DNS stands for Domain Name System, and it's the protocol by which domain names are pointed to the servers that host content. When adding a custom domain to your site, we provide the values for your DNS records, to be assigned with your DNS service provider:
While Pantheon does not offer DNS management services, we can help you to understand how DNS works, and configure your domain to point to your Pantheon site.
DNS Host-Specific Instructions
Stands for Top Level Domain. This is the last piece of your website URL (
The service through which you purchase a domain name. Most registrars also offer DNS management services.
The last section of your website name before the TLD, the domain is what you purchase from the Registrar.
Separate by periods (
.), subdomains precede the domain name.
wwwis the most commonly seen subdomain. Subdomains can also stack (example:
- Authoritative Name Server
The service that publishes your domain's DNS records
|Points a domain or subdomain to an IPv4 address.|
|Points a domain or subdomain to an IPv6 address.|
|Points a domain or subdomain|
|Used to specify email servers. Note that Pantheon does not offer email services, so your MX records shouldn't be pointed at Pantheon.|
|These are generic records, used by many services for different things.|
|Specifies where the authoritative name servers for this domain are.|
Every DNS record has a Time To Live (TTL) value, which specifies how long any DNS server should hold that record, before dropping it and asking for a new version from its upstream DNS provider. TTLs are usually set in seconds with a few common ones being
86400 (24 hours),
43200 (12 hours),
3600 (1 hour), and
500 (5 minutes).
DNS Propagation is the time it takes for changes made to DNS records to be reflected across DNS servers globally. A lower TTL value means faster propagation, but it's important to note that it is not a 1:1 ratio. Between your authoritative name server and the DNS servers of any particular ISP could be any number of intermediate DNS servers. Each server in that chain will wait for the records it holds to expire before requesting new ones. Because of this, it can take several times longer than your record's TTL value to see changes reflected for everyone.
When you're planning a site migration, follow these simple steps to help minimize DNS-related downtime:
Lower the TTL values as low as allowed (usually
500) several days in advance at your DNS service manager. That way when the values are changed, new records are propagated faster.
digto confirm the new TTL values have propagated to your ISP's DNS servers:
dig +nocmd +noall +answer pantheon.io pantheon.io. 60 IN A 220.127.116.11
In the example above, the TTL of the A record for
pantheon.iois 60 seconds.
Once the migration is complete, raise the TTL values back to
3600(24 hours) to improve stability in case of a DNS service outage.
DNS Records are hosted by an authoritative name server. This may or may not also be the registrar who you purchased the domain name from. You can use the command line tool dig to look up the
NS record for a domain to find the name server:
dig +short ns pantheon.io ns-1096.awsdns-09.org. ns-148.awsdns-18.com. ns-1857.awsdns-40.co.uk. ns-924.awsdns-51.net.
The example above shows that the records for
pantheon.io are hosted by AWS.
To find the registrar where your domain is registered, use the command line tool whois:
whois pantheon.io | grep Registrar: Registrar: Gandi SAS
The example above uses
| grep Registrar: to filter the results to what we're looking for specifically. Remove it to see the full output of the
whois command. Our example shows that the domain
pantheon.io is registered with Gandi.
Your registrar may appear to have DNS records for your domain and still not be the authoritative name server. Use
dig as described above to confirm the name server in use.
No, Pantheon is neither a domain registrar nor a DNS manager. Many platforms and hosting providers offer DNS servers and while it's convenient, it's often inflexible. Providers that offer nameservers usually build other features (like HTTPS) in a way that will only work for customers who use the provided nameservers. This approach is fine until it interferes with more advanced deployments.
Pantheon is built to support advanced website deployment needs, and that means allowing site owners to use the DNS provider of their choice. If Pantheon required specific nameservers, it would interfere with these major use cases (among others):
- Large organizations and institutions with Information Technology departments that operate or configure DNS. If Pantheon required use of particular DNS servers, it would interfere with the ability to use Pantheon for the organization's websites.
- Digitally signing DNS records using a system like DNSSec. While it would be technically possible for Pantheon to host records signed offline, it's much easier for interested organizations to operate their own DNS or choose a provider that supports the desired signing methods.
- Uncommon record types. If Pantheon required use of specific nameservers, it's unlikely that all of the desired record types would be available, particularly legacy ones.
- Programmatic updates. Such use cases include domain control validation for obtaining certificates and automated responses to security events. Different DNS services support different update APIs, and it's unlikely Pantheon would ever be able to support them all.
If your site doesn't have these advanced needs, there are free and inexpensive options outside of Pantheon. We recommend considering your domain registrar's DNS services, Amazon Route 53, Google Cloud DNS, or Cloudflare.
Some DNS providers provide a default
CNAME record for
www pointing to
@ (the bare domain). Remove these records and replace them with the records suggested by the Pantheon Site Dashboard.
Note that if the Platform detects a CNAME record, the DNS Status will show
Remove this detected record on the line with the CNAME. Remove the CNAME from the DNS management service to avoid potential issues or interruptions.
AAAA or "quad-A" records are used to assign IPv6 addresses to domain names. While most of the internet still uses IPv4, the address pool has been exhausted and IPv6 became the standard as of July 14th, 2017.
AAAA records are not required, but recommended as a best practice for performance, especially for mobile devices.
Pantheon provides IPv6 addresses for you to assign
AAAA records to. If your DNS service does not support
AAAA you can simply omit these records for now, but consider asking your provider to add functionality, as the need for IPv6 will only increase in the future.
Some DNS service providers require expanded
AAAA records. You can retrieve the expanded version for each AAAA record by using the IPv6 conversion tool and copying the "IPv6 longest" result.
Pantheon does not provide email services. Make sure your DNS records include an
MX record that points to a subdomain (like
CNAME record pointing it to your email provider.
A record points a domain name to an IPv4 address. A
CNAME record points a domain name to another domain, but does not redirect to it.
In the past, Pantheon used a mix of
CNAME records. We've since standardized to only
AAAA, which reduces complexity and confusion.
CNAME records introduce an additional point of failure by requiring an additional lookup from
A before getting an IP address.
Additionally, the use of an
TXT record prevents the use of a
CNAME, and vice versa.
The Status in Domains / HTTPS will show as Update Recommended when the Platform detects a CNAME record pointed to Pantheon, or when A/AAAA records are not detected.
Click Details to find the values required for A and AAAA records to add, or to find the CNAME detected on the line with
Remove this detected record in the status.
Log in to your DNS provider to make the recommended changes. We have instructions for many popular DNS providers to help make the required adjustment.
Yes! You can modify your local
hosts file, which takes precedence over DNS:
Note that modifying the
hosts file usually requires administrative privileges from the OS.
The location of the
hosts file varies depending on your operating system:
- MacOS / Linux:
Add lines to your operating system's
hosts file in the following format:
203.0.113.10 example.com 203.0.113.20 www.example.com
In the example above, replace the IP addresses with those provided by Pantheon, and the domains with your own.