Just to make sure this didn’t get lost in the thoughtful conversation, I wanted to see where you ended up with your technical needs and provide some additional context.
To start with, you need not use our DNS at all. If it’s problematic to migrate, don’t! You can use external DNS hosts that support all the features you want, as long as you configure the netlify records as described in this post: How to Set Up Netlify DNS - Custom Domains, CNAME, & Records . That is honestly my usual advice for people who aren’t DNS experts. It’s easier, and you skip some of the propagation you’d otherwise have to wait on if you transfer nameservers AND webhosting to us.
But, as @gregraven pointed out, DNS is not intended to be set by “your customers” - but instead by you. The way our DNS works, which you’ve potentially figured out now by experimentation, is as follows:
- you create a DNS Zone here for a domain.
- any hostnames within the domain, which you apply to a Netlify site after creating the zone, will have
NETLIFYtype DNS records created for you. If you created them in the opposite order (configured names on sites BEFORE creating the DNS Zone), removing and re-adding the name(s) to a site will create the appropriate records. - you configure any other DNS records within the zone to match your needs. These should be a superset of your existing production records including all things like MX (but not the Netlify records since we got them in the prior bullet)
- Finally, you update your registrar to point to us, taking care with TTL’s since there will be some delay between your change, and all of the internet seeing it. Somewhere between an hour and a day is usual here, so it’s good to pause at this step before making OTHER changes like migrating your site, since propagation is a prerequisite for us provisioning SSL certificates (and, serving your site reliably!)
We do use different nameserver lists for every domain, including one that you delete and re-add. This is to prevent attacks like these: The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean – The Hacker Blog . It’s a pretty standard feature to protect you and your traffic, though I understand it was confusing to experience without that context, but hopefully this makes sense now! TL;DR these are created and set once with zone creation. Removing and recreating the zone will create a new set of values, by design.
Good instinct too on creating the DNS Zone BEFORE migrating to Netlify!
I still don’t understand what relationship your customers are, or what you are trying to manipulate via API exactly to what purpose, so feel free to follow up in your other thread since this seems to be a good conversation on a different topic, just wanted to provide the breadcrumbs for others who ended up here, so they follow the tech conversation over to that other post.
Next steps: based on the above and your experiments, are you in a stable place for your needs? That’s my #1 goal - ensuring your understanding of, and success with, our platform.
Let me know what you think, and we’ll continue to help you as we can. But as has been pointed out, that help will not be, and is not trying to be, instant. In our help desk, and in our community, our free customers are a priority, but they are not the highest priority, so it can be days between responses, and that is normal and what we are aiming for as a business. Paying customers will continue to get answers faster, but as long as I work here (4 years and counting so far!) we’ll always be providing free help to our free customers.