# ExternalDNS — Sync Kubernetes Services with DNS Providers > Kubernetes SIG controller that keeps Route 53, Cloudflare, Google Cloud DNS and 30+ other providers in sync with Services, Ingresses, and Gateway API routes. ## Install Save in your project root: # ExternalDNS — Sync Kubernetes Services with Your DNS Provider ## Quick Use ```bash helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/ helm upgrade --install external-dns external-dns/external-dns -n external-dns --create-namespace --set provider=aws --set "domainFilters[0]=example.com" --set policy=sync # Annotate a Service and let ExternalDNS create the record kubectl annotate svc my-api external-dns.alpha.kubernetes.io/hostname=api.example.com ``` ## Introduction ExternalDNS is a Kubernetes SIG project that keeps your DNS provider in sync with the Services, Ingresses, Gateway API routes, and other resources running in your cluster. Instead of manually creating A/AAAA/CNAME records for each exposed workload, you annotate the resource, and ExternalDNS reconciles the records in Route 53, Cloudflare, Google Cloud DNS, Azure, and 30+ other providers. ## What ExternalDNS Does - Watches Services, Ingresses, Gateway API HTTPRoutes, and CRDs for hostname metadata. - Creates/updates/deletes DNS records in the chosen provider to match cluster state. - Owns only records it created by storing ownership metadata in TXT records. - Supports multiple policies: `sync` (create + delete), `upsert-only`, or `create-only`. - Works across cloud DNS (AWS, GCP, Azure, OVH, Alibaba), CDNs (Cloudflare), and on-prem (PowerDNS, RFC2136, PiHole). ## Architecture Overview ExternalDNS runs as a single Deployment. On each reconcile tick it lists registered source types, compares the desired endpoints with the records currently published by the provider (filtered by ownership TXT records), and issues the minimum set of provider API calls. Ownership is tracked per record using a heritage TXT record — so multiple ExternalDNS instances can share a zone safely. The provider interface is pluggable; each provider implements Records, ApplyChanges, and optional zone discovery. ## Self-Hosting & Configuration - Pick a provider flag: `--provider=aws|google|cloudflare|azure|...`. - Scope records with `--domain-filter`, `--zone-id-filter`, and `--annotation-filter`. - Give the pod only DNS permissions: e.g. AWS IRSA with `route53:ChangeResourceRecordSets` on specific zones. - Tune `--interval` (default 1m) and `--txt-owner-id` for multi-cluster setups. - Enable Gateway API sources with `--source=gateway-httproute` for modern ingress stacks. ## Key Features - 30+ providers under one reconciler, including PiHole and RFC2136 for on-prem. - Gateway API support for the next generation of Kubernetes ingress. - Record ownership via TXT records prevents cross-cluster clobbering. - Works with any CRD that exposes a hostname via a configurable source. - Handles split-horizon DNS through multiple instances with distinct owner IDs. ## Comparison with Similar Tools - **cert-manager** — manages certificates; ExternalDNS manages records. Often deployed together. - **kubernetes-sigs/dns-controller** — an older K8s project; ExternalDNS superseded most uses. - **Cloudflare K8s Operator** — vendor-specific; ExternalDNS is provider-agnostic. - **AWS Load Balancer Controller** — creates ALBs; ExternalDNS creates the DNS records pointing at them. - **octodns** — declarative DNS from Git; ExternalDNS reconciles from live cluster state instead. ## FAQ **Q:** Does ExternalDNS create wildcard records? A: Yes, annotate the source with `*.example.com` and the provider supports wildcards. **Q:** What prevents it from deleting my manual records? A: TXT ownership markers. Records without the marker are left alone. **Q:** Can I run it against multiple clusters sharing one zone? A: Yes, give each instance a distinct `--txt-owner-id`. **Q:** Does it support Gateway API? A: Yes: HTTPRoute, TLSRoute, TCPRoute, UDPRoute, and GRPCRoute sources. ## Sources - https://github.com/kubernetes-sigs/external-dns - https://kubernetes-sigs.github.io/external-dns/ --- Source: https://tokrepo.com/en/workflows/458a67fd-38d7-11f1-9bc6-00163e2b0d79 Author: AI Open Source