Products

DNS Zones

beta

Full DNS zone management for any domain. Manage records via API. Authoritative hosting on xdns nameservers with optional DNSSEC.

Overview

Create a zone for any domain you own, point your registrar's nameserver records at ns1.xdns.wtf and ns2.xdns.wtf, then manage all records via the API. Supports all standard record types, per-record TTLs, and DNSSEC signing.

Quick start

# 1. Create a zone
curl -X POST https://xdns.wtf/api/zones \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"domain":"myapp.com"}'

# {
#   "id": "z_01abc",
#   "domain": "myapp.com",
#   "nameservers": ["ns1.xdns.wtf", "ns2.xdns.wtf"],
#   "status": "pending"
# }

# 2. Point your domain to xdns nameservers (at your registrar)
#    NS → ns1.xdns.wtf
#    NS → ns2.xdns.wtf

# 3. Add records
curl -X POST https://xdns.wtf/api/zones/myapp.com/records \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"type":"A","name":"@","value":"93.184.216.34","ttl":300}'

curl -X POST https://xdns.wtf/api/zones/myapp.com/records \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"type":"CNAME","name":"www","value":"myapp.com","ttl":300}'

curl -X POST https://xdns.wtf/api/zones/myapp.com/records \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"type":"MX","name":"@","value":"mail.myapp.com","ttl":3600,"priority":10}'

Supported record types

Type	Description	Example value
`A`	IPv4 address	`93.184.216.34`
`AAAA`	IPv6 address	`2606:2800:220:1::`
`CNAME`	Canonical name alias	`myapp.vercel.app`
`MX`	Mail exchange (with priority)	`10 mail.myapp.com`
`TXT`	Arbitrary text (SPF, DKIM, DMARC)	`v=spf1 include:...`
`NS`	Nameserver delegation	`ns1.xdns.wtf`
`SRV`	Service location	`10 5 443 sip.myapp.com`
`CAA`	Certificate authority authorization	`0 issue letsencrypt.org`

DNSSEC

Enable DNSSEC to cryptographically sign your zone. xdns generates the KSK/ZSK pair and returns a DS record you submit to your parent zone (registrar).

# Enable DNSSEC
curl -X POST https://xdns.wtf/api/zones/myapp.com/dnssec/enable \
  -H "Authorization: Bearer $TOKEN"

# {
#   "ds_record": "myapp.com. 3600 IN DS 1234 13 2 abc123...",
#   "algorithm": "ECDSAP256SHA256",
#   "key_tag": 1234
# }
# → Submit the DS record to your registrar to complete the chain

Migrate from existing DNS

Import a BIND-format zone file to migrate all records at once:

curl -X POST https://xdns.wtf/api/zones/myapp.com/import \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: text/plain" \
  --data-binary @myapp.com.zone

# Parsed and imported atomically
# { "imported": 14, "skipped": 0, "errors": [] }

API endpoints

POST/api/zonesCreate zone

GET/api/zones/:zoneGet zone + SOA

DELETE/api/zones/:zoneDelete zone + all records

POST/api/zones/:zone/recordsCreate record

GET/api/zones/:zone/recordsList all records

PUT/api/zones/:zone/records/:idUpdate record

DELETE/api/zones/:zone/records/:idDelete record

POST/api/zones/:zone/importImport BIND zone file

POST/api/zones/:zone/dnssec/enableEnable DNSSEC

TTL

TTL is set per record in seconds. Valid range: 60–86400. Default: 300. Lower TTLs mean faster propagation of changes; higher TTLs reduce resolver query load.