Add DNS Records
Changing your domain’s NS to those defined by Arvancloud activates your domain’s DNS service. All your DNS records must be entered into your Arvancloud account to be resolved by Arvancloud. Doing so ensures that your subdomains load without problem. To add DNS records you need to know their types and how to add them to your account. This page helps you learn about the different types of DNS records and the required configuration.
A and AAAA Records
These records signify the IP of one domain. In this record, the name of a domain and the IP address associated with the physical server on which the content of that domain is located are stored. Be careful that this physical server means the main server hosting your site.
Title: This part includes the name of the domain or subdomain of your website. Using @ in this section points to your main domain. The format of the name should be as the following:
- It must begin with a letter or a number. Therefore, a domain’s name cannot start with a symbol (like $,#, etc.).
- The domain’s name can end with a letter or a number.
- The domain’s name cannot have symbols (like @,$, …) in it.
- The domain’s name can have a maximum of 63 characters.
Amount: This section includes the IP address of your website’s main server.
TTL: This determines the duration of time this record will be cached in Arvancloud servers. By default, the duration is set to 2 minutes, meaning that when a change is applied to the DNS record, it takes 2 minutes until it is applied throughout.
Use the following sample code to add an A record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data '{"type":"A","name":"test","cloud":false,"value":[{"country":"","ip":"8.8.8.8","port":null,"weight":null}],"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
If the main server of your website contains IPV6, you need to use the AAAA record. Here is how to configure it in the Record Management section:
Use the following sample code to add an AAAA record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data '{"type":"AAAA","name":"test","cloud":false,"value":[{"country":"","ip":"2001:0db8:85a3:0000:0000:8a2e:0370:7334","port":null,"weight":null}],"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
ANAME and CNAME Records
The job of the CNAME record is to send the request of one domain to another. For example, when a user types the address of example.com on their browser, the request would be sent to example1.com. This record does not directly point to a specific IP address.
To define this record, in the title section write the name of the domain or subdomain which will receive the requests from users, and in the value section, write down the name of the domain that the user’s requests must be redirected to.
Use the following sample code to add a CNAME record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data '{"type":"CNAME","name":"test","cloud":false,"value":{"host_header":"source","host":"cname.example.com","port":-1},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
ANAME record is a combination of an A record and a CNAME record. The only difference is in the performance which connects a domain directly to another IP address.
To send the requests of the main domain to another domain, you need to use the ANAME record.
Use the following sample code to add an ANAME record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data '{"type":"ANAME","name":"test","cloud":false,"value":{"host_header":"source","location":"aname.example.com","port":-1},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
NS Record
This signifies the DNS server where all the records of a domain are stored. A domain can have multiple NS records where one of which points to the main DNS server and others to the supporting DNS servers.
Please note that only in special cases you would need to define these records in the Record Management of your account.
Use the following sample code to add an NS record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data '{"type":"NS","name":"ns","cloud":true,"value":{"host":"ns1.example.com"},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
MX Record
This signifies the email server to which the emails of one domain must be sent.
This record must always be in the name of a domain and not in the name of an IP.
To configure this record, in the title section, select the name of the subdomain or character @ for the main domain, and in the value section enter the name of the domain from which you have received your email service. If you have more than one email server, you can create multiple MX records. Then, you can prioritize your desired email server.
Use the following sample code to add a MX record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data-raw '{"type":"MX","name":"@","cloud":true,"value":{"host":"mail.example.com","priority":"10"},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
Output of DIG:
SRV Record
This record signifies the supporting hosting from a specific service. To create this record in the DNS records, choose the SRV as the type and write the title in this format: @_service._proto.example.com. (for example, @_sip_tcp.example.com.). In the port section, add the port number on which the service is currently active. Finally, the value section should be in this format: exampledomain.com Moreover, If you plan to create multiple SRV records, you can use the weight and priority sections based on your needs.
The SRV record determines the priority and weight of the servers listed in it. The priority value in an SRV record allows for prioritizing a server that supports a specific service compared to the other ones. The server that has a lower priority receives more traffic than the rest. The performance of the weight is also somewhat similar since the server with more weight receives more traffic than the rest.
The main difference between the weight and priority is that the traffic’s priority is first examined. When the priority is different between the servers, the weight is not considered and traffic goes to the server with the lower priority. When the servers have identical priorities, weight becomes important. After examining the servers’ weight, the one with more weight receives most of the traffic.
Use the following sample code to add an SRV record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data '{"type":"SRV","name":"_http._tcp.","cloud":true,"value":{"port":"80","priority":"0","target":"example.com","weight":"50"},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
TXT Record
This record can include text and it can be used for various purposes, the most important being authenticating mail, and defining SPF and DKIM records. To create this record, select the TXT as type, in the title section @ (which points to the main domain), and in the amount section enter a text string.
