Docs

View as Markdown

Providers

A provider is a connection to the service that hosts your DNS. Once connected, DNScheck imports your zones, keeps their records in sync, and records every change it detects. You can also edit records straight from the dashboard.

DNScheck currently supports three providers:

Connecting a provider

  1. Go to Providers and click Connect provider.
  2. Pick the provider type and give the connection a name (just for your reference).
  3. Enter the credentials below and click Connect.

DNScheck tests the credentials before saving and then syncs your zones. Credentials are stored encrypted and are never shown again after you save them — to rotate them, reconnect the provider.

A note on permissions. DNScheck can both read your records (to monitor them) and edit them (from the dashboard). The credentials below therefore need write access, not just read. If you only want monitoring, you can use read-only credentials — editing from DNScheck will simply fail until you grant write access.

Cloudflare

You need: an API token.

  1. In the Cloudflare dashboard, go to My Profile → API Tokens → Create Token.
  2. Use the Edit zone DNS template, or create a custom token with the Zone › DNS › Edit permission.
  3. Scope it to the zones you want DNScheck to manage, then create the token and copy it.
  4. In DNScheck, choose Cloudflare, paste the token into API token, and connect.

Cloudflare is the only provider that exposes the proxied (orange-cloud) flag, so DNScheck shows and lets you toggle it on Cloudflare records. Editable record types include A, AAAA, CNAME, MX, TXT, NS, SRV, and CAA. If Cloudflare rate-limits a request, DNScheck surfaces the error so you can try again in a moment; monitoring continues on the normal sync schedule.

DigitalOcean

You need: a Personal Access Token.

  1. In the DigitalOcean control panel, go to API → Tokens → Generate New Token.
  2. Give it read and write scope.
  3. Copy the token.
  4. In DNScheck, choose DigitalOcean, paste the token into API token, and connect.

DigitalOcean does not have a proxy concept, so the proxied flag is never shown for these records. Priority is supported for MX and SRV records. Record names are normalised to fully-qualified form for consistency.

AWS Route 53

You need: an IAM access key (access key ID + secret access key), and optionally a region.

  1. In the AWS IAM console, create (or reuse) a user or role and attach a policy allowing:
    • route53:ListHostedZones
    • route53:ListResourceRecordSets
    • route53:ChangeResourceRecordSets
  2. Create an access key for that identity and copy the access key ID and secret access key.
  3. In DNScheck, choose AWS Route 53, paste both values, and connect. Region is optional — Route 53 is a global service and DNScheck defaults to us-east-1 for the control plane.

Some Route 53 records are managed by AWS and can't be edited through DNScheck. These are shown as read-only:

  • SOA records
  • Apex NS records (the nameservers for the zone itself)
  • Alias records (Route 53's pointer-to-AWS-resource records)
  • Records that use routing policies (weighted, latency, geolocation, etc.)

DNScheck still monitors these read-only records and reports changes — it just won't let you edit them from the dashboard.

Testing and removing a connection

From the Providers list you can test a connection at any time (DNScheck re-checks the credentials and zone access) or delete it. Deleting a provider stops monitoring its zones; it does not change anything at the provider.

Need help?

Contact us and we'll help you get connected.

Explore DNScheck with a 14-day free trial. No card required.

Sign up for free