DNS
This chapter is dedicated to DNS (Domain Name System). It provides detailed guidance on adding, changing, modifying, and configuring your DNS zone, ensuring proper functioning and accessibility of their domains and associated services.
- Adding Name Servers to Your Domain
- Creating and Modifying Your Own Nameservers
- DNS Records Supported by Joker.com Nameservice
- Joker.com Name Service: Adding DNS Records
- URL Forwarding and E-mail Forwarding
- Dynamic DNS (DynDNS)
- DNSSEC
- Let's Encrypt SSL Certificates
- Specific ccTLDs: Nameservers
Adding Name Servers to Your Domain
Every domain requires a minimum of two (2) associated nameservers.
You have the freedom to choose any name service you prefer. The Joker.com name service is provided for free along with the Joker.com domain fee. By default, the Joker.com name servers are configured unless you explicitly change them during the ordering process.
It's important to note that certain top-level domains (TLDs) have specific nameserver requirements. For more details, please refer to the Specific ccTLDs: Nameservice article.
Adding Existing Nameservers: Joker NS or Foreign
To add nameservers, follow these steps:
1. On your Dashboard, click the "Modify" icon next to the domain you want to add NS to:
2. In the Domain Management section, locate the "Name Servers" subsection, and click the "edit" icon:
3. Click the "Use custom Nameservers" button:
4. Add desired nameservers, and click "save":
You can change these to any foreign nameservers, such as the nameservers provided by your hosting provider. Please note that only already registered nameservers in the respective registry can be added.
5. You can switch back to Joker NS at any time:
Creating and Modifying Your Own Nameservers
If you prefer not to use the free Joker.com name service and instead want to use your own nameservers, you need to "register" it.
Please note: Creating nameservers (e.g., registering a hostname with an IP address to define a nameserver) only works with Joker.com if the domain used for these nameservers is also a Joker.com domain. This limitation is based on technical/registry constraints.
If you intend to use a domain from another registrar, only that registrar will be able to register the nameservers with the registry.
To register your own nameservers, please follow these steps:
1. Under Domain Management, click on the edit icon in the "Nameservers" section:
2. Click on "register NS":
3. Enter NS name:
4. Enter IP-addresses and click "proceed":
Modifying Your Own Nameservers
If you want to modify the Nameserver you have previously created, you need to follow these steps:
1. Choose "Nameservers" from the "My Joker" menu:
2. Search for the Nameserver you would like to modify, and click "Change":
3. Make necessary changes, and click "Save":
After a successful change, you will receive a confirmation email.
Deleting Your Nameservers
If you want to delete one of your previously registered Nameservers, you can do this easily by following the steps below:
1. Choose "Nameservers" from the "My Joker" menu:
2. Search for the Nameserver you would like to delete, check it, and click "Delete marked DNS":
Please note: Only Nameservers that are not linked to any domain (even if they are in the RGP) can be deleted. If the selected name server is still in use, it cannot be deleted.
DNS Records Supported by Joker.com Nameservice
Overview of supported records and brief explanations. You can enter these records for your domain by accessing the "DNS" menu item in the domain list on Joker.com.
