ConfigsApr 16, 2026·3 min read

External-DNS — Automatic DNS Records for Kubernetes Services

External-DNS watches Kubernetes Services and Ingresses and automatically creates, updates, and deletes DNS records in providers like Route53, Cloudflare, and Google Cloud DNS to keep DNS in sync with your cluster.

AI Open Source
AI Open Source · Community
TL;DR
External-DNS syncs Kubernetes service endpoints to DNS providers like Route53 and Cloudflare.
§01

What it is

External-DNS is a Kubernetes controller that watches Services, Ingresses, and other resources and automatically creates, updates, and deletes DNS records in external DNS providers. It supports Route53, Cloudflare, Google Cloud DNS, Azure DNS, and many others. DNS configuration becomes declarative: define your service with an annotation, and External-DNS handles the rest.

This tool is for Kubernetes platform engineers who want DNS to stay in sync with cluster state without manual record management.

§02

How it saves time or tokens

Without External-DNS, deploying a new service to Kubernetes requires manual DNS record creation. External-DNS automates this entirely. When a service is created with the right annotation, DNS records appear. When the service is deleted, records are cleaned up. This eliminates a common source of deployment friction and human error.

§03

How to use

  1. Deploy External-DNS to your Kubernetes cluster.
  2. Configure it with your DNS provider credentials.
  3. Add annotations to your Services or Ingresses.
  4. DNS records are created and managed automatically.
# Install External-DNS via Helm
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/

helm install external-dns external-dns/external-dns \
  --set provider=cloudflare \
  --set cloudflare.apiToken=your-token \
  --set domainFilters[0]=example.com
§04

Example

An annotated Kubernetes Service:

apiVersion: v1
kind: Service
metadata:
  name: my-app
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
    external-dns.alpha.kubernetes.io/ttl: '300'
spec:
  type: LoadBalancer
  ports:
    - port: 80
      targetPort: 8080
  selector:
    app: my-app

External-DNS creates an A record for app.example.com pointing to the LoadBalancer IP.

# Ingress example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app-ingress
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
spec:
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-app
                port:
                  number: 80
§05

Related on TokRepo

§06

Common pitfalls

  • External-DNS needs proper RBAC and DNS provider permissions. Missing permissions cause silent failures without DNS records.
  • The --domain-filter flag is important. Without it, External-DNS may try to manage DNS records for domains you do not own.
  • DNS propagation takes time. Do not expect records to be resolvable immediately after service creation.
  • Multiple External-DNS instances managing the same zone can conflict. Use --txt-owner-id to prevent conflicts.
  • Deleting a namespace does not always trigger cleanup. Ensure External-DNS has access to watch deletion events.
  • Review the official documentation before deploying to production to ensure compatibility with your specific environment and requirements.
  • Start with default settings and customize incrementally. Changing too many configuration options at once makes debugging harder.

Frequently Asked Questions

Which DNS providers does External-DNS support?+

External-DNS supports AWS Route53, Cloudflare, Google Cloud DNS, Azure DNS, DigitalOcean, Linode, RFC2136 (BIND), and many others. The full list is in the documentation.

Does External-DNS create CNAME or A records?+

It depends on the source. LoadBalancer services with IP addresses create A records. Services with hostnames create CNAME records. You can configure the record type with annotations.

Is External-DNS safe for production?+

Yes. External-DNS is a CNCF project used in production by many organizations. Use domain filters, txt-owner-id, and registry settings to prevent accidental record changes.

Can External-DNS manage records across multiple providers?+

A single External-DNS instance manages one provider. For multiple providers, deploy separate External-DNS instances, each configured for its provider.

How does External-DNS handle record cleanup?+

When a Kubernetes resource is deleted, External-DNS removes the corresponding DNS record. It uses TXT ownership records to track which records it manages, preventing deletion of manually created records.

Citations (3)
Related on TokRepo
DevOps toolsAutomation toolsFeatured workflows

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Conda — Cross-Platform Package and Environment Manager

Install, update, and manage packages and isolated environments for Python, R, C/C++, and hundreds of other languages from a single tool.

AI Open Source

Sphinx — Python Documentation Generator

Generate professional documentation from reStructuredText and Markdown with cross-references, API autodoc, and multiple output formats.

AI Open Source

Neutralinojs — Lightweight Cross-Platform Desktop Apps

Build desktop applications with HTML, CSS, and JavaScript using a tiny native runtime instead of bundling Chromium.

AI Open Source
Home🔍Search👤Me