# External-DNS — Automatic DNS Records for Kubernetes Services > External-DNS watches Kubernetes Services and Ingresses and automatically creates, updates, and deletes DNS records in providers like Route53, Cloudflare, and Google Cloud DNS to keep DNS in sync with your cluster. ## Install Save in your project root: # External-DNS — Automatic DNS Records for Kubernetes Services ## Quick Use ```bash # Install via Helm helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ helm install external-dns external-dns/external-dns --set provider.name=aws --set env[0].name=AWS_DEFAULT_REGION --set env[0].value=us-east-1 -n kube-system # Annotate a service to create a DNS record kubectl annotate service my-app external-dns.alpha.kubernetes.io/hostname=app.example.com ``` ## Introduction External-DNS bridges the gap between Kubernetes networking and DNS providers. When you expose a service or create an ingress with a hostname annotation, External-DNS automatically provisions the matching DNS record in your provider. When resources are deleted, the DNS records are cleaned up. This eliminates manual DNS management and ensures records always reflect the live cluster state. ## What External-DNS Does - Watches Services, Ingresses, and Gateway API resources for hostname annotations - Creates A, AAAA, CNAME, and TXT records in 40+ DNS providers automatically - Cleans up stale DNS records when Kubernetes resources are deleted - Supports ownership tracking via TXT records to avoid conflicts with manually managed entries - Runs as a single Deployment with configurable sync intervals ## Architecture Overview External-DNS runs a reconciliation loop: it lists DNS-relevant Kubernetes resources, extracts desired hostnames and IP addresses, compares them against existing records from the DNS provider API, and applies a diff. Ownership TXT records are created alongside each managed record to prevent External-DNS from modifying records it did not create. The loop runs every minute by default and is idempotent. ## Self-Hosting & Configuration - Deploy as a Helm chart or plain Kubernetes Deployment manifest - Set the provider flag (aws, cloudflare, google, azure, etc.) and configure credentials via env vars or service accounts - Use `--domain-filter` to restrict which domains External-DNS can manage - Enable `--policy=upsert-only` if you want to prevent automatic record deletion - Configure RBAC to give External-DNS read access to Services, Ingresses, and Endpoints ## Key Features - Supports 40+ DNS providers including AWS Route53, Cloudflare, Google Cloud DNS, Azure DNS, and DigitalOcean - Gateway API support for HTTPRoute and TLSRoute resources - Ownership model prevents overwriting DNS records created outside External-DNS - Dry-run mode logs planned changes without applying them - Multiple sources: Services (LoadBalancer, NodePort), Ingresses, Istio VirtualServices, and CRDs ## Comparison with Similar Tools - **Manual DNS management** — error-prone and out of sync; External-DNS automates the loop - **cert-manager** — manages TLS certificates, not DNS records; often used alongside External-DNS - **CoreDNS** — cluster-internal DNS resolution, not external provider record management - **Terraform DNS providers** — infrastructure-as-code approach but not reactive to Kubernetes state changes - **AWS CDK/Pulumi** — static infrastructure definitions vs dynamic reconciliation with cluster state ## FAQ **Q: Can I use External-DNS with multiple DNS providers at once?** A: Run separate External-DNS instances, each configured for a different provider and filtered by domain. **Q: Will External-DNS delete records I created manually?** A: No. It uses TXT ownership records and only manages entries it created. The default policy is safe. **Q: Does it work with private hosted zones?** A: Yes. Configure the provider to target private zones by zone ID or use domain filters. **Q: How often does it sync?** A: Every 60 seconds by default. Adjust with `--interval` flag. ## Sources - https://github.com/kubernetes-sigs/external-dns - https://kubernetes-sigs.github.io/external-dns/ --- Source: https://tokrepo.com/en/workflows/1999538f-3943-11f1-9bc6-00163e2b0d79 Author: AI Open Source