Add, update, and delete records
This page describes how to add, update, and delete resource record sets.
To view the list of supported resource record types, seeDNS records overview.
Permissions required for this task
To perform this task, you must have been granted the following permissionsor the following IAM roles.
Permissions
dns.resourceRecordSets.createto create a resource record setdns.resourceRecordSets.deleteto delete a resource record setdns.resourceRecordSets.getto retrieve a resource record setdns.resourceRecordSets.listto list a resource record setdns.changes.createto update aResourceRecordSetcollectiondns.changes.getto fetch the representation of an existingChangedns.changes.listto list changes to aResourceRecordSetcollection
Roles
roles/dns.admin
Before you begin
You must have or create a managed zone before you can create a resource recordset. For details about how to create a managed zone, in which you can createyour resource record set, seeCreate a managed zone.
Add a resource record set
To add a resource record set, follow these steps:
Console
In the Google Cloud console, go to theCloud DNS zones page.
Click the name of the managed zone that you want to add the record to.
On theZone details page, clickAdd standard.
On theCreate record set page, in theDNS name field, enterthe subdomain of the DNS zone—for example,
mail. The trailingdot is automatically added at the end.To create a wildcard DNS record, enter an asterisk—for example,
*.example.com.The at sign (@) does not automatically create an apex record.To create a resource record at the domain apex, leave theDNS namefield blank.
Select theResource record type—for example,
MX.In theTTL field, enter a numeric value for the resource record'stime to live, which is the amount of time that it can be cached. Thisvalue must be a positive integer.
From theTTL unit menu, select the unit of time—for example,
minutes.Depending on the resource record type that you have selected,populate the remaining fields.
To enter additional information, clickAdd item.
ClickCreate.
gcloud
To add a resource record set, use thegcloud dns record-sets create command:
gcloud dns record-sets createRRSET_NAME \ --rrdatas=RR_DATA \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE
Replace the following:
RRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRR_DATA: an arbitrary value associated with the resourcerecord set—for example,198.51.100.5; you can also enter multiplevalues,rrdata1rrdata2rrdata3—for example,198.51.100.510.2.3.4...TTL: the TTL in seconds that the resolver caches thisresource record set—for example,30RRSET_TYPE: theresource record typeof this resource record set—for example,A.MANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffix
API
To add a resource record set, use theresourceRecordSets.create methodmethod:
POST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/MANAGED_ZONE/rrsets{ "name": "RRSET_NAME", "type": "RRSET_TYPE", "ttl":TTL, "rrdatas": [RR_DATA ]}Replace the following:
PROJECT_ID: the ID of the projectMANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffixRRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRRSET_TYPE: theresource record typeof this resource record set—for example,ATTL: the TTL in seconds that the resolver caches thisresource record set—for example,30RR_DATA: an arbitrary value associated with the resourcerecord set—for example,"198.51.100.5"; you can also entermultiple values in a comma-separated list—for example,"198.51.100.5","10.2.3.4".
Terraform
resource "google_dns_managed_zone" "parent_zone" { name = "sample-zone" dns_name = "sample-zone.hashicorptest.com." description = "Test Description"}resource "google_dns_record_set" "default" { managed_zone = google_dns_managed_zone.parent_zone.name name = "test-record.sample-zone.hashicorptest.com." type = "A" rrdatas = ["10.0.0.1", "10.1.0.1"] ttl = 86400}Add a collection of resource record sets in a transaction
You can add multiple resource record sets by creating a transaction thatspecifies the changes. A transaction is a group of one or more DNS recordchanges that must be applied as a unit. The entire transaction either succeedsor fails, ensuring your data is never left in an inconsistent state. You cancreate a transaction only by using the gcloud CLI or theCloud DNS API.
