Cloud DNS API

Name: Cloud DNS API API
Brand: Cloud DNS API
Availability: InStock

✓ Official Vendor SpecCloud InfrastructureNetworkingoauth240 EndpointsREST

For Agents

Manage authoritative DNS zones, records, and DNSSEC programmatically across public and private zones on Google Cloud.

Quickstart

Get started with Cloud DNS API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"add a DNS record to a Google Cloud managed zone"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Cloud DNS API API.

Create, list, and delete managed DNS zones (public and private)

Apply atomic record-set changes via the changes endpoint with additions and deletions

Sign zones with DNSSEC and rotate DNS keys

Configure response policies and rules to override DNS resolution

GET STARTED

Start building with Cloud DNS API API

Explore with Jentic

View OpenAPI Document

Google Cloud DNS is a high-availability, low-latency authoritative DNS service. The API exposes managed zones, resource record sets, atomic change transactions, DNSSEC keys, response policies, and per-project DNS policies so platform teams can automate authoritative DNS at scale across public and private (split-horizon) zones. It supports BIND zone files, DNSSEC, and integration with Google Cloud VPC for private DNS resolution.

Use Cases

Patterns agents use Cloud DNS API API for, with concrete tasks.

★ Atomic DNS Record Updates

Use the changes endpoint to apply DNS updates atomically — additions and deletions go together as one transaction. Operators encode a deploy in a Change request: add the new A record, remove the old one. Cloud DNS guarantees both apply or neither, avoiding the dangling-record problem common in scripted updates.

Submit a change to managed zone example-com that adds an A record api.example.com pointing to 35.190.10.20 and deletes the prior A record pointing to 35.190.10.10.

DNSSEC Lifecycle Management

Enable DNSSEC on a managed zone and manage key rotation through the dnsKeys endpoints. Platform teams pull the key-signing key info, publish DS records at the registrar, and verify chain-of-trust automatically. The API exposes algorithm, key-tag, and digest fields needed for parent-zone delegation.

Update managed zone example-com to set dnssecConfig.state to ON, then list dnsKeys for that zone and return the keySigning key tag and digest.

Private VPC DNS for Microservices

Stand up private DNS zones bound to a VPC so internal services resolve via DNS instead of hardcoded IPs. The managedZones endpoint creates a zone with visibility set to PRIVATE and a private network binding; rrsets populate per-service A records. Useful for Kubernetes, GCE, and Cloud Run service discovery without an external resolver.

Create a private managed zone services.internal scoped to VPC default in project p-prod, then add A records for cart.services.internal, orders.services.internal, and inventory.services.internal.

Agent-Driven Record Hygiene

Through Jentic, an AI agent can list every record set across all managed zones in a project, flag records pointing to deallocated IPs, and propose a clean-up change for human approval. Credentials are scoped per agent run by the MAXsystem vault — the operator sees a summary without the agent ever seeing raw service-account keys.

Use Jentic to list managedZones for project p-prod, then for each zone list rrsets, returning record sets whose A target IP is no longer present in Compute Engine.

Key Endpoints

40 endpoints — google cloud dns is a high-availability, low-latency authoritative dns service.

METHOD

PATH

DESCRIPTION

GET

/dns/v1/projects/{project}/managedZones

List managed zones in a project

POST

/dns/v1/projects/{project}/managedZones

Create a managed zone

GET

/dns/v1/projects/{project}/managedZones/{managedZone}

Get a managed zone

POST

/dns/v1/projects/{project}/managedZones/{managedZone}/changes

Apply an atomic record-set change

GET

/dns/v1/projects/{project}/managedZones/{managedZone}/dnsKeys

List DNSSEC keys for a managed zone

GET

/dns/v1/projects/{project}/managedZones

List managed zones in a project

POST

/dns/v1/projects/{project}/managedZones

Create a managed zone

GET

/dns/v1/projects/{project}/managedZones/{managedZone}

Get a managed zone

POST

/dns/v1/projects/{project}/managedZones/{managedZone}/changes

Apply an atomic record-set change

GET

/dns/v1/projects/{project}/managedZones/{managedZone}/dnsKeys

List DNSSEC keys for a managed zone

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google OAuth tokens for Cloud DNS are stored encrypted in the Jentic vault (MAXsystem). Agents receive scoped, short-lived tokens with the ndev.clouddns scope only — service-account keys never enter the agent runtime.

Intent-based discovery

Agents search by intent (e.g., 'add a DNS A record') and Jentic returns the matching changes.create operation with its parameter schema across the 40-endpoint surface.

Time to first call

Direct Cloud DNS integration: 1-2 days for OAuth, zone/record CRUD, change polling, and DNSSEC setup. Through Jentic: under 1 hour — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Compute Engine API

Manages VMs, networks, and IPs that Cloud DNS records typically point to

Use Compute Engine to allocate addresses; use Cloud DNS to map names to those addresses.

Complementary

Kubernetes Engine (GKE) API

Manages clusters whose services often need private DNS records

Use GKE for cluster lifecycle; use Cloud DNS to bind external or private DNS names to cluster ingress endpoints.

Alternative

Cloud Domains API

Domain registration and renewal — different concern from authoritative DNS

Choose Cloud Domains to register or renew a domain; choose Cloud DNS to host its zone and records.

FAQs

Specific to using Cloud DNS API API through Jentic.

What authentication does the Cloud DNS API use?

OAuth 2.0 with the cloud-platform or ndev.clouddns.readwrite scope. Through Jentic, OAuth tokens are scoped per agent run and stored encrypted in the MAXsystem vault, so service-account JSON keys never enter the agent runtime.

Can I make atomic DNS updates with Cloud DNS?

Yes. The changes endpoint at /dns/v1/projects/{project}/managedZones/{managedZone}/changes accepts a list of additions and deletions in one request and applies them as a single transaction — both apply or neither does.

What are the rate limits for the Cloud DNS API?

Cloud DNS enforces per-project write quotas (default 240 changes per minute) and per-zone limits on records (default 10,000). Read quotas are higher. Check current quotas in the Google Cloud Console under APIs and Services.

How do I list managed zones through Jentic?

Search 'list Google Cloud DNS managed zones', load the schema for /dns/v1/projects/{project}/managedZones, then execute it with your project ID. Jentic returns the parsed zone list.

Does Cloud DNS support DNSSEC?

Yes. Set dnssecConfig.state to ON on a managed zone and Cloud DNS generates the signing keys. Use the dnsKeys endpoint to retrieve the key-signing key fingerprint and publish a DS record at the registrar to complete the chain.

Is the Cloud DNS API free?

No. Cloud DNS charges per managed zone per month and per million queries. The first 25 zones and first billion queries each month are at base rates; beyond that, tiered pricing applies. Check current pricing in the Google Cloud Console.