Introduction to the Domain Name System
Learn what DNS is, and how to utilize it to configure your domain name to Pantheon's servers.
Contributors: Alex Fornuto.
Discuss in our Forum Discuss in SlackDNS stands for Domain Name System, and it's the protocol by which domain names are pointed to the servers that host content. When adding a custom domain to your site, we provide the values for your DNS records, to be assigned with your DNS service provider:
While Pantheon does not offer DNS management services, we can help you to understand how DNS works, and configure your domain to point to your Pantheon site.
DNS Provider Instructions
DNS Host-Specific Instructions
DNS Terminology
- TLD
Stands for Top Level Domain. This is the last piece of your website URL (
.com,.net,.org, etc)- Registrar
The service through which you purchase a domain name. Most registrars also offer DNS management services.
- Domain
The last section of your website name before the TLD, the domain is what you purchase from the Registrar.
- Subdomain
Separate by periods (
.), subdomains precede the domain name.wwwis the most commonly seen subdomain. Subdomains can also stack (example:www.something.example.com).- Authoritative Name Server
The service that publishes your domain's DNS records
DNS Record Types
| Name | Description |
|---|---|
A | Points a domain or subdomain to an IPv4 address. |
AAAA | Points a domain or subdomain to an IPv6 address. |
CNAME | Points a domain or subdomain |
MX | Used to specify email servers. Note that Pantheon does not offer email services, so your MX records shouldn't be pointed at Pantheon. |
TXT | These are generic records, used by many services for different things. |
NS | Specifies where the authoritative name servers for this domain are. |
DNS propagation
Every DNS record has a Time To Live (TTL) value, which specifies how long any DNS server should hold that record, before dropping it and asking for a new version from its upstream DNS provider. TTLs are usually set in seconds with a few common ones being 86400 (24 hours), 43200 (12 hours), 3600 (1 hour), and 500 (5 minutes).
DNS Propagation is the time it takes for changes made to DNS records to be reflected across DNS servers globally. A lower TTL value means faster propagation, but it's important to note that it is not a 1:1 ratio. Between your authoritative name server and the DNS servers of any particular ISP could be any number of intermediate DNS servers. Each server in that chain will wait for the records it holds to expire before requesting new ones. Because of this, it can take several times longer than your record's TTL value to see changes reflected for everyone.
DNS Migration Prep
When you're planning a site migration, follow these simple steps to help minimize DNS-related downtime:
Lower the TTL values as low as allowed (usually
500) several days in advance at your DNS service manager. That way when the values are changed, new records are propagated faster.Use
digto confirm the new TTL values have propagated to your ISP's DNS servers:dig +nocmd +noall +answer pantheon.io pantheon.io. 60 IN A 23.185.0.2In the example above, the TTL of the A record for
pantheon.iois 60 seconds.Once the migration is complete, raise the TTL values back to
3600(24 hours) to improve stability in case of a DNS service outage.
Frequently Asked Questions
Where are my DNS records hosted?
DNS Records are hosted by an authoritative name server. This may or may not also be the registrar who you purchased the domain name from. You can use the command line tool dig to look up the NS record for a domain to find the name server:
dig +short ns pantheon.io
ns-1096.awsdns-09.org.
ns-148.awsdns-18.com.
ns-1857.awsdns-40.co.uk.
ns-924.awsdns-51.net.The example above shows that the records for pantheon.io are hosted by AWS.
To find the registrar where your domain is registered, use the command line tool whois:
whois pantheon.io | grep Registrar:
Registrar: Gandi SASThe example above uses | grep Registrar: to filter the results to what we're looking for specifically. Remove it to see the full output of the whois command. Our example shows that the domain pantheon.io is registered with Gandi.
Note
Your registrar may appear to have DNS records for your domain and still not be the authoritative name server. Use dig as described above to confirm the name server in use.
Can I buy my domain or manage DNS with Pantheon?
