Introduction to Vultr DNS

Vultr offers free DNS hosting for customers' domains. The nameservers are on an AnyCAST network and ensure fast DNS resolution. You are not required to use Vultr DNS when using other Vultr services, but it's fast, free, and easy to use. Here's how.

1. Create a new DNS Zone

1. Navigate to the DNS tab of the customer portal.

2. Click the Add Domain menu.

   

3. Enter the domain name and default IP address. Click Add.

   

The created domain has default A, MX, and NS records, and a wildcard CNAME for the domain.

2. Create DNS Records

To add DNS records, use the fields at the top of the DNS record list.

Fill in the appropriate values, as described below, then click the + icon in the Actions column. All records use the TTL value, which is is the "time to live" value, or the amount of time other DNS servers cache the DNS record. You do not usually need to modify this value.

3. Set the Domain's Nameserver

Change your domain's nameserver (NS) records, at the domain registrar where your domain name was purchased, to Vultr's primary and secondary name servers:

• ns1.vultr.com
• ns2.vultr.com

Only these two nameservers should be listed for your domain at your registrar. Delete any other nameservers to prevent conflicts. The specific instructions vary depending on your registrar, we recommend searching for "register nameserver ns records at YOUR_REGISTRAR_NAME" to locate step-by-step instructions for your registrar. Some registrars refer to this setting as your "personal nameservers, "custom nameservers", or "authoritative nameservers".

---

👉 When you change your domain's NS records to Vultr's name servers, all domain services are affected. Make sure your Vultr DNS records are correct before updating the NS records at your registrar.

---

DNS Record Types

A

An A (Address) record points the domain or subdomain to an IPv4 address.

• Name: Enter a hostname, or leave the field blank to set the domain default address. For example:
  • Enter test to create a record for test.example.org.
  • Leave the field blank if setting the domain default address for example.org.
• Data: Enter the IPv4 address.

AAAA

AAAA (Quad A) records works the same as A records, except for IPv6.

• Name: Enter a hostname, or leave the field blank to set the domain default address. For example:
  • Enter test to create a record for test.example.org.
  • Leave the field blank if setting the domain default address for example.org.
• Data: Enter the IPv6 address.

CAA

The CAA (Certification Authority Authorization) record specifies which certificate authorities can issue certificates for the domain.

• Name: Leave this field blank.
• Data: The CAA policy for your domain. A tool like CAA Record Helper may help generate your policy string.

CNAME

CNAME (Canonical Name) records create aliases that point to A or AAA records for DNS redirect. They can also point to CNAME records, but this results in multiple, inefficient DNS lookups.

• Name: Enter an instance name, such as foo.
• Data: Enter the name of an existing A, AAA, or CNAME record. For example, bar.

foo.example.org is now an alias for bar.example.org.

MX

MX (Mail Exchanger) records direct email to a mail server. MX records always point to a fully-qualified domain name, never to an IP address.

• Name: Leave blank.
• Data: Enter the fully-qualified domain name of the mail server. For example, mail.example.org.
• Priority: Enter a number. Lower numbers indicate higher priority.

Multiple MX records, pointing to multiple mail servers, may exist for example:

SMTP servers will attempt delivery to mail.example.org (priority 10) first. Then, if delivery fails, mail2.example.org.

NS

The NS (Name Server) record specifies the authoritative nameservers for a domain or a subdomain.

• Name: Leave blank.
• Data: Enter the fully-qualified domain name of the name server.

Vultr correctly sets the NS records to the default name servers when you create a DNS zone. The default name servers are:

• ns1.vultr.com
• ns2.vultr.com

Do not change these records unless creating a "vanity nameserver". If you create vanity nameservers, there is no guarantee that the IP addresses for ns1.vultr.com and ns2.vultr.com won't change in the future.

SRV

SRV (Service) records assist with service discovery for protocols such as VoIP and LDAP.

• Name: Enter the Service and Protocol, separated by a dot.
  • Example: _sip._tls
• Data: Enter the Weight, Port and Target. Separate the values with spaces.
  • Example: 1 443 sipserver.example.org
• Priority: Enter a number. Lower numbers indicate higher priority.

SSHFP

An SSHFP (Secure Shell fingerprint) record identifies SSH keys that are associated with a hostname. You should secure SSHFP records with DNSSEC.

• Name: Enter a fully-qualified instance name, such as test.example.org.

• Data: Enter the Algorithm, Fingerprint type and Fingerprint in hex. Separate the values with spaces. For example, if you use the RSA algorithm and SHA-1 fingerprint, your data would look like:

  1 1 6580deadbeef0920be418551eb9978b830f82935
  

The valid values for Algorithm and Fingerprint are below. For more details, please see our step-by-step guide guide Use SSHFP Records to Verify SSH Host Keys.

Algorithm

There are four different algorithms, each represented by an integer:

• 1 - RSA
• 2 - DSA
• 3 - ECDSA
• 4 - Ed25519

Fingerprint type

There are two fingerprint types, represented by an integer:

• 1 - SHA-1
• 2 - SHA-256

You can use ssh-keygen to generate SSHFP records with the -r parameter, followed by the hostname.

$ ssh-keygen -r test.example.org
test.example.org IN SSHFP 1 1 65809317c6510920be418551eb9978b830f82935

TXT

TXT (Text) records can store arbitrary string attributes for various purposes.

• Name: Enter data as desired.
• Data: Enter data as desired.

SOA Information

Use the Zone Settings tab of the Manage DNS Domain page to modify SOA information.

Limitations

The following limitations apply to Vultr DNS:

• No PTR: Vultr DNS does not support adding arpa zones to create PTR records. If you need to create a PTR record, please review our reverse DNS article.
• Minimum TTL: The minimum TTL is 120 seconds.

Enabling DNSSEC

Vultr allows you to enable DNSSEC for any domain on your account. Navigate to the Zone Settings tab within the Vultr DNS control panel and toggle the DNSSEC switch on.

You will have to provide your domain's registrar with the DS records listed on the Zone Settings page to finish DNSSEC setup. These records are unique to each domain, and cannot be recovered in the event you disable DNSSEC.

Once the records are set with your registrar, verify the DNSSEC setup with a tool like DNSViz.

Using Vultr DNS with cPanel

Vultr DNS cannot be used with cPanel in an automated fashion. If you run a cPanel server and plan on using Vultr DNS, you will need to manually add/edit your DNS zones and records. cPanel DNS clustering does not support Vultr's API.

Manage DNS via API

The Vultr API offers several endpoints to manage DNS.

DNS Domains

• List all DNS domains in your account.
• Create a DNS domain.
• Get information for the DNS domain.
• Update a DNS domain
• Set a reverse DNS entry for an IPv4 address.
• Delete a DNS domain.

DNS Records

• List the DNS records for the domain.
• Create a DNS record.
• Get information for a DNS record.
• Update the information for a DNS record.
• Delete a DNS record.

SOA

• Get SOA information for the DNS domain.
• Update the SOA information for the DNS domain.

DNSSEC

• Get the DNSSEC information for the DNS Domain.

FAQ

• Are Vultr DNS nameservers on an AnyCAST network?
  • Yes. Vultr runs its own AnyCAST network for DNS.
• Can I use Vultr DNS with my cPanel server?
  • Yes. However, you need to manually add domains and DNS records, as explained in this document's cPanel section.
• Does Vultr allow white-label DNS/vanity nameservers?
  • Vanity nameserver support is currently bound by the limitations listed in the "Limitations" section of this document. There are no immediate plans to remove any of these limitations.
• Does Vultr support Unicode records and domain names?
  • Yes. Records and domain names containing Unicode characters are automatically converted to punycode.
• Does Vultr support DNSSEC?
  • Yes. You can enable it for any domain on your account. For more information regarding DNSSEC, see Enabling DNSSEC.