# Integration of DNS Connectors

The DNS Connector feature in CERTInext enables integration with external DNS providers for automated DNS-based domain validation workflows. DNS connectors are primarily used to automate DNS-01 ACME challenge validation during certificate issuance, renewal, and lifecycle operations.

By integrating DNS providers directly with CERTInext, organizations can eliminate manual DNS record creation and accelerate certificate provisioning processes.

Supported DNS providers include:

* Cloudflare
* AWS Route 53
* Microsoft Azure DNS

DNS connector integration is especially useful for:

* Wildcard certificate issuance
* Automated ACME workflows
* Public CA domain validation
* Large-scale certificate automation
* Multi-domain certificate management

## Accessing DNS Connectors

To configure a DNS connector:

1. Navigate to **Integrations → DNS Connectors**
2. Click **Create DNS Connector**

<figure><img src="/files/OZNvbFx6GndnHRvgxNTe" alt=""><figcaption></figcaption></figure>

This opens the DNS connector configuration page where provider-specific authentication and DNS zone details are configured.

## Supported DNS Providers

CERTInext currently supports the following DNS providers:

| Provider     | Supported Use Cases                      |
| ------------ | ---------------------------------------- |
| Cloudflare   | DNS automation using Cloudflare APIs     |
| AWS Route 53 | AWS-hosted DNS validation and automation |
| Azure DNS    | Microsoft Azure DNS automation workflows |

***

## Cloudflare DNS Connector

The Cloudflare connector enables CERTInext to create and manage DNS TXT records automatically for domain validation workflows.

<figure><img src="/files/a3SjfiU9XIJrllA8lEIO" alt=""><figcaption></figcaption></figure>

### Configuration Fields

#### Name

Defines a unique connector name.

Example:

```
Cloudflare Production DNS
```

#### Provider Type

Select:

```
Cloudflare
```

#### API Token

Defines the Cloudflare API token used for DNS automation.

The token must have permissions for:

* Zone Read
* DNS Edit

This token is securely stored within CERTInext.

#### Zone ID

Defines the Cloudflare Zone ID associated with the domain.

Example:

```
ab12cd34ef56gh78
```

The Zone ID can be obtained from the Cloudflare dashboard.

## AWS Route 53 DNS Connector

The Route 53 connector enables CERTInext to automate DNS validation using AWS-hosted DNS zones.

<figure><img src="/files/nly4ZASDMthBUEoLjtOb" alt=""><figcaption></figcaption></figure>

### Configuration Fields

#### Name

Defines the connector name.

Example:

```
AWS Route53 DNS
```

#### Provider Type

Select:

```
Route 53
```

#### AWS Access Key ID

Defines the AWS IAM Access Key ID used for API authentication.

The IAM user should have Route 53 DNS management permissions.

#### AWS Secret Access Key

Defines the AWS Secret Access Key associated with the IAM user.

This credential is securely stored within CERTInext.

#### Hosted Zone ID

Defines the AWS Route 53 Hosted Zone ID.

Example:

```
Z0123456789ABCDEF
```

The Hosted Zone ID identifies the DNS zone where TXT validation records will be created.

## Azure DNS Connector

The Azure DNS connector enables CERTInext to automate DNS validation using Microsoft Azure DNS services.

<figure><img src="/files/wRa5qHO9LuywINsExpAJ" alt=""><figcaption></figcaption></figure>

### Configuration Fields

#### Name

Defines the connector name.

Example:

```
Azure DNS Production
```

#### Provider Type

Select:

```
Azure DNS
```

#### Tenant ID

Defines the Microsoft Entra ID (Azure AD) tenant identifier.

Example:

```
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
```

#### Client ID

Defines the Azure application Client ID used for API authentication.

#### Client Secret

Defines the Client Secret associated with the Azure application.

This credential is securely stored within CERTInext.

#### Subscription ID

Defines the Azure subscription associated with the DNS zone.

#### Resource Group

Defines the Azure Resource Group where the DNS zone exists.

Example:

```
Production-DNS-RG
```

#### Zone Name

Defines the Azure DNS zone name.

Example:

```
example.com
```

## Saving the DNS Connector

After entering the required provider details:

1. Click **Save**
2. CERTInext validates:
   * Provider configuration
   * Authentication credentials
   * DNS zone accessibility
   * API communication availability

Once validation succeeds, the connector becomes available for automated DNS validation workflows.

## DNS Automation Workflow

Once configured, CERTInext can automatically:

* Create DNS TXT validation records
* Validate ACME DNS-01 challenges
* Remove temporary validation records
* Support wildcard certificate issuance
* Automate certificate renewals
* Reduce manual DNS operations

Typical automation flow:

```
CERTInext → DNS Provider API → Create TXT Record → Domain Validation → Certificate Issuance
```

## Supported Certificate Operations

DNS connectors support:

* Wildcard certificate issuance
* ACME challenge automation
* Domain ownership validation
* Automated certificate renewals
* Public CA integrations
* Large-scale certificate provisioning workflows


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/certificate-authorities-and-trust-stores/integration-of-dns-connectors.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.