> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tensor9.com/llms.txt
> Use this file to discover all available pages before exploring further.

# DNS and Domains

After the controller is online, you configure how users access the application.

## Domain Options

### Use Our Domain

We can provide a subdomain automatically. This is the fastest way to get started - no DNS configuration required on your end.

### Bring Your Own Domain

If you want the application available on your own domain (e.g., `app.yourcompany.com`), choose the custom domain option. You'll need:

* A domain you control
* Access to your DNS provider

## DNS Delegation

When you bring your own domain, you need to delegate it to the hosted zone that the deployment creates in your cloud account. This is a one-time step.

<Steps>
  <Step title="Choose your domain">
    During setup, enter your root domain (e.g., `app.yourcompany.com`).
  </Step>

  <Step title="Hosted zone is created">
    The controller creates a hosted zone for your domain in your cloud account. The setup interface shows you the nameservers for this hosted zone.
  </Step>

  <Step title="Add an NS record at your DNS provider">
    At whatever DNS provider currently hosts the parent domain (e.g., `yourcompany.com`), create an **NS record** for your chosen subdomain pointing to the nameservers shown in the setup interface. This delegates DNS for that subdomain to the hosted zone in your cloud account.
  </Step>

  <Step title="Automatic provisioning">
    Once delegation is in place, the controller creates all subdomain records, provisions TLS certificates, and configures any additional DNS records the application needs.
  </Step>
</Steps>

<Info>
  