hide: - toc - navigation

ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers.
This README is a part of the complete documentation, available here and DeepWiki.
Inspired by Kubernetes DNS, Kubernetes' cluster-internal DNS server, ExternalDNS makes Kubernetes resources discoverable via public DNS servers. Like KubeDNS, it retrieves a list of resources (Services, Ingresses, etc.) from the Kubernetes API to determine a desired list of DNS records. Unlike KubeDNS, however, it's not a DNS server itself, but merely configures other DNS providers accordingly—e.g. AWS Route 53 or Google Cloud DNS.
In a broader sense, ExternalDNS allows you to control DNS records dynamically via Kubernetes resources in a DNS provider-agnostic way.
The FAQ contains additional information and addresses several questions about key concepts of ExternalDNS.
To see ExternalDNS in action, have a look at this video or read this blogpost.
ExternalDNS allows you to keep selected zones (via --domain-filter) synchronized with Ingresses and Services of type=LoadBalancer and nodes in various DNS providers:
ExternalDNS is, by default, aware of the records it is managing, therefore it can safely manage non-empty hosted zones.
We strongly encourage you to set --txt-owner-id to a unique value that doesn't change for the lifetime of your cluster.
You might also want to run ExternalDNS in a dry run mode (--dry-run flag) to see the changes to be submitted to your DNS Provider API.
Note that all flags can be replaced with environment variables; for instance,
--dry-run could be replaced with EXTERNAL_DNS_DRY_RUN=1.
No new provider will be added to ExternalDNS in-tree.
ExternalDNS has introduced a webhook system, which can be used to add a new provider. See PR #3063 for all the discussions about it.
Some known providers using webhooks are the ones in the table below.
NOTE: The maintainers of ExternalDNS have not reviewed those providers, use them at your own risk and following the license and usage recommendations provided by the respective projects. The maintainers of ExternalDNS take no responsibility for any issue or damage from the usage of any externally developed webhook.
| Provider | Repo |
|---|---|
| Abion | https://github.com/abiondevelopment/external-dns-webhook-abion |
| Adguard Home Provider | https://github.com/muhlba91/external-dns-provider-adguard |
| Anexia | https://github.com/anexia/k8s-external-dns-webhook |
| Bizfly Cloud | https://github.com/bizflycloud/external-dns-bizflycloud-webhook |
| ClouDNS | https://github.com/rwunderer/external-dns-cloudns-webhook |
| deSEC | https://github.com/michelangelomo/external-dns-desec-provider |
| DigitalOcean | https://github.com/amoniacou/external-dns-digitalocean-webhook |
| Dreamhost | https://github.com/asymingt/external-dns-dreamhost-webhook |
| Efficient IP | https://github.com/EfficientIP-Labs/external-dns-efficientip-webhook |
| Gcore | https://github.com/G-Core/external-dns-gcore-webhook |
| GleSYS | https://github.com/glesys/external-dns-glesys |
| Hetzner | https://github.com/mconfalonieri/external-dns-hetzner-webhook |
| Huawei Cloud | https://github.com/setoru/external-dns-huaweicloud-webhook |
| IONOS | https://github.com/ionos-cloud/external-dns-ionos-webhook |
| Infoblox | https://github.com/AbsaOSS/external-dns-infoblox-webhook |
| Infomaniak | https://github.com/M0NsTeRRR/external-dns-webhook-infomaniak |
| Mikrotik | https://github.com/mirceanton/external-dns-provider-mikrotik |
| Myra Security | https://github.com/Myra-Security-GmbH/external-dns-myrasec-webhook |
| Netcup | https://github.com/mrueg/external-dns-netcup-webhook |
| Netic | https://github.com/neticdk/external-dns-tidydns-webhook |
| OpenStack Designate | https://github.com/inovex/external-dns-designate-webhook |
| OpenWRT | https://github.com/renanqts/external-dns-openwrt-webhook |
| PS Cloud Services | https://github.com/supervillain3000/external-dns-pscloud-webhook |
| SAKURA Cloud | https://github.com/sacloud/external-dns-sacloud-webhook |
| Simply | https://github.com/uozalp/external-dns-simply-webhook |
| STACKIT | https://github.com/stackitcloud/external-dns-stackit-webhook |
| Unbound | https://github.com/guillomep/external-dns-unbound-webhook |
| Unifi | https://github.com/kashalls/external-dns-unifi-webhook |
| UniFi | https://github.com/lexfrei/external-dns-unifios-webhook |
| Volcengine Cloud | https://github.com/volcengine/external-dns-volcengine-webhook |
| Vultr | https://github.com/vultr/external-dns-vultr-webhook |
| Yandex Cloud | https://github.com/ismailbaskin/external-dns-yandex-webhook/ |
ExternalDNS supports multiple DNS providers which have been implemented by the ExternalDNS contributors. Maintaining all of those in a central repository is a challenge, which introduces lots of toil and potential risks.
This mean that external-dns has begun the process to move providers out of tree. See #4347 for more details.
Those who are interested can create a webhook provider based on an in-tree provider and after submit a PR to reference it here.
We define the following stability levels for providers:
The following table clarifies the current status of the providers according to the aforementioned stability levels:
| Provider | Status | Maintainers |
|---|---|---|
| Google Cloud DNS | Stable | |
| AWS Route 53 | Stable | |
| AWS Cloud Map | Beta | |
| Akamai Edge DNS | Beta | |
| AzureDNS | Stable | |
| Civo | Alpha | @alejandrojnm |
| CloudFlare | Beta | |
| DNSimple | Alpha | |
| PowerDNS | Alpha | |
| CoreDNS | Alpha | |
| Exoscale | Alpha | |
| Oracle Cloud Infrastructure DNS | Alpha | |
| Linode DNS | Alpha | |
| RFC2136 | Alpha | |
| NS1 | Alpha | |
| TransIP | Alpha | |
| OVHcloud | Beta | @rbeuque74 |
| Scaleway DNS | Alpha | @Sh4d1 |
| GoDaddy | Alpha | |
| Gandi | Alpha | @packi |
| Plural | Alpha | @michaeljguarino |
| Pi-hole | Alpha | @tinyzimmer |
| Alibaba Cloud DNS | Alpha |
Breaking changes were introduced in external-dns in the following versions:
v0.10.0: use of networking.k8s.io/ingresses instead of extensions/ingresses (see #2281)v0.18.0: use of discovery.k8s.io/endpointslices instead of endpoints (see #5493)v0.19.0: don't expose internal ipv6 by default (see #5575) and disable legacy listeners on traefik.containo.us API Group (see #5565)| ExternalDNS | ≤ 0.9.x | ≥ 0.10.x and ≤ 0.17.x | ≥ 0.18.x |
|---|---|---|---|
| Kubernetes ≤ 1.18 | :white_check_mark: | :x: | :x: |
| Kubernetes 1.19 and 1.20 | :white_check_mark: | :white_check_mark: | :x: |
| Kubernetes 1.21 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| Kubernetes ≥ 1.22 and ≤ 1.32 | :x: | :white_check_mark: | :white_check_mark: |
| Kubernetes ≥ 1.33 | :x: | :x: | :white_check_mark: |
There are two ways of running ExternalDNS:
The following tutorials are provided:
$ claude mcp add external-dns \
-- python -m otcore.mcp_server <graph>