DNS & Domain APIs

If you're building anything multi-tenant ("yourcustomer.com points at our app"), or doing devops at scale, you'll need a DNS provider with a real API.

DNS providers (with first-class APIs)

• ★ Cloudflare DNS — free, fast, great API, the default. Cloudflare for SaaS solves custom hostnames out of the box.
• AWS Route 53 — feature-rich; latency / weighted / failover routing; pricier per query.
• Google Cloud DNS — clean API; pricier.
• NS1 / IBM — advanced traffic steering; enterprise.
• Vercel DNS — bundled if your project's on Vercel.
• deSEC — free, open-source, EU-based, REST API.
• Bunny DNS — cheap, fast.
• DigitalOcean DNS — free; basic but works.

Custom hostnames / SNI for SaaS

• ★ Cloudflare for SaaS — issues TLS certs and routes traffic for yourcustomer.com; free up to 100 hostnames, paid above.
• Approximated — multi-tenant TLS-as-a-service; aimed at SaaS.
• Cloudflare Workers Custom Domains — straightforward in Workers.
• Vercel Domains API — programmatic for Vercel-hosted projects.
• Render / Fly Custom Domains — supported via API.
• AWS ACM + CloudFront — DIY route.

Registrars (with APIs)

• ★ Cloudflare Registrar — at-cost domain prices, no upsells.
• Namecheap — cheap, decent API.
• Porkbun — cheap, modern, friendly API.
• Gandi, Hover — boring options that work.
• AWS Route 53 Domains — bundle with Route 53 hosting.
• Google Domains — sold to Squarespace; less recommended.

Tooling / abstraction

• OctoDNS — DNS-as-code; multi-provider sync.
• External-DNS — Kubernetes operator that syncs services to DNS records.
• dnscontrol — Stack Overflow's DNS-as-code tool.
• Terraform / OpenTofu providers — every DNS service has one.
• Pulumi — same.

Diagnostics / inspection

• dnsperf, resperf — perf testing.
• dig, dog (Rust replacement), nslookup, host — CLI standards.
• dns2 / dns-packet — Node DNS protocol libraries.
• DNS Checker / IntoDNS / MXToolbox / DNS.coffee — web-based inspectors.

DNS-over-HTTPS / DNS-over-TLS

• @cloudflare/dnscloak patterns, NextDNS, AdGuard DNS, dnscrypt-proxy — for clients.
• For your app, mostly relevant when integrating with managed DNS-over-HTTPS providers.

Use cases for the DNS API specifically

• Verify domain ownership — create a TXT record, check it propagated.
• Auto-issue TLS for customer domains — Cloudflare for SaaS, Vercel, Approximated.
• Programmatic subdomain creation — customer1.yourapp.com, customer2.yourapp.com.
• Load balance / failover — Route 53, NS1, Cloudflare load balancing.
• DKIM / SPF / DMARC setup for transactional email; see Email.

Pick this if…

• Default DNS, free, great API: Cloudflare DNS.
• Multi-tenant SaaS custom domains: Cloudflare for SaaS or Approximated.
• DNS as code: OctoDNS or dnscontrol.
• Cheap registrar: Cloudflare Registrar or Porkbun.
• EU-based / privacy-focused: deSEC.