URL Forwarding | Redirects your domain to an external website (URL). For more information, refer to this article on how to use the web/URL forwarding feature of Joker.com |
Email Forwarding | Creates email addresses for your domain, forwarding emails to your existing external mail account. Learn how to configure email forwarding in the provided guide |
A Record | Binds your domain or hosts within the domain to an IPv4 address. Allows you to create entries like 'www.your-domain.com' that point to an external IP address. |
DYNA Record | Part of the Dynamic DNS Service - associates your domain or host with your provider's temporary IP address. The IP can be automatically updated using your router device or a client program. Make sure Dynamic DNS (DynDNS) is enabled for your domain. |
MX Record | Specifies the email server responsible for accepting emails for your domain. Additional details about MX records can be found here. |
AAAA Record | Associates your domain or host within the domain with an IPv6 address. |
DYNAAAA Record | Part of the Dynamic DNS Service - associates your domain or host with your provider's temporary IPv6 address. The IP can be automatically updated using your router device or a client program. Ensure that Dynamic DNS (DynDNS) is enabled for your domain. |
CNAME Record | Maps your domain or hostname to another domain or hostname. This is useful for creating aliases such as 'www.your-domain.com' and 'blog.your-domain.com', alongside an A record for your-domain.com. More information about CNAME records can be found here. |
ALIAS | Somehow similar to CNAME, it allows to ALIAS can also be applied to the domain itself. Note that ALIAS records are not compatible with DNSSEC. More information can be found here. |
DNAME | Similar to CNAME, but DNAME applies to all subordinate hosts (subdomains) of an entry. Additional details about DNAME records can be found here. |
SPF Record | Sender Policy Framework - used to detect email spoofing and prevent spam. There are various free online SPF record creators available, such as the one found here. Please see below, how to define an SPF record. |
TXT Record | Creates a TXT record for handling specific tasks, including requesting Let's Encrypt SSL certificates. See here for more information about TXT records. |
SRV Record | Specifies the location of server(s) for a specific protocol and domain. More details about SRV records can be found here. |
NAPTR Record | Specifies a regular expression-based rewrite rule that generates a new domain label or URI when applied to an existing string. Refer to this resource for additional information on NAPTR records. |
NS Record | Specifies the responsible nameserver for a subdomain and is not allowed at top-level. More details about NS records can be found here. |
CAA Record | Allows you to specify which Certification Authority (CA) is permitted to issue SSL certificates for your domain or hostname. See here for more information about CAA records. |
TLSA Record | Validates certificates used for DNS-based Authentication of Named Entities (DANE). Additional details about TLSA records can be found here. |
SSHFP Record | Specifies SSH fingerprints served by DNS. Refer to this resource for more information on SSHFP records. |
SMIMEA Record | Secures SMIME (Secure/Multipurpose Internet Mail Extensions) with certificates. More information about SMIMEA records can be found here. |
How to Define SPF Record
SPF means "Sender Policy Framework", and can be used to avoid forging of sender's addresses in emails. It is not a record type of its own, but uses TXT records for this.
There should always be only one SPF policy record for a domain, while the SPF definition may contain several different rules, and can be split over multiple TXT records with different names, if needed.
There are many tools online available to help with creating a SPF record for a specific domain, e.g. this one.
For instance, your Joker.com-domain is "example.com", and you want to allow emails from Gmail, you have to create a DNS record of type "TXT" for your domain "example.com", and enter this line:
v=spf1 include:_spf.google.com ~all
In case you want to make use of a SPF record for a Joker.com domain, and want to make sure that emails from Joker.com will reach email addresses using your Joker.com domain, you need to add (include) this additional rule to your SPF policy:
include:_spf.joker.com
resulting in this SPF policy:
v=spf1 include:_spf.google.com include:_spf.joker.com ~all
You can create more than one TXT record to split the SPF policy rules, then the records should all start with v=spf1 to define one SPF policy and every record must have a different name, or in other words - for every unique name (including domain itself) only one record starting with v=spf1 is allowed:
Correct:
example.com | TXT "v=spf1 include:_spf.google.com ~all" |
spf1.example.com | TXT "v=spf1 include:_spf.joker.com ~all" |
Incorrect:
example.com | TXT "v=spf1 include:_spf.google.com ~all" |
example.com | TXT "v=spf1 include:_spf.joker.com ~all" |
DNS PTR Records
A DNS pointer record (PTR for short) provides the domain name associated with an IP address.
A DNS PTR record is exactly the opposite of the A-record, which provides the IP address associated with a domain name.
DNS PTR records are used in reverse DNS lookups. When a user attempts to reach a domain name in their browser, a DNS lookup occurs, matching the domain name to the IP address.
A reverse DNS lookup is the opposite of this - it searches for a domain name with the given IP address.
This also means that PTR records can not be defined using the name servers of the domain, but have to be requested at the provider of the IP address, in case the provider supports this.
Joker.com Name Service: Adding DNS Records
If you're using the free joker.com nameservice, you have the freedom to configure your DNS zone as you like by adding various records. All supported types of records are listed here.
How to add a new DNS record
We took the A record as an example, but any other record type can be added in the same way.
1. Switch to our Nameservers
Check this article on how to do this.