No, Pantheon is neither a domain registrar nor a DNS manager. Many platforms and hosting providers offer DNS servers and while it's convenient, it's often inflexible. Providers that offer nameservers usually build other features (like HTTPS) in a way that will only work for customers who use the provided nameservers. This approach is fine until it interferes with more advanced deployments.
Learn More
Pantheon is built to support advanced website deployment needs, and that means allowing site owners to use the DNS provider of their choice. If Pantheon required specific nameservers, it would interfere with these major use cases (among others):
- Large organizations and institutions with Information Technology departments that operate or configure DNS. If Pantheon required use of particular DNS servers, it would interfere with the ability to use Pantheon for the organization's websites.
- Digitally signing DNS records using a system like DNSSec. While it would be technically possible for Pantheon to host records signed offline, it's much easier for interested organizations to operate their own DNS or choose a provider that supports the desired signing methods.
- Uncommon record types. If Pantheon required use of specific nameservers, it's unlikely that all of the desired record types would be available, particularly legacy ones.
- Programmatic updates. Such use cases include domain control validation for obtaining certificates and automated responses to security events. Different DNS services support different update APIs, and it's unlikely Pantheon would ever be able to support them all.
If your site doesn't have these advanced needs, there are free and inexpensive options outside of Pantheon. We recommend considering your domain registrar's DNS services, Amazon Route 53, Google Cloud DNS, or Cloudflare.
Why does the www subdomain redirect to the bare domain?
Some DNS providers provide a default CNAME record for www pointing to @ (the bare domain). Remove these records and replace them with the records suggested by the Pantheon Site Dashboard.
Note that if the Platform detects a CNAME record, the DNS Status will show Remove this detected record on the line with the CNAME. Remove the CNAME from the DNS management service to avoid potential issues or interruptions.
What are AAAA records, and do I need them?
AAAA or "quad-A" records are used to assign IPv6 addresses to domain names. While most of the internet still uses IPv4, the address pool has been exhausted and IPv6 became the standard as of July 14th, 2017.
AAAA records are not required, but recommended as a best practice for performance, especially for mobile devices.
Pantheon provides IPv6 addresses for you to assign AAAA records to. If your DNS service does not support AAAA you can simply omit these records for now, but consider asking your provider to add functionality, as the need for IPv6 will only increase in the future.
Some DNS service providers require expanded AAAA records. You can retrieve the expanded version for each AAAA record by using the IPv6 conversion tool and copying the "IPv6 longest" result.
What about my MX records for email?
Pantheon does not provide email services. Make sure your DNS records include an MX record that points to a subdomain (like mail), which in turn has an A or CNAME record pointing it to your email provider.
What is the difference between an A and CNAME record?
An A record points a domain name to an IPv4 address. A CNAME record points a domain name to another domain, but does not redirect to it.
Pantheon provides A and AAAA values:
Learn More
In the past, Pantheon used a mix of A/AAAA and CNAME records. We've since standardized to only A/AAAA, which reduces complexity and confusion. CNAME records introduce an additional point of failure by requiring an additional lookup from CNAME to A before getting an IP address.
Additionally, the use of an MX or TXT record prevents the use of a CNAME, and vice versa.
Why does my domain say "Update Recommended?"
The Status in Domains / HTTPS will show as Update Recommended when the Platform detects a CNAME record pointed to Pantheon, or when A/AAAA records are not detected.
Click Details to find the values required for A and AAAA records to add, or to find the CNAME detected on the line with Remove this detected record in the status.
Log in to your DNS provider to make the recommended changes. We have instructions for many popular DNS providers to help make the required adjustment.
Can I override DNS locally?
Yes! You can modify your local hosts file, which takes precedence over DNS:
Note that modifying the hosts file usually requires administrative privileges from the OS.
The location of the hosts file varies depending on your operating system:
- MacOS / Linux:
/etc/hosts - Windows:
C:\\Windows\System32\Drivers\etc\hosts
Add lines to your operating system's hosts file in the following format:
203.0.113.10 example.com
203.0.113.20 www.example.comIn the example above, replace the IP addresses with those provided by Pantheon, and the domains with your own.