By default, each Nuon install will get configured with a <install-id> root domain, which allows any component to create or update DNS records.

While the domain works out of the box, it can be disabled or customized to support different types of domains.

By default, both a public and private DNS zone are created.

Vendor Managed Domain

If you would like each of your installs to have a common root domain, such as installs.<your-domain>.com, you can set up a DNS zone and delegate each install’s nameservers.

First, configure your sandbox to use a custom root domain using:

terraform_version = "1.7.5"
directory = "azure-aks-byovpn"
repo      = "nuonco/sandboxes"
branch    = "main"
public_root_domain = "{{}}"

Now, when an install is provisioned it will automatically create the DNS zone named

Next, the root domain must delegate to the install’s DNS zone.

This can be done by adding NS records on the root domain.

First, find the nameservers for the public domain by inspecting the sandbox outputs:

nuon installs sandbox-outputs

Next, set up a DNS record on your root domain that delegates the install subdomain. This can be done via your provider’s console our if you are managing DNS using Terraform you can use a record similar to this:

resource "aws_route53_record" "docs" {
  zone_id = aws_route53_zone.main.zone_id
  name    = "install-id"
  type    = "NS"
  ttl     = 3600
  records = [

Customer Managed Domain

You can allow a customer to bring their own domain by using an app input. Once the install is provisioned, the customer will be responsible for delegating the DNS subdomain. Please refer to the previous section for more details on how to delegate the domain.

To offer custom install domains, add the following to your config file:


name         = "root_domain"
description  = "Root domain for install"
default      = ""
sensitive    = false
required     = true
display_name = "Root"

Next, set the sandbox root domain to the input value:

terraform_version = "1.7.5"
directory = "azure-aks-byovpn"
repo      = "nuonco/sandboxes"
branch    = "main"
public_root_domain = "{{.nuon.install.inputs.root_domain}}"

Disabling DNS Zones

You can completely disable DNS in any sandbox by adding the following to your sandbox config:

enable_private_dns = "false"
enable_public_dns  = "false"