2. Once you've switched, the DNS button will become active (blue) on your dashboard next to the domain name. Click it:
3. In the DNS configuration section, choose a record type you want to add, let's take an A-record as example:
4. Add a subdomain (optionally) and target IP address, click "Add":
5. Scroll down to view the newly added record, check its correctness, and click the "Save changes" button:
6. If you want to apply the same records to your other domains, you can click "Copy records to another domain":
7. Choose the type of record you want to propagate or select all of them. Let's use our newly added A-record for example:
8. Type the domains to which you want to add the record, separated by commas, and click "Proceed":
Once the changes have been applied, you'll receive a confirmation email.
Adding SPF And DKIM Records
Adding SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records to your domain's DNS settings helps improve email deliverability and prevents your emails from being marked as spam or forged by malicious parties.
Here's a guide on how to add SPF and DKIM records:
SPF Record
SPF allows you to specify which servers are authorized to send emails on behalf of your domain. To create an SPF record, follow these steps:
1. In the DNS configuration section, create a new TXT record.
2. In the "Content" field, enter your SPF policy.
If you are using a third-party email service like Google Workspace, they will provide you with the appropriate include value. The SPF policy typically looks like this:
3. Save the changes.
DKIM Record
DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain.
1. In DNS management section, create a new TXT record:
2. In the "Content" field, you'll need to add your DKIM public key
The DKIM key is usually provided by your email service provider (e.g., Google Workspace, Microsoft 365, etc.). The DKIM record should look something like this:
3. Save the changes.
Important: wait for DNS Propagation. After adding the SPF and DKIM records, it may take up to 48 hours for the changes to propagate across the internet. Once the records have propagated, the SPF and DKIM authentication should be active for your domain's email.
URL Forwarding and E-mail Forwarding
Joker.com offers a service that allows you to direct all web requests (HTTP) for a domain or subdomain registered with Joker.com to a different externally hosted domain. For example, you can point the web traffic of your domain to the webspace provided by your Internet service provider.
This feature lets you access your domain: http://www.your-domain.com while the actual content is hosted at: http://www.your-internet-service-provider.com/your Account
The redirection is performed using the 'HTTP/1.1 301 Moved Permanently' method, ensuring a permanent redirection.
You have the option to use a standard redirection or a "frame-based" redirection that keeps the original domain name visible in your browser's location bar.
Moreover, you can customize your URL forwards with your own special title, meta, or HTTP header tags.
Please note: only HTTP requests can be forwarded using URL Forwarding
To configure your URL forwarding, follow these steps:
1. Switch to our Nameservers
Check this article on how to do this.
2. Once you've switched, the DNS button will become active (blue) on your dashboard next to the domain name. Click it:
3. In the DNS configuration section, choose URL Forward as record type:
4. Let's create a URL forwarding for a subdomain "www..." for our domain. Click "add":
5. Scroll down to view the newly added record, check its correctness, and click the "Save changes" button:
You are done!
Email Forwarding
Email Forwarding is a service provided by Joker.com that enables you to create email addresses for a domain and forward incoming emails for those addresses to an external mail account.
This means you can have email addresses such as:
- info@yourdomain.com
- john@yourdomain.com
- *@yourdomain.com
These addresses can be forwarded to your email account at your ISP or email provider, such as Gmail, Yahoo, or others.
Please note the following:
- Email forwarding, similar to URL forwarding, requires that the domain uses the free Joker.com nameservice (which is the default). If you have a domain with a third-party nameservice, you cannot use Joker.com email forwarding. You can easily switch to Joker nameservice, here you will find the instructions.
- To add or modify email addresses for your domains, visit the DNS configuration section by clicking the "DNS" button next to your domain on your dashboard.
- Enabling Email Forwarding will automatically delete current MX records. This is unavoidable for technical reasons, so you can either let Joker.com handle your email or use a third-party mail server.
- The reverse is also true - creating an MX record for a (sub-)domain for which an e-mail forwarding already exists will deactivate it (a corresponding warning will be displayed beforehand).
- For security reasons, we advise against using email forwarding as the "main" email address for your Joker.com account. If this is inadvertently deactivated, you will no longer receive account-related notices.
It is also possible to create catch-all addresses. By entering '*' instead of 'your_name' as the Email Address:
Any emails that do not match any other address you created will be directed to the '*' entry.
Additionally:
- There is a special account called 'postmaster' that can be modified but not deleted.
- You have the option to "block" specific addresses. When activated, all incoming emails to the blocked address will be deleted.
Regarding the number of email addresses per domain, we do not impose strict limits. Instead, we follow a fair-use policy. As long as there are no significant system impacts caused by an excessive number of emails sent or addresses created, there will be no restrictions.