To create a transaction, follow these steps:
gcloud
To start a transaction, use the
gcloud dns record-sets transaction startcommand:gcloud dns record-sets transaction start \ --zone=MANAGED_ZONE
Replace
MANAGED_ZONEwith the name of the managedzone whose resource record sets you want to manage—for example,my-zone-name.To add a resource record set as part of a transaction, use the
gcloud dns record-sets transaction addcommand:gcloud dns record-sets transaction addRR_DATA \ --name=DNS_NAME \ --ttl=TTL \ --type=RECORD_TYPE \ --zone=MANAGED_ZONE
Replace the following:
RR_DATA: an arbitrary value associated with theresource record set—for example,198.51.100.5; you can alsoenter multiple values,rrdata1rrdata2rrdata3—forexample,198.51.100.510.2.3.4...DNS_NAME: the DNS or domain name of the record setto add—for example,test.example.comTTL: the time to live (TTL) for the record set in numberof seconds—for example,300RECORD_TYPE: therecord type—forexample,A.MANAGED_ZONE: the name of the managed zone whoseresource record sets you want to manage—for example,my-zone-name
To execute the transaction, use the
gcloud dns record-sets transaction executecommand:gcloud dns record-sets transaction execute \ --zone=MANAGED_ZONE
To add a wildcard transaction, use the
gcloud dns record-sets transaction addcommand:gcloud dns record-sets transaction add \ --zone=MANAGED_ZONE \ --name=WILDCARD_DNS_NAME \ --type=RECORD_TYPE \ --ttl=TTL
Replace the following:
MANAGED_ZONE: the name of the managed zone whoseresource record sets you want to manage—for example,my-zone-nameWILDCARD_DNS_NAME: the DNS or domain name of theresource record set that you want to add—for example,*.example.com.(note the trailing dot)RECORD_TYPE: therecord type—forexample,CNAME.TTL: the TTL for the record set in numberof seconds—for example,300
API
To create a transaction with new resource record sets, use thechanges.create method:
POST https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/MANAGED_ZONE/changes
{ "deletions": [] "additions": [ { "name":DNS_NAME, "type":RECORD_TYPE, "ttl":TTL, "rrdatas": [RR_DATA ] } ]}Replace the following:
PROJECT_ID: your project IDMANAGED_ZONE: your managed zone name or IDDNS_NAME: the DNS or domain name of the recordset—for example,test.example.com.(note the trailing dot)RECORD_TYPE: therecord typeTTL: the time to live (TTL) for the record set in number ofseconds—for example,30RR_DATA: an arbitrary value associated with the resourcerecord set—for example,198.51.100.5; you can also enter multiplevalues,rrdata1rrdata2rrdata3—for example,198.51.100.510.2.3.4...
To deliver email to your domain, you must addMX records to your zone. If youuse Google Workspace as your Simple Mail Transfer Protocol (SMTP) provider, seetheSet up Google WorkspaceMXrecords support page. Otherwise,use theMX record details from your provider and follow the setupprocess described for Google Workspace.
View resource record sets for a zone
To view resource record sets for a zone, follow these steps:
Console
In the Google Cloud console, go to theCloud DNS page.
On theZones tab, click the zone for which you want to view the resource record sets.
TheZone details page shows the details of all the resource record setsin that zone.
gcloud
To view the DNS records for your zone, use thegcloud dns record-sets list command:
gcloud dns record-sets list \ --zone="ZONE_NAME"
ReplaceZONE_NAME with the name of a DNS zone inyour project.
The command outputs the JSON response for the resource record set forthe first 100 records. You can specify these additional parameters:
--limit: maximum number of record sets to list--name: only list resource record sets with this exact domain name--type: only list records of this type; if present, the--nameparametermust also be present
API
To view the DNS records for your zone, use theresourceRecordSets.list method:
GET https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/MANAGED_ZONE/rrsets
Replace the following:
PROJECT_ID: the ID of the projectMANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffix
View details of a resource record set
This procedure assumes that you have already created a resource record setwithin the managed Cloud DNS zone.
To view the details of an existing resource record set, follow these steps:
Console
In the Google Cloud console, go to theCloud DNS zones page.
