A DNS zone is a logical space with domain names of your resources. You can use DNS zones to manage the hierarchy of your cloud resources and route DNS requests. For example, you can place your test VMs in a zone named
testing. and production VMs in a zone named
production.. DNS zones contain resource records.
There are two types of DNS zones: public and internal.
Domain names in public zones are available from the internet. If you have a registered domain, you can delegate it. To do this, specify the addresses of Yandex.Cloud name servers from the
NS record at your registrar:
You can't create public top-level domain (TLD) zones.
For security reasons, public subzones may only coexist in a single folder. Remember this when organizing the structure of your domain names. For more complex scenarios, contact support.
Currently, there is no verification of domain ownership. You can use a domain zone, but if it's not registered to you, you may lose access to it. If you notice that your domain name is taken, contact support to confirm your ownership of the domain.
Domain names from internal zones are only available for use in Virtual Private Cloud networks specified when creating a zone. Within internal zones, you can use the entire namespace in the subnets of the selected network, including
A created internal zone overlaps public zones. If you create an internal zone named
yandex.ru. subdomains in this VPC network, which are accessible from the internet, will be inaccessible.
Several internal zones are automatically created in VPC networks:
These zones contain records with internal FQDNs of VMs and MDB database names, VM user names, and reverse records. You can't edit zones that are created automatically.
To increase fault tolerance, some traffic can be routed to third-party recursive resolvers. To avoid this, contact support.
Creating subzones in different folders
You can create subzones in different folders. For instance, the
example.com. zone is created in a folder named
my-folder. In this case, you can create subzones named
production.example.com. in the
my-production-folder folders, respectively.
To create subzones in different folders, assign a user or service account the
editor role for the folder hosting the zone that the created subzones will be part of.