DNS

This chapter is dedicated to DNS (Domain Name System). It provides detailed guidance on adding, changing, modifying, and configuring your DNS zone, ensuring proper functioning and accessibility of their domains and associated services.

Adding Name Servers to Your Domain

Every domain requires a minimum of two (2) associated nameservers.

You have the freedom to choose any name service you prefer. The Joker.com name service is provided for free along with the Joker.com domain fee. By default, the Joker.com name servers are configured unless you explicitly change them during the ordering process.

It's important to note that certain top-level domains (TLDs) have specific nameserver requirements. For more details, please refer to the Specific ccTLDs: Nameservice article.

Adding Existing Nameservers: Joker NS or Foreign

To add nameservers, follow these steps:

1. On your Dashboard, click the "Modify" icon next to the domain you want to add NS to:

2. In the Domain Management section, locate the "Name Servers" subsection, and click the "edit" icon:

 
3. Click the "Use custom Nameservers" button:

 
4. Add desired nameservers, and click "save":

You can change these to any foreign nameservers, such as the nameservers provided by your hosting provider. Please note that only already registered nameservers in the respective registry can be added.

 
5. You can switch back to Joker NS at any time:

Creating and Modifying Your Own Nameservers

If you prefer not to use the free Joker.com name service and instead want to use your own nameservers, you need to "register" it.

Please note: Creating nameservers (e.g., registering a hostname with an IP address to define a nameserver) only works with Joker.com if the domain used for these nameservers is also a Joker.com domain. This limitation is based on technical/registry constraints.

If you intend to use a domain from another registrar, only that registrar will be able to register the nameservers with the registry.

To register your own nameservers, please follow these steps:

1. Under Domain Management, click on the edit icon in the "Nameservers" section:

2. Click on "register NS":

3. Enter NS name:

4. Enter IP-addresses and click "proceed":

Modifying Your Own Nameservers

If you want to modify the Nameserver you have previously created, you need to follow these steps:

1. Choose "Nameservers" from the "My Joker" menu:

2. Search for the Nameserver you would like to modify, and click "Change":

3. Make necessary changes, and click "Save":

After a successful change, you will receive a confirmation email.

Deleting Your Nameservers

If you want to delete one of your previously registered Nameservers, you can do this easily by following the steps below:

1. Choose "Nameservers" from the "My Joker" menu:

2. Search for the Nameserver you would like to delete, check it, and click "Delete marked DNS":

Please note: Only Nameservers that are not linked to any domain (even if they are in the RGP) can be deleted. If the selected name server is still in use, it cannot be deleted.

DNS Records Supported by Joker.com Nameservice

Overview of supported records and brief explanations. You can enter these records for your domain by accessing the "DNS" menu item in the domain list on Joker.com.

Supported Records

URL Forwarding Redirects your domain to an external website (URL). For more information, refer to this article on how to use the web/URL forwarding feature of Joker.com
Email Forwarding Creates email addresses for your domain, forwarding emails to your existing external mail account. Learn how to configure email forwarding in the provided guide
Binds your domain or hosts within the domain to an IPv4 address. Allows you to create entries like 'www.your-domain.com' that point to an external IP address.
DYNA  Part of the Dynamic DNS Service - associates your domain or host with your provider's temporary IP address. The IP can be automatically updated using your router device or a client program. Make sure Dynamic DNS (DynDNS) is enabled for your domain.
MX  Specifies the email server responsible for accepting emails for your domain. Additional details about MX records can be found here.
AAAA  Associates your domain or host within the domain with an IPv6 address.
DYNAAAA  Part of the Dynamic DNS Service - associates your domain or host with your provider's temporary IPv6 address. The IP can be automatically updated using your router device or a client program. Ensure that Dynamic DNS (DynDNS) is enabled for your domain.
CNAME  Maps your domain or hostname to another domain or hostname. This is useful for creating aliases such as 'www.your-domain.com' and 'blog.your-domain.com', alongside an A record for your-domain.com. More information about CNAME records can be found here.
ALIAS Somehow similar to CNAME, it allows to ALIAS can also be applied to the domain itself. Note that ALIAS records are not compatible with DNSSEC. More information can be found here.
DNAME Similar to CNAME, but DNAME applies to all subordinate hosts (subdomains) of an entry. Additional details about DNAME records can be found here.
SPF  Sender Policy Framework - used to detect email spoofing and prevent spam. There are various free online SPF record creators available, such as the one found here. Please see below, how to define an SPF record.
TXT  Creates a TXT record for handling specific tasks, including requesting Let's Encrypt SSL certificates. See here for more information about TXT records.
SRV  Specifies the location of server(s) for a specific protocol and domain. More details about SRV records can be found here.
NAPTR  Specifies a regular expression-based rewrite rule that generates a new domain label or URI when applied to an existing string. Refer to this resource for additional information on NAPTR records.
NS  Specifies the responsible nameserver for a subdomain and is not allowed at top-level. More details about NS records can be found here.
CAA  Allows you to specify which Certification Authority (CA) is permitted to issue SSL certificates for your domain or hostname. See here for more information about CAA records.
TLSA  Validates certificates used for DNS-based Authentication of Named Entities (DANE). Additional details about TLSA records can be found here.
SSHFP  Specifies SSH fingerprints served by DNS. Refer to this resource for more information on SSHFP records.
SMIMEA  Secures SMIME (Secure/Multipurpose Internet Mail Extensions) with certificates. More information about SMIMEA records can be found here.
SVCB Create a link to any service. Further details can be found here: SVCB DNS record.
HTTPS Create a link to a HTTP service. Further details can be found here: HTTPS DNS Record.

How to Define a SPF Record


SPF means "Sender Policy Framework", and can be used to avoid forging of sender's addresses in emails. It is not a record type of its own, but uses TXT records for this.

There should always be only one SPF policy record for a domain, while the SPF definition may contain several different rules, and can be split over multiple TXT records with different names, if needed.

There are many tools online available to help with creating a SPF record for a specific domain, e.g. this one.

For instance, your Joker.com-domain is "example.com", and you want to allow emails from Gmail, you have to create a DNS record of type "TXT" for your domain "example.com", and enter this line:

v=spf1 include:_spf.google.com ~all

In case you want to make use of a SPF record for a Joker.com domain, and want to make sure that emails from Joker.com will reach email addresses using your Joker.com domain, you need to add (include) this additional rule to your SPF policy:

include:_spf.joker.com

resulting in this SPF policy:

v=spf1 include:_spf.google.com include:_spf.joker.com ~all

You can create more than one TXT record to split the SPF policy rules, then the records should all start with v=spf1 to define one SPF policy and every record must have a different name, or in other words - for every unique name (including domain itself) only one record starting with v=spf1 is allowed:

Correct:
example.com  TXT "v=spf1 include:_spf.google.com ~all"
spf1.example.com TXT "v=spf1 include:_spf.joker.com ~all"
Incorrect:
example.com TXT "v=spf1 include:_spf.google.com ~all"
example.com TXT "v=spf1 include:_spf.joker.com ~all"

DNS PTR Records


DNS pointer record (PTR for short) provides the domain name associated with an IP address.

DNS PTR record is exactly the opposite of the A-record, which provides the IP address associated with a domain name.

DNS PTR records are used in reverse DNS lookups. When a user attempts to reach a domain name in their browser, a DNS lookup occurs, matching the domain name to the IP address.

A reverse DNS lookup is the opposite of this - it searches for a domain name with the given IP address.

This also means that PTR records can not be defined using the name servers of the domain, but have to be requested at the provider of the IP address, in case the provider supports this.

Joker.com Name Service: Adding DNS Records

If you're using the free joker.com nameservice, you have the freedom to configure your DNS zone as you like by adding various records. All supported types of records are listed here.

 

How to add a new DNS record

We took the A record as an example, but any other record type can be added in the same way.

1. Switch to our Nameservers

Check this article on how to do this. 

 
2. Once you've switched, the DNS button will become active (blue) on your dashboard next to the domain name. Click it:

 
3. In the DNS configuration section, choose a record type you want to add, let's take an A-record as example:

 
4. Add a subdomain (optionally) and target IP address, click "Add":

 
5. Scroll down to view the newly added record, check its correctness, and click the "Save changes" button:

 
6. If you want to apply the same records to your other domains, you can click "Copy records to another domain":

 
7. Choose the type of record you want to propagate or select all of them. Let's use our newly added A-record for example:

 
8. Type the domains to which you want to add the record, separated by commas, and click "Proceed":

Now, all the domains listed will point to the same IP address we specified in our A record.

Once the changes have been applied, you'll receive a confirmation email.

 

Adding SPF And DKIM Records

Adding SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records to your domain's DNS settings helps improve email deliverability and prevents your emails from being marked as spam or forged by malicious parties.

Here's a guide on how to add SPF and DKIM records:

SPF Record

SPF allows you to specify which servers are authorized to send emails on behalf of your domain. To create an SPF record, follow these steps:

1. In the DNS configuration section, create a new TXT record.

 
2. In the "Content" field, enter your SPF policy.

If you are using a third-party email service like Google Workspace, they will provide you with the appropriate include value. The SPF policy typically looks like this:

 
3. Save the changes.

DKIM Record

DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain.

1. In DNS management section, create a new TXT record:
 
2. In the "Content" field, you'll need to add your DKIM public key

The DKIM key is usually provided by your email service provider (e.g., Google Workspace, Microsoft 365, etc.). The DKIM record should look something like this:

 
3. Save the changes.

Important: wait for DNS Propagation. After adding the SPF and DKIM records, it may take up to 48 hours for the changes to propagate across the internet. Once the records have propagated, the SPF and DKIM authentication should be active for your domain's email.

URL Forwarding and E-mail Forwarding

Joker.com offers a service that allows you to direct all web requests (HTTP) for a domain or subdomain registered with Joker.com to a different externally hosted domain. For example, you can point the web traffic of your domain to the webspace provided by your Internet service provider.

This feature lets you access your domain: http://www.your-domain.com while the actual content is hosted at:  http://www.your-internet-service-provider.com/your Account

By default, the redirection is of the type 'HTTP/1.1 301 Moved Permanently'. This can be changed in the options of the DNS editor ("Type of redirection").

'TLS' can also be activated in the options - this enables encrypted access via https to your forwarding. A suitable SSL certificate is then automatically generated the first time it is called up, which takes a few seconds.

You have the option to use a standard redirection or a "frame-based" redirection that keeps the original domain name visible in your browser's location bar.

Moreover, you can customize your URL forwards with your own special title, meta, or HTTP header tags.

Please note: only HTTP(S) requests can be forwarded using URL Forwarding

To configure your URL forwarding, follow these steps:

1. Switch to our Nameservers

Check this article on how to do this. 

2. Once you've switched, the DNS button will become active (blue) on your dashboard next to the domain name. Click it:

3. In the DNS configuration section, choose URL Forward as record type:

4. Let's create a URL forwarding for a subdomain "www..." for our domain. Click "add":
5. Scroll down to view the newly added record, check its correctness, and click the "Save changes" button:

You are done!

Email Forwarding


Email Forwarding is a service provided by Joker.com that enables you to create email addresses for a domain and forward incoming emails for those addresses to an external mail account.

This means you can have email addresses such as:

These addresses can be forwarded to your email account at your ISP or email provider, such as Gmail, Yahoo, or others.

Please note the following:

It is also possible to create catch-all addresses. By entering '*' instead of 'your_name' as the Email Address:

Any emails that do not match any other address you created will be directed to the '*' entry.

Additionally:

Regarding the number of email addresses per domain, we do not impose strict limits. Instead, we follow a fair-use policy. As long as there are no significant system impacts caused by an excessive number of emails sent or addresses created, there will be no restrictions.

Excessive in this context refers to significantly above average, and system impact refers to significant interference with the general system and/or other users.

The current limits are as follows:

Important: When creating a new email address or changing the target address, you need to activate it by responding to the activation email sent to the Target Email Address. Simply click on the link provided within the email.

What about SPAM?
All email forwards are automatically scanned for SPAM. Emails classified as spam or malware will be blocked.

Dynamic DNS (DynDNS)

Dynamic DNS (DynDNS) is a system that allows the domain name data held in a nameserver to be updated in real-time. The most common use for this is in allowing an Internet domain name to be assigned to a computer with a varying (dynamic) IP address.
This makes it possible for other sites on the Internet to establish connections to the computer without needing to track the IP address themselves. A common use for it is running server software on a computer that has a dynamic IP address, as usually happens with many consumer Internet service providers.

To use Dynamic DNS records with Joker.com, you have to create at least one Dynamic DNS record.
Additionally, the Dynamic DNS feature has to be activated.

This can be done by visiting DNS configuration section by clicking the "DNS" button next to your domain on your dashboard.

After this, you have to configure your (DSL-) router or your Dynamic DNS software on your computer. You should select "dyndns2" as protocol in your router or dyndns-client.

Currently, there is a limit of 20 records per domain. The nameserver records have a TTL (time to live - defines the latency before changes become visible) of 60 seconds.

Please note: The "username" and "password" referred to in this section are not identical to your standard Joker.com credentials. Instead, when you create your DynDNS entry, you will be provided with special credentials which are only valid for those entries with the specific domain.

Examples


Hardware Devices / Routers

A hardware device like a DSL router often is able to handle Dynamic DNS itself. As an example, this is the corresponding section of a Fritz!Box DSL router:

Update-URL: https://svc.joker.com/nic/update?username=<username>&password=<pass>&myip=<ipaddr>&hostname=<domain>
Domain name: <enter your Joker.com Dynamic DNS record (Domain name) here>
Username: <enter the username you got at Joker.com's DNS management for this domain>
Password: <enter the password you got at Joker.com's DNS management for this domain>
Note: SSL is not supported by all devices, especially olders ones need to use: http://svc.joker.com/nic/update?...

Please note: The parameter 'myip' is optional; if not provided, the originating IP address is used automatically.

Sample:

Update-URL: https://svc.joker.com/nic/update?username=<username>&password=<pass>&myip=<ipaddr>&hostname=<domain>
Domain name: www.yourdomain.com
Username: 156ba6fa7f93bfd7
Password: 5bc123a7100ef6a2

Or using as direct URL:

Update-URL: https://svc.joker.com/nic/update?username=156ba6fa7f93bfd7&password=5bc123a7100ef6a2&hostname=www.yourdomain.com
To check your current IP address, please use this URL: 

https://svc.joker.com/nic/checkip

 
Some Dynamic DNS software clients do need this without additional text: 

https://svc.joker.com/nic/myip

https://ipv4.svc.joker.com/nic/myip Does always return an IPv4 address if available - empty otherwise

https://ipv6.svc.joker.com/nic/myip Does always return an IPv6 address if available - empty otherwise

Software Clients

 

Windows

After the installation - during which you might enter any data - please copy the following text as "ddclient.conf" into the directory where "ddclient" was installed. In the windows start menu you can also use the entry "Open ddclient.conf in notepad" by right-clicking on "Run as administrator".

Please replace the placeholders with your entries beforehand:

# ddclient.conf
#
daemon=5m
use=web
web=svc.joker.com/nic/checkip
server=svc.joker.com/nic/update?
protocol=dyndns2
login=USERNAME
password=PASSWORD
host=WWW.YOURDOMAIN.COM
ssl=yes

USERNAME = the DynDNS-"Username" in the DynDNS-section at Joker.com

PASSWORD = the DynDNS-"Password"

YOUR.DOMAIN.COM = Your desired hostname - which you should have previously created under "DynA" in the DynDNS section on Joker.com. When creating, there you may enter any IP like "192.168.0.1". You will later know whether your DynDNS client is working or not by checking if this IP changes to your dynamic one.

In this example above you would create the entry "www" under "DynA" for your domain "yourdomain.com".

After you have created the file ddclient.conf or copied it into the program directory, call the entry "start ddclient console" in the Windows start menu. A window will open and after a short time, you should see messages indicating a successful IP change. Otherwise, please check whether your details (username, password, host or domain name) are correct, and also whether the URL for determining your own IP works for you in the browser (".../checkip/").

If this test was successful, you can close the window and then call "start ddclient service" in the start menu with administrator rights (right mouse button, "run as administrator").
This will run ddclient in the background.

Another common Windows client is the "DynDNS Updater" from Kana Solution. A suitable profile can be downloaded here: kana_joker.profile

 

Linux

 

Free DynDNS-client für Linux: ddclient - ddclient.sf.net

Hints for ddclient:

  • please use the config file ddclient.conf for the windows version provided above, it works the same
  • protocol is also "dyndns2"
  • please check on the Linux commandline, that you have access to the DynDNS service:
    • wget https://svc.joker.com/nic/checkip


 

Apple MacOS

Free DynDNS-Client for MacOS: ddclient (s. Windows & Linux) Installation preferably via HomeBrew:

  • open Mac Terminal App
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null
brew install ddclient

A paid dynamic DNS client for MacOS with native Joker.com support is "IP Monitor" from Appquarter.com

It is also available from the Mac Appstore.

DNSSEC

DNSSEC is the abbreviation for 'Domain Name System Security Extensions'. It is a set of extensions to the domain name system (DNS), basically to allow clients to verify the authenticity and integrity of DNS records.

For a domain to make use of DNSSEC, the following is needed: 

 You may have a look at Wikipedia or this short tutorial as starters for reading more about these topics.

 

DNSSEC Support at Joker.com

Joker.com enables you to activate and configure DNSSEC for nearly all of your domains - most domain types (TLDs) do support DNSSEC. The only exceptions at Joker.com currently are .ws and .cn.

Please note: Joker.com supports DNSSEC with standard Joker.com name servers as well as with domains that use external name servers

To find out if your domain is working properly with DNSSEC, you may use the DNSSEC Analyzer.

 Resellers will find similar commands to operate DNSSEC using DMAPI and RPanel.

How To use DNSSEC with a Joker.com Domain and a DNS Hosting Provider

This is about:

To make this work, the domain has to be "linked" to the external name service:

1. Set up the DNS zone and records at the DNS hosting provider

Each DNS hosting provider has its own web interface and system for adding records. Here you have to create the zone records you need, like A records to add IPv4 addresses to a hostname.

2. Still at the DNS hosting provider

sign the domain with DNSSEC. This of course requires, that your DNS provider support DNSSEC.

The end result is that you have a signed domain with a DS record. You will need this information (DS record) later at Joker.com.

3. At Joker.com

Change the name servers for the domain to point to the name servers of the DNS hosting provider.

It should look like this now:

change name servers

This change may take some time to propagate through the larger DNS infrastructure. Until the name server change has fully propagated, people may still see DNS records coming from the previous name servers.

At this point, you have a domain signed with DNSSEC at the DNS hosting provider, and you have changed the records at Joker.com to point to the name servers of the DNS hosting provider. 

Almost done!

If you now run your domain through the DNSSEC analyzer tool, you will still see a problem: "No DS records found"

This means, you still have to create a so-called Delegation Signer (DS) record at Joker.com.

4. Create DS record at Joker.com

change name servers

change name servers

5. Finally, verify that DNSSEC works

using a tool such as Verisign Labs’ DNSSEC Analyzer. It should show nice green check marks now - but please keep in mind, that your changes will take some time until they become active.

Having followed these steps, you have DNSSEC working on a domain registered with Joker.com, using name servers from an external name service provider.

Meanwhile, there is good news: You now also are able to use DNSSEC with the regular Joker.com name servers as well, free of charge! This of course is probably much simpler for you, since you do not have to maintain external name server records, and you can make use of DNSSEC fully integrated into Joker.com's web portal.

Let's Encrypt SSL Certificates

Support for Automating Let's Encrypt SSL Certificates

Joker.com offers a simple tool to automate the process of using Let's Encrypt certificates.

With this tool, you can easily request Let's Encrypt certificates without the need to expose your domain through an HTTP web server or make any special configurations to existing web services.

The method used to obtain the certificates is 'dns-01', where a special TXT record must be added to your domain. To use this method, your domain must be using the free Joker.com nameservice, which is the default option.

Setting a TXT record is a straightforward process:

The following explains the technical details - you may skip this and simply use the attached files which you find below. They do work with the commonly used tool dehydrated. Where to place these files, and how to configure your domains or host names, is documented in the file config.sh

For the use of the certbot, github-user dhull kindly provides another solution: 

This can easily be installed by "pip install certbot-dns-joker" - see the Github page above for details.


 

To set a TXT record, you may now do this using a single cURL request:

curl -X POST https://svc.joker.com/nic/replace -d \
'username=your-username&password=your-password&zone=your-domain.com&label=_acme-challenge&type=TXT&value=the-TXT-content-to-insert'

This will create a TXT record for "_acme-challenge" in zone "your-domain.com".
It responds with 200 and "OK: n# inserted, n# deleted" if everything went OK, and appropriate status and text if not.

Some additional notes regarding this:

Attached files: hook.sh config.sh

Specific ccTLDs: Nameservers

.DE-Domains

In case you want to use your own/external name servers for your .DE-domains instead of the standard name servers from Joker.com, you have to make sure that these name servers are compliant with the requirements set by the DENIC. 

Requests to register or update .de domains are handled by a robot doing the following checks on the registry side:

Name Server: SOA Records

 
SOA stands for "Start of Authority". 
An SOA record is the part of a DNS zone containing the email of the responsible person of the zone, and various synchronization parameters used by the different name servers of the zone.
Requests to register or update .DE domains must contain SOA values in the following ranges:
 
SOA-Record Value
serial recommended format YYYYMMDDnn
refresh [10000 ... 86400]
retry [1800 ... 28800]
expire [604800 ... 3600000]

ttl 

[180 ... 345600]

If you are not sure, if your nameservers are compliant with DENIC requirements, or get an error related to nameservice, please check your nameservers at https://nast.denic.de/

.DK-Domains

The process of changing the nameserver for .dk domains is specifically regulated by DK Hostmaster. To modify the nameserver associated with a .dk domain, it is mandatory to go through DK Hostmaster's designated platform at:

https://self-service.dk-hostmaster.dk/domain/change_name_server

When you navigate to the aforementioned website, you will find a user-friendly interface designed to assist domain owners in updating their nameserver information. This process ensures that only authorized individuals with the appropriate access can make modifications to the nameservers associated with .dk domains. By centralizing this function through DK Hostmaster, they maintain control and oversight over the nameserver settings for all .dk domains, helping to ensure the security, stability, and integrity of the Danish domain space.


.IT-Domains

Similar to .de domains, .it domain registry has specific requirements for nameservers.

It is crucial to verify the compliance of your custom nameservers before registering an .it domain. If your nameservers do not meet the registry requirements, the domain will be deleted within 30 days. To check the compliance of your nameservers, you can use the following link:

 https://www.nic.it/en/manage-your-it/dns-check.