Click the zone that contains the resource record set.
Click the resource record set for which you want to view the details.
TheResource record set details page displays the details of the resourcerecord set.
gcloud
To view the details of an existing resource record set, use thegcloud dns record-sets describe command:
gcloud dns record-sets describeRRSET_NAME \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE
Replace the following:
RRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRRSET_TYPE: theresource record typeof this resource record set—for example,A.MANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffix
API
To get the details of an existing resource record set, use theresourceRecordSets.get method:
GET https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/MANAGED_ZONE/rrsets/RRSET_NAME/RRSET_TYPE
Replace the following:
PROJECT_ID: the ID of the projectMANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffixRRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRRSET_TYPE: therecord typeof this resource record set—for example,A.
Update a resource record set
To modify a record set, follow these steps:
Console
To apply a partial update to an existing resource record set,follow these steps:
In the Google Cloud console, go to theCloud DNS zonespage.
Click the zone for which you want to update the resource record set.
On theZone details page, next to the resource record set that youwant to update, clickeditEdit.
After making the necessary updates, clickSave.
CNAME record, in which caseonly theCNAME record can exist.gcloud
To apply a partial update to an existing resource record set, use thegcloud dns record-sets update command:
gcloud dns record-sets updateRRSET_NAME \ --rrdatas=RR_DATA \ --ttl=TTL \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE
Replace the following:
RRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRR_DATA: an arbitrary value associated with the resourcerecord set—for example,198.51.100.5; you can also enter multiplevalues,rrdata1rrdata2rrdata3—for example,198.51.100.510.2.3.4...TTL: the TTL in seconds that the resolver caches thisresource record set—for example,30RRSET_TYPE: theresource record typeof this resource record set—for example,A.MANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffix
API
To apply a partial update to an existing resource record set, usetheresourceRecordSets.patch method:
PATCH https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/MANAGED_ZONE/rrsets/RRSET_NAME/RRSET_TYPE{ "ttl":TTL, "rrdatas":RR_DATA, "update_mask": { "paths": ["rrset.ttl", "rrset.rrdatas"] }}update_mask is required when calling the API directly withoutgcloud.Replace the following:
PROJECT_ID: the ID of the projectMANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffixRRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRRSET_TYPE: theresource record typeof this resource record set—for example,A.TTL: the TTL in seconds that the resolver caches thisresource record set—for example,30RR_DATA: an arbitrary value associated with the resourcerecord set—for example,198.51.100.5; you can also enter multiplevalues,rrdata1rrdata2rrdata3—for example,198.51.100.510.2.3.4...
Delete resource record sets
When you delete resource record sets, their DNS records are permanently removed;they cannot be recovered. To prevent losing your DNS records, export theresource record sets before deletion. For information about howto export resource record sets, seeImport and export resource record sets.
Cloud DNS public zonesare authoritative, and the name server (NS) and start of authority (SOA)record types are located at the zone apex, which is the root of that domain.Cloud DNS automatically createsNS andSOA records at the zoneapex. These records can't be deleted by using the Cloud DNS APIand are automatically deleted when the zone is deleted. For more information,seeRFC 1034.
To delete resource record sets, follow these steps:
Console
In the Google Cloud console, go to theCloud DNS page.
Records for the zone are listed on theZone details page.
To delete resource record sets in a zone, click the name of the zone.
Next to the resource record sets that you want to delete, select the checkbox.
ClickDelete record sets.
gcloud
To delete an existing resource record set, use thegcloud dns record-sets delete command:
gcloud dns record-sets deleteRRSET_NAME \ --type=RRSET_TYPE \ --zone=MANAGED_ZONE
Replace the following:
RRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRRSET_TYPE: theresource record typeof this resource record set—for example,A.MANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffix
API
To delete an existing resource record set, use theresourceRecordSets.delete method:
DELETE https://dns.googleapis.com/dns/v1/projects/PROJECT_ID/managedZones/MANAGED_ZONE/rrsets/RRSET_NAME/RRSET_TYPE
Replace the following:
PROJECT_ID: the ID of the projectMANAGED_ZONE: the managed zone that thisresource record set is affiliated with—for example,my-zone-name;the name of this resource record set must have the DNS name of themanaged zone as its suffixRRSET_NAME: the DNS name that matches the incomingqueries with this zone's DNS name as its suffix—for example,test.example.comRRSET_TYPE: theresource record typeof this resource record set—for example,A.
Import and export resource record sets
To copy resource record sets into and out of a managed zone, you can useimport andexport commands. You can import from and export to either the BIND zone fileformat or the YAML file format.
gcloud
To import a resource record set, use the
dns record-sets importcommand:gcloud dns record-sets import -z=ZONE_NAME
If you want to specify the file format of the zone file, use the previouscommand with the
--zone-file-formatflag. If you omit the flag, you mustprovide a YAML format zone file.Replace
ZONE_NAMEwith a new name for your zone.When you use the
gcloud dns record-sets importcommand with the--replace-origin-nsflag, it replaces the NS records for the zone with theNS records specified in the zone file. These records must match thenameserversassigned by Cloud DNS to host the zone. They must also matchtheNSrecords specified in the parent(delegating) zone. By default, Cloud DNS does not overwriteNSrecords. If you use this flag, you must verify that theNSrecords arecorrect.When you import record sets as a BIND zone-formatted file, remove the atsign (@) that denotes the zone's apex. In the BIND zone-formatted file, fora DNS name like
Caution: Some DNS implementations and providers export BIND zone-formatted fileswithout trailing dots (example.com, the at sign (@) refers toexample.com..However, in Cloud DNS, the at sign (@) is treated literallywhen defining record names. To create a resource record set for thezone's apex in Cloud DNS, use the full domain name—forexample,example.com...) on domain name data inCNAME,MX,PTR, and otherrecords. In zone files, Cloud DNS follows RFC standards andinterprets all domain names without a trailing dot (.) as relative to theDNS name of the zone. Therefore, importing the following MX records intoa zone with the DNS nameexample.comresults in identical(and probably undesired) records for both:in.smtp IN MX 5 gmail-smtp-in.l.google.comin.smtp.example.com. IN MX 5 gmail-smtp-in.l.google.com.example.com.
To import your zone files, add a trailing dot (
.) to the end ofany domain names that must be fully qualified.
To export a resource record set, use the
dns record-sets exportcommand.To specify that the resource record sets are exported into a BINDzone-formatted file, use the--zone-file-formatflag. For example:example.com. 21600 IN NS ns-gcp-private.googledomains.com.example.com. 21600 IN SOA ns-gcp-private.googledomains.com.cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300host1.example.com. 300 IN A 192.0.2.91
If you omit the
--zone-file-formatflag,exportexports the resource record set into a YAML-formatted records file:gcloud dns record-sets export example.zone -z=examplezonename
For example:
---kind:dns#resourceRecordSetname:example.com.rrdatas:-ns-gcp-private.googledomains.com.ttl:21600type:NS---kind:dns#resourceRecordSetname:example.com.rrdatas:-ns-gcp-private.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300ttl:21600type:SOA---kind:dns#resourceRecordSetname:host1.example.com.rrdatas:-192.0.2.91ttl:300type:ACloud DNS supports the
ALIASrecord type, which isn't a standard DNSrecord type and isn't supported inBIND. If you're exporting resource recordsets toBIND,ALIASrecords are skipped. If a zone has a routing policy,it is exported as a record with empty resource record data (rrdata).
What's next
- To get information about
gcloudcommands for resource record sets, seegcloud dns record-sets. - To check the status of
gcloudor API operations, seeMonitor DNSpropagation. - To find solutions for common issues that you might encounter when usingCloud DNS, seeTroubleshooting.
- To get an overview of Cloud DNS, seeCloud DNS overview.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.