DNS & DNSSEC
Authoritative DNS with signed zones, secondary DNS and a DNS firewall.
What it is
Manage authoritative records for your domains. Anycast resolution from every PoP gives sub-30 ms answers globally. DNSSEC signs zones with NSEC3; one-click rotation. DNS Firewall blocks resolution to known-malicious destinations. Secondary DNS pulls zones from your existing primary if you want a smooth migration.
When to use it
- Move your authoritative DNS to AIARCO and reduce per-query cost.
- Sign zones with DNSSEC without operating your own KSK / ZSK rotation.
- Block resolution to phishing and malware C2 from your end users.
Quickstart
asc edge dns zones create example.com
asc edge dns records add example.com A api 1.2.3.4 --ttl 300
asc edge dns dnssec enable example.comclient.edge.dns.zones.create('example.com')
client.edge.dns.records.add(zone='example.com', type='A', name='api', value='1.2.3.4', ttl=300)
client.edge.dns.dnssec.enable(zone='example.com')await client.edge.dns.records.add({ zone: 'example.com', type: 'A', name: 'api', value: '1.2.3.4', ttl: 300 });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Queries (free tier) | 25M / mo | — | |
| Zones per project | 1,000 | 10,000 | Lift via sales |
| Records per zone | 10,000 | — | |
| DNSSEC algorithms | ECDSA P-256 | — | RSA-2048 on request |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/edge/dns/zonesPOST /v1/edge/dns/recordsPOST /v1/edge/dns/dnssec/enable
Required scope(s): edge:read, edge:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.