Excessive in this context refers to significantly above average, and system impact refers to significant interference with the general system and/or other users.
The current limits are as follows:
- Maximum size of a single email: 25MB
- Maximum number of emails per day per address: 400
Important: When creating a new email address or changing the target address, you need to activate it by responding to the activation email sent to the Target Email Address. Simply click on the link provided within the email.
What about SPAM?
Dynamic DNS (DynDNS)
Dynamic DNS (DynDNS) is a system that allows the domain name data held in a nameserver to be updated in real-time. The most common use for this is in allowing an Internet domain name to be assigned to a computer with a varying (dynamic) IP address.
This makes it possible for other sites on the Internet to establish connections to the computer without needing to track the IP address themselves. A common use for it is running server software on a computer that has a dynamic IP address, as usually happens with many consumer Internet service providers.
To use Dynamic DNS records with Joker.com, you have to create at least one Dynamic DNS record.
Additionally, the Dynamic DNS feature has to be activated.
This can be done by visiting DNS configuration section by clicking the "DNS" button next to your domain on your dashboard.
After this, you have to configure your (DSL-) router or your Dynamic DNS software on your computer.
Currently, there is a limit of 20 records per domain. The nameserver records have a TTL (time to live - defines the latency before changes become visible) of 60 seconds.
Please note: The "username" and "password" referred to in this section are not identical to your standard Joker.com credentials. Instead, when you create your DynDNS entry, you will be provided with special credentials which are only valid for those entries with the specific domain.
Examples
Hardware Devices / Routers
A hardware device like a DSL router often is able to handle Dynamic DNS itself. As an example, this is the corresponding section of a Fritz!Box DSL router:
Update-URL: https://svc.joker.com/nic/update?username=<username>&password=<pass>&myip=<ipaddr>&hostname=<domain>
Domain name: <enter your Joker.com Dynamic DNS record (Domain name) here>
Username: <enter the username you got at Joker.com's DNS management for this domain>
Password: <enter the password you got at Joker.com's DNS management for this domain>
Note: SSL is not supported by all devices, especially olders ones need to use: http://svc.joker.com/nic/update?...
Please note: The parameter 'myip' is optional; if not provided, the originating IP address is used automatically.
Sample:
Update-URL: https://svc.joker.com/nic/update?username=<username>&password=<pass>&myip=<ipaddr>&hostname=<domain>
Domain name: www.yourdomain.com
Username: 156ba6fa7f93bfd7
Password: 5bc123a7100ef6a2
Or using as direct URL:
Update-URL: https://svc.joker.com/nic/update?username=156ba6fa7f93bfd7&password=5bc123a7100ef6a2&hostname=www.yourdomain.com
https://svc.joker.com/nic/checkip
https://svc.joker.com/nic/myip
Software Clients
Windows
A simple and popular free DynDNS updater for Windows is ddclient. The installation creates a section "ddclient" in the Windows start menu.
After the installation - during which you might enter any data - please copy the following text as "ddclient.conf" into the directory where "ddclient" was installed. In the windows start menu you can also use the entry "Open ddclient.conf in notepad" by right-clicking on "Run as administrator".
Please replace the placeholders with your entries beforehand:
# ddclient.conf
#
daemon=5m
use=web
web=svc.joker.com/nic/checkip
server=svc.joker.com/nic/update?
protocol=dyndns2
login=USERNAME
password=PASSWORD
host=WWW.YOURDOMAIN.COM
ssl=yes
USERNAME = the DynDNS-"Username" in the DynDNS-section at Joker.com
PASSWORD = the DynDNS-"Password"
YOUR.DOMAIN.COM = Your desired hostname - which you should have previously created under "DynA" in the DynDNS section on Joker.com. When creating, there you may enter any IP like "192.168.0.1". You will later know whether your DynDNS client is working or not by checking if this IP changes to your dynamic one.
In this example above you would create the entry "www" under "DynA" for your domain "yourdomain.com".
After you have created the file ddclient.conf or copied it into the program directory, call the entry "start ddclient console" in the Windows start menu. A window will open and after a short time, you should see messages indicating a successful IP change. Otherwise, please check whether your details (username, password, host or domain name) are correct, and also whether the URL for determining your own IP works for you in the browser (".../checkip/").
