Build DigitalOcean domain and DNS record configurations with A, CNAME, MX, TXT, and more.
Last verified: May 2026
Output will appear here...DigitalOcean Domains provides DNS hosting tied to your DO account, with a UI and API that match the rest of the platform. The DO Domain & DNS Builder generates DNS zone configurations including A, AAAA, CNAME, MX, TXT, SRV, and CAA records, validates record-type-specific constraints (apex CNAMEs aren't allowed; MX records need a priority), and outputs Terraform `digitalocean_domain` and `digitalocean_record` resources ready to apply.
Email deliverability for your transactional notifications has been getting worse — 30% of welcome emails are landing in Gmail spam. You generate a proper email DNS suite through the builder: SPF authorizing your sending provider, DKIM with the provider's signing key, and a DMARC record set to `p=quarantine` with reporting. Within 48 hours, deliverability climbs back above 95% and you get the first DMARC aggregate reports showing exactly which IPs are sending mail in your name.
Always set a CAA record. Without it, any public CA can issue a certificate for your domain to anyone who can prove DNS control. With a CAA record listing your chosen CA (Let's Encrypt, DigiCert, etc.), other CAs refuse to issue. Two lines of configuration to close a real attack vector.
Use distinct TXT records for SPF, DKIM, and DMARC rather than concatenating them into one. The maximum TXT string length is 255 characters, and multiple TXT records for the same name are allowed and standard practice.
The builder collects the domain name and a list of records with their type, name (subdomain), value, TTL, and type-specific fields (priority for MX/SRV, flags for CAA). Each record is validated against its RFC-defined constraints — for example, apex CNAMEs are rejected, MX records require a numeric priority. The output is a `digitalocean_domain` resource plus one `digitalocean_record` per record, with explicit dependencies on the domain.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.