Use the following sample code to add a TXT record via API:
curl --location 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data '{"type":"TXT","name":"txt","cloud":false,"value":{"text":"text-record"},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
CAA Record
The CAA record was developed to prevent the issuance of unauthorized security certificates for a domain. A DNS record can be used to specify which Certificate Authority (CA) can issue a certificate for a domain. This increases the level of security and integrity in the organization.
To register a record in the Arvancloud panel, click on DNS records and create a new CAA record after selecting the domain from the user panel.
Enter your desired domain name in the title field. If the record is related to the root of the domain, the word "@" should be entered in the title field, and if it is related to a specific subdomain, only its name should be entered.
In the tag field, specify the DNS behavior with the record. This tag considers three situations as valid:
- Only Allow Specific Hostnames: This state indicates that the CAA record is only valid for a specific hostname. (The hostname entered in the title field.)
- Only Allow Wildcard: This mode expresses the validity of the CAA record at the level of the entire domain, including the domain's root and all its subdomains.
- Send Violation Report in CAA DNS Record: This property specifies a method for CAs to report invalid certificate requests to the domain owner.
In the CA field, enter the name of the CA you want, for example: (letsencrypt.org)
Creating CAA record using API:
curl --location --request POST 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json;charset=UTF-8' \
--data-raw '{"type":"CAA","name":"@","cloud":true,"value":{"flag":0,"tag":"issuewild","value":"letsencrypt.org"},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
Output of DIG command:
Bind format of CAA record:
example.com. 120 IN CAA 0 issuewild "letsencrypt.org"
TLSA record
Applications that communicate over the Internet often need to prevent tampering or spoofing of their communications. Transport Layer Security (TLS) protocol provides this type of security with the help of encryption.
The security quality of cryptographic systems depends on the keys they use. If the private keys are revealed, or if the public keys can be replaced with fake keys, this encryption loses its security and utility.
The solution to this problem is to first ensure that the DNS records are not fake by using the DNSSEC infrastructure. Then store the hash of the public key of the desired host or the public key itself in the DNS server for the requested host, port, and protocol so that every time the user requests the public key from the web server in his browser, it matches the value declared in the DNS server and ensure its authenticity. TLSA record is designed and implemented for this process.
According to RFC 6698, this record contains 4 fields: Matching Type, Usage, Selector, and finally the requested certificate, whose structure is Hexadecimal. Also, in the title field, 3 values for port, protocol, and host should be entered.
Title: In the title section, you must first specify what the certificate can be used for as follows.
_port._protocol.host.domain.com
Selector: This value indicates the type of certificate (Full and with metadata or part of the public key). In other words, it specifies which part of the TLS certificate provided by the server matches the communication data. 0: Full Certificate 1: Subject Public Key
Usage: This value indicates the verification and trust method of the public key, which has 4 modes: 0: The certificate is requested and verified from CA Root and CA Intermediate. 1: It should be stated in the record which CA the certificate should be verified from and that CA must be trusted. 2: The process is similar to number 1, except that it does not need to be trusted. 3: The desired certificate does not need to be confirmed by CA, for example, it is Self-signed.
Matching Type: Specifies the presentation method of the desired public key, which includes 3 modes: 0: The public key is presented in full and is not encrypted. 1: The public key is encrypted with the SHA2-256 algorithm. 2: The public key is encrypted with the SHA2-512 algorithm.
It is recommended that you use SSL-tools to create the values and parameters of a record.
Creating TLSA record using API:
curl --location --request POST 'https://napi.arvancloud.ir/cdn/4.0/domains/example.com/dns-records' \
--header 'authority: napi.arvancloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY' \
--header 'content-type: application/json;charset=UTF-8' \
--data-raw '{"type":"TLSA","name":"_443._tcp.","cloud":true,"matching_type":"0","selector":"0","usage":"0"},"upstream_https":"default","ip_filter_mode":{"count":"single","geo_filter":"none","order":"none"},"ttl":120}'
PTR record
The task of the PTR record or Pointer Record is to collect information for Reverse DNS, which ultimately matches the domain name with its IP. Although the PTR record was initially developed to prevent emails sent from the respective IPs from being spammed, today domain verification is done in a better way using SPF, DKIM, and DMARC.
If you want to register an IP in RIPE in your name, you must register RIPE NSs on your IP as follows.
- First, you need to record the fourth octet of your IP in the title field of the record. (In the IP structure, each "." is a separator of an octet. For example, in 192.168.1.1, the value 192 represents the first octet, the value 168 equals the second octet, 1 equals the third octet, and the last 1 equals the fourth octet.
- In the record value field, you must register your IP as <octet_3>.<octet_2>.<octet_1>.
You can verify the correctness of the requested record and its availability by using the dig command:
Adding PTR record using API:
curl --location --request POST 'https://napi.arvancloud.ir/cdn/4.0/domains/3.2.1.in-addr.arpa/dns-records' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: Apikey 1-2-4-5' \
--header 'Content-Type: application/json' \
--data-raw '{"type":"PTR","name":"5","value":{"domain":"example.com"},"ttl":120}'