If this test was successful, you can close the window and then call "start ddclient service" in the start menu with administrator rights (right mouse button, "run as administrator").
This will run ddclient in the background.
Another common Windows client is the "DynDNS Updater" from Kana Solution. A suitable profile can be downloaded here: kana_joker.profile
Linux
Free DynDNS-client für Linux: ddclient - ddclient.sf.net
Hints for ddclient:
- please use the config file ddclient.conf for the windows version provided above, it works the same
- protocol is also "dyndns2"
- please check on the Linux commandline, that you have access to the DynDNS service:
- wget https://svc.joker.com/nic/checkip
Apple MacOS
Free DynDNS-Client for MacOS: ddclient (s. Windows & Linux) Installation preferably via HomeBrew:
- open Mac Terminal App
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null
- If you are asked for a password, enter the password of your user account
brew install ddclient
A paid dynamic DNS client for MacOS with native Joker.com support is "IP Monitor" from Appquarter.com
It is also available from the Mac Appstore.
DNSSEC
DNSSEC is the abbreviation for 'Domain Name System Security Extensions'. It is a set of extensions to the domain name system (DNS), basically to allow clients to verify the authenticity and integrity of DNS records.
For a domain to make use of DNSSEC, the following is needed:
- the domain type (TLD) needs to support DNSSEC (i.e. the registry)
- the registrar of the domain needs to allow to activate and configure DNSSEC for a domain
- the configured nameservers need to support DNSSEC
- the clients (e.g. browsers) need to make use of DNSSEC
You may have a look at Wikipedia or this short tutorial as starters for reading more about these topics.
DNSSEC Support at Joker.com
Joker.com enables you to activate and configure DNSSEC for nearly all of your domains - most domain types (TLDs) do support DNSSEC. The only exceptions at Joker.com currently are .ws and .cn.
Please note: Joker.com supports DNSSEC with standard Joker.com name servers as well as with domains that use external name servers
- for Joker.com nameservers: To enable DNSSEC, please go to click on "DNS" next to your domain on your dashboard. There you will find the "Enable DNSSEC" button. If you then click on "Save changes", you are done!
- for DNSSEC with own or external name servers: Please use our instructions below.
To find out if your domain is working properly with DNSSEC, you may use the DNSSEC Analyzer.
Resellers will find similar commands to operate DNSSEC using DMAPI and RPanel.
How To use DNSSEC with a Joker.com Domain and a DNS Hosting Provider
This is about:
- you want to use DNSSEC with domains from Joker.com
- you are using an external name service, like from a service provider, or your own
To make this work, the domain has to be "linked" to the external name service:
1. Set up the DNS zone and records at the DNS hosting provider
Each DNS hosting provider has its own web interface and system for adding records. Here you have to create the zone records you need, like A records to add IPv4 addresses to a hostname.
2. Still at the DNS hosting provider
sign the domain with DNSSEC. This of course requires, that your DNS provider support DNSSEC.
The end result is that you have a signed domain with a DS record. You will need this information (DS record) later at Joker.com.
3. At Joker.com
Change the name servers for the domain to point to the name servers of the DNS hosting provider.
It should look like this now:
This change may take some time to propagate through the larger DNS infrastructure. Until the name server change has fully propagated, people may still see DNS records coming from the previous name servers.
At this point, you have a domain signed with DNSSEC at the DNS hosting provider, and you have changed the records at Joker.com to point to the name servers of the DNS hosting provider.
Almost done!
If you now run your domain through the DNSSEC analyzer tool, you will still see a problem: "No DS records found"
This means, you still have to create a so-called Delegation Signer (DS) record at Joker.com.
4. Create DS record at Joker.com
- again, visit Joker.com, click "Modify" next to your domain name
- You will now find your name servers listed and a DNSSEC section:
- click on '
' at section DNSSEC
- it will then look like this - please check if the information corresponds with what you got in step 2 above:
-
tag is derived from the key (provided by DNS operator)
-
digest type is 1 (SHA-1, deprecated) or 2 (SHA-256)
- digest itself: up to 40 hex digits for SHA-1 and up to 64 hex digits for SHA-256
- Press "save", and you are done - DNSSEC is enabled on your domain.
5. Finally, verify that DNSSEC works
using a tool such as Verisign Labs’ DNSSEC Analyzer. It should show nice green check marks now - but please keep in mind, that your changes will take some time until they become active.
Having followed these steps, you have DNSSEC working on a domain registered with Joker.com, using name servers from an external name service provider.
Meanwhile, there is good news: You now also are able to use DNSSEC with the regular Joker.com name servers as well, free of charge! This of course is probably much simpler for you, since you do not have to maintain external name server records, and you can make use of DNSSEC fully integrated into Joker.com's web portal.
Let's Encrypt SSL Certificates
Support for Automating Let's Encrypt SSL Certificates
Joker.com offers a simple tool to automate the process of using Let's Encrypt certificates.
With this tool, you can easily request Let's Encrypt certificates without the need to expose your domain through an HTTP web server or make any special configurations to existing web services.
The method used to obtain the certificates is 'dns-01', where a special TXT record must be added to your domain. To use this method, your domain must be using the free Joker.com nameservice, which is the default option.
Setting a TXT record is a straightforward process:
- On your Joker.com dashboard, click "DNS" button next to the domain you want to add a Let's Encrypt certificate for.
- If 'Dynamic DNS' is not already active, activate it. This will not affect any other existing DNS records for the domain.
- Take note of the 'Dynamic DNS Authentication' credentials shown (username and password) - only once per domain.
The following explains the technical details - you may skip this and simply use the attached files which you find below. They do work with the commonly used tool dehydrated. Where to place these files, and how to configure your domains or host names, is documented in the file config.sh
For the use of the certbot, github-user dhull kindly provides another solution:
- GitHub: https://github.com/dhull/certbot-dns-joker
- PyPI: https://pypi.org/project/certbot-dns-joker/
This can easily be installed by "pip install certbot-dns-joker" - see the Github page above for details.
To set a TXT record, you may now do this using a single cURL request:
curl -X POST https://svc.joker.com/nic/replace -d \
'username=your-username&password=your-password&zone=your-domain.com&label=_acme-challenge&type=TXT&value=the-TXT-content-to-insert'
This will create a TXT record for "_acme-challenge" in zone "your-domain.com".
It responds with 200 and "OK: n# inserted, n# deleted" if everything went OK, and appropriate status and text if not.
Some additional notes regarding this:
- only POST method is supported
- only type=TXT is supported (and must be provided) for now
- "label" could be anything within the zone (including "@" and "*")
- this request will replace all TXT records for the specified label with the provided content
- "value" must be printable ASCII only, without double quotes
- if "value" is empty ("value="), all existing records for specified label are deleted
- multiple TXT records with the same label can be added by using multiple "value" parameters in the URL
Attached files: hook.sh config.sh
Specific ccTLDs: Nameservers
.DE-Domains
In case you want to use your own/external name servers for your .DE-domains instead of the standard name servers from Joker.com, you have to make sure that these name servers are compliant with the requirements set by the DENIC.
Requests to register or update .de domains are handled by a robot doing the following checks on the registry side:
- are all name servers given in the request reachable?
- are they authoritative?
- do their answers contain the "authoritative answer" (AA) bit and do they know about the other authoritative name servers?
- are all authoritative nameservers given in the request?
- are values in the SOA records in the ranges required by the DENIC?
- are the SOA values identical for all name servers?
- do at least two of the three name servers differ in the first three bytes of the IP (v4) address?
Name Server: SOA Records
SOA-Record | Value |
serial recommended format | YYYYMMDDnn |
refresh | [10000 ... 86400] |
retry | [1800 ... 28800] |
expire | [604800 ... 3600000] |
ttl |
[180 ... 345600] |
If you are not sure, if your nameservers are compliant with DENIC requirements, or get an error related to nameservice, please check your nameservers at https://nast.denic.de/
.DK-Domains
The process of changing the nameserver for .dk domains is specifically regulated by DK Hostmaster. To modify the nameserver associated with a .dk domain, it is mandatory to go through DK Hostmaster's designated platform at:
https://self-service.dk-hostmaster.dk/domain/change_name_server
.IT-Domains
Similar to .de domains, .it domain registry has specific requirements for nameservers.
It is crucial to verify the compliance of your custom nameservers before registering an .it domain. If your nameservers do not meet the registry requirements, the domain will be deleted within 30 days. To check the compliance of your nameservers, you can use the following link:
https://www.nic.it/en/manage-your-it/dns-check.