected. DigitalOcean Load Balancers do not currently support IPv6.
    • A non-DigitalOcean resource by entering its IPv6 address.

Setting an AAAA record using DigitalOcean DNS looks like this:

AAAA record

In this example, we entered the subdomain prefix test for the same hostname from the A record example, digitalocean.love. This will make DNS lookups for test.digitalocean.love will redirect to the Droplet we've chosen named ubuntu-1gb-sfo2-01 with the IP address 2001:0d8:2:d0::24:9001.

CNAME Records

A CNAME record defines an alias for an A record; it points one domain to another domain instead of to an IP address. When the associated A record’s IP address changes, the CNAME will follow to the new address.

On DigitalOcean, CNAME records have the following fields.

  • HOSTNAME, which should be set to the subdomain prefix for the new alias you want to create.
  • IS AN ALIAS OF, which should be set to the hostname where the alias should point. For the alias to work, the hostname must have an A record or be handled by a wildcard A record. This can be:
    • The apex domain (@). To map a apex domain, like example.com, enter the @ symbol.
    • A subdomain (e.g. site.example.com).

Setting an CNAME record using DigitalOcean DNS looks like this:

CNAME record

In this example, we entered the subdomain prefix staging for the hostname and @ for the hostname to redirect to. This will make DNS lookups for staging.digitalocean.love will redirect to the apex domain, digitalocean.love.

MX Records

An MX record specifies the mail servers responsible for accepting email on behalf of your domain. Providers often make multiple name servers available so that if one is offline, another can respond. Each server needs its own MX record.

On DigitalOcean, MX records have the following fields.

  • HOSTNAME, which determines which host should accept email. In most cases, the hostname field should be set to @ so that it applies to the apex domain.
  • MAIL PROVIDERS MAIL SERVER, which points to the hostname with the A record for the mail server.
  • PRIORITY, which indicates the order in which the mail servers should contacted. This field takes a positive whole number where 1 is the highest priority.

Setting an MX record using DigitalOcean DNS looks like this:

MX record

The Add Gmail MX Records will add records for each of Google's mail servers automatically for use with G Suite. You'll see entries like aspmx.l.google.com.

TXT Records

A TXT record is used to associate a string of text with a hostname. These are primarily used to verify that you own a domain.

On DigitalOcean, TXT records have the following fields.

  • VALUE (e.g. example_name=example_value), which is a name-value pair separated by an equal sign, =.
  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (e.g. www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.

Setting a TXT record using DigitalOcean DNS looks like this:

TXT record with google-site-verification token entered

In this example, we added the verification token google-site-verification=EXAMPLEV0vtDHmdYgP4H4eHxjgoM8LHtkfRcKmt_5Rt to our apex domain to prove domain ownership for G Suite.

NS Records

An NS record specifies the name servers, or servers that provide DNS services, for a domain or subdomain. You can use these to direct part of your traffic to another DNS service or to delegate DNS administration for a subdomain.

On DigitalOcean, NS records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (e.g. www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). To direct requests for a non-existent subdomain to a server or load balancer, enter *. However, if any kind of DNS record exists for a hostname, the wildcard will not apply; you will need to explicitly create an A record for it.
  • WILL DIRECT TO, which should be set to the name server.

Setting an NS record using DigitalOcean DNS looks like this:

NS record with example nameserver

In the example, we entered ocean as the hostname and dns1.example.com as the name server. This means that DNS lookups for ocean.digitalocean.love will be directed to dns1.example.com.

Note
When you add a domain to DigitalOcean DNS, NS records pointing at DigitalOcean's name servers are automatically created for it.

SRV Records

A SRV record specifies a hostname and port number for a specific service to direct certain types of traffic to particular servers. Some services, like SIP (Session Initiation Protocol) and XMPP/Jabber (Extensible Messaging and Presence Protocol), require SRV records.

On DigitalOcean, SRV records have the following fields.

  • HOSTNAME (e.g. _service._protocol), which should be set to the service, like SIP, and protocol, like TCP or UDP. This field needs to begin with an underscore, _, and the service and protocol must be separated by a period and underscore, ._, resulting in an entry like _sip._udp.
  • WILL DIRECT TO, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (e.g. www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A fully qualified domain name, or FQDN (e.g. fqdn.example.com.). To use an FQDN, enter the FQDN with a period (.) at the end. This distinguishes it from a subdomain prefix.
  • PORT (e.g. 5060), which should be set to the port that the service listens on.
  • PRIORITY (e.g. 10), which indicates the importance of the host. This field takes a positive whole number where 1 is the highest priority.
  • WEIGHT (e.g. 100), which indicates the relative importance of the host between multiple records with the same priority. This field takes a positive whole number where the higher the number is, the more preference the record is given.

Setting a SRV record using DigitalOcean DNS looks like this:

SRV record with SIP configuration

In the example, we specified that our service uses SIP over UDP on port 5060, and we entered a subdomain prefix sip. This means that SIP requests will be directed to sip.digitalocean.love.

CAA Records

A CAA record specifies which certificate authorities are permitted to issue certificates for a domain. You can use them to reduce the risk of unintended certificate mis-issue. This section is only a brief overview; our detailed CAA record documentation has more information.

On DigitalOcean, CAA records have the following fields.

  • HOSTNAME, which can be set to:
    • The apex domain (@). To map a apex domain, like example.com, to an IPv4 address, enter the @ symbol.
    • A subdomain prefix (e.g. www). To create a subdomain, enter the subdomain prefix. For example, to create www.example.com, you would enter www.
    • A wildcard (*). To direct requests for a non-existent subdomain to a server or load balancer, enter *. However, if any kind of DNS record exists for a hostname, the wildcard will not apply; you will need to explicitly create an A record for it.
  • AUTHORITY GRANTED FOR, which can be set to:
    • The domain name for the certificate authority (e.g. letsencrypt.org).
    • A valid URI with contact information (e.g. https://contact.example.com or mailto:contact@example.com) as either the web address of a contact from or an email address. The iodef flag must be chosen to use this option.
  • TAG, which can be set to:
    • One of the three defined CAA tags, which are issue, issuewild, and iodef.
    • Custom tags defined by the certificate authority.
  • FLAGS, which is currently used to set an Issuer Critical flag. This is is an unsigned integer between 0 and 255 that specifies how a CA should behave when it encounters a tag it doesn't understand. For example, a zero (0) tells the CA to issue a certificate anyway, and a one (1) tells the CA to refuse.

Setting a CAA record using DigitalOcean DNS looks like this.

CAA record

In this example, we entered @ for so that a certificate can be issued for the apex domain, digitalocean.love. In the example, we've entered letsencrypt.org as the CA to grant them authority to issue certs for the apex domain (@), which is digitalocean.love.

PTR (rDNS) Records

A PTR (pointer) record, also known as an rDNS (reverse DNS) record, maps a domain name to an IP address.

We automatically create PTR records for Droplets based on the name you give that Droplet in the control panel. The name must be a valid FQDN, so using example.com as the Droplet name will create a PTR record, but ubuntu-s-4vcpu-8gb-fra1-01 or my-droplet will not. Droplets with IPv6 enabled will only have PTR records enabled for the first IPv6 address assigned to it, not to all 16 addresses available.