aigw documentation

Hosted authoritative DNS with built-in global load balancing, health checks, and TLS issuance. Everything below is real today; if a sentence here doesn’t match what’s in the app, tell us at support@aigw.app and we’ll fix it.

Get started

New here? The Quickstart takes you from zero to a live, dig-able record in five copy-paste commands.

The short version:

1. Sign up at console.aigw.app, magic link, no password.
2. Add your first zone. Console → Zones → New. Paste your domain name; we generate sensible SOA + NS records automatically.
3. Delegate. Copy the NS records from the zone’s delegation banner into your registrar. Propagation is usually under 5 minutes.
4. Add a record. Click New record, pick A, type your IP. Done.

That’s all you need to be authoritative. Everything else, pools, health checks, ANAME, TLS, is opt-in.

What’s here

Records & DNS

• Record types: A, AAAA, CNAME, ANAME, MX, SRV, CAA, PTR, TXT, plus the GSLB types (POOL, GEO, CANARY).

Load balancing

• Pools & members: selection methods (weighted, active-passive, round-robin), member priority, attaching to records.

TLS

• Issue & renew: UI flow, CLI, CAA pre-flight, the cert coverage gap detector.

Security

• DNSSEC: one-click signing with ECDSA P-256. Online signing at the edge (so GSLB and CANARY answers sign cleanly), automatic ZSK rollovers, supervised disables, and a guided KSK rollover.
• Query firewall: refuse queries by source CIDR, country, qtype, or per-source rate.
• Refused-query forensics: a live view of who’s hitting your firewall right now, with source IP and country.

Secondaries

• Zone transfers (AXFR): serve your own secondary nameservers from aigw. Per-zone source CIDR allow-list, optional TSIG.

API

• Reference: full OpenAPI spec, all customer endpoints.
• Error codes: what each httperr slug means and how to recover.

Infrastructure as code

• Terraform provider: manage zones, records, GSLB pools, monitors, policies, notification channels, and TLS certs as code with the official doon-io/aigw provider.

Migrating from another provider

• Route 53
• Cloudflare
• Namecheap
• Hetzner DNS

Conventions in these docs

• Examples use example.com as the zone, substitute your own.
• IPs in examples are reserved blocks (203.0.113.0/24, 2001:db8::/32) per RFC 5737/3849. They’re safe to copy-paste; they won’t route.
• “The edge” is the authoritative DNS layer that answers queries. “The API” is the control plane behind the console, CLI, and Terraform provider.