ConfigsApr 15, 2026·3 min read

ExternalDNS — Sync Kubernetes Services with DNS Providers

Kubernetes SIG controller that keeps Route 53, Cloudflare, Google Cloud DNS and 30+ other providers in sync with Services, Ingresses, and Gateway API routes.

AI Open Source
AI Open Source · Community
TL;DR
Kubernetes controller that auto-syncs DNS records with 30+ providers based on Services and Ingresses.
§01

What it is

ExternalDNS is a Kubernetes SIG controller that automatically manages DNS records based on your Kubernetes resources. When you create a Service with a hostname annotation or an Ingress with a host rule, ExternalDNS creates the corresponding DNS records in your provider (Route 53, Cloudflare, Google Cloud DNS, Azure DNS, and 30+ others). When you delete the resource, the DNS record is cleaned up.

ExternalDNS targets platform engineers who want DNS management to be declarative and automatic rather than manual. It closes the gap between deploying a service and making it reachable by name.

§02

How it saves time or tokens

Manually creating DNS records for every Kubernetes service is error-prone and slow. ExternalDNS makes DNS a side effect of deploying your application. You annotate your Service or Ingress with the desired hostname, and the controller handles the rest. This eliminates the need for Terraform DNS modules, manual console clicks, or API scripts for routine DNS operations.

§03

How to use

  1. Install ExternalDNS via Helm:
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
helm upgrade --install external-dns external-dns/external-dns \
  --set provider=cloudflare \
  --set cloudflare.apiToken=YOUR_TOKEN \
  --set policy=sync
  1. Annotate a Service with a hostname:
apiVersion: v1
kind: Service
metadata:
  name: my-app
  annotations:
    external-dns.alpha.kubernetes.io/hostname: app.example.com
spec:
  type: LoadBalancer
  ports:
    - port: 80
  selector:
    app: my-app
  1. ExternalDNS detects the annotation and creates an A record pointing app.example.com to the LoadBalancer IP.
§04

Example

Using ExternalDNS with an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
    - host: api.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api-service
                port:
                  number: 8080

ExternalDNS reads the host field and creates the DNS record automatically.

§05

Related on TokRepo

§06

Common pitfalls

  • The policy=sync mode deletes DNS records not managed by ExternalDNS; use policy=upsert-only if you have existing manual records you want to preserve
  • Each DNS provider requires specific credentials and permissions; check the ExternalDNS provider documentation for the minimum required IAM policy
  • TXT ownership records are created alongside A/CNAME records; do not delete them or ExternalDNS will lose track of which records it manages

Frequently Asked Questions

Which DNS providers does ExternalDNS support?+

ExternalDNS supports 30+ providers including AWS Route 53, Cloudflare, Google Cloud DNS, Azure DNS, DigitalOcean, Linode, OVH, and many others. Community-maintained providers extend coverage further.

Does ExternalDNS work with Gateway API?+

Yes. ExternalDNS supports Gateway API resources (HTTPRoute, Gateway) in addition to traditional Services and Ingresses. This makes it compatible with modern Kubernetes networking standards.

What happens when I delete a Service?+

If the policy is set to 'sync', ExternalDNS deletes the corresponding DNS record. With 'upsert-only' policy, records are created and updated but never deleted. Choose the policy based on your operational requirements.

Can multiple ExternalDNS instances manage different zones?+

Yes. You can run multiple ExternalDNS deployments, each configured with different domain filters and provider credentials. This is common in multi-team or multi-account setups.

Does ExternalDNS support wildcard records?+

Yes. You can annotate a Service or Ingress with a wildcard hostname like '*.example.com'. ExternalDNS will create the corresponding wildcard DNS record in your provider.

Citations (3)
Related on TokRepo
DevOps toolsAutomation toolsFeatured workflows

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Conda — Cross-Platform Package and Environment Manager

Install, update, and manage packages and isolated environments for Python, R, C/C++, and hundreds of other languages from a single tool.

AI Open Source

Sphinx — Python Documentation Generator

Generate professional documentation from reStructuredText and Markdown with cross-references, API autodoc, and multiple output formats.

AI Open Source

Neutralinojs — Lightweight Cross-Platform Desktop Apps

Build desktop applications with HTML, CSS, and JavaScript using a tiny native runtime instead of bundling Chromium.

AI Open Source
Home🔍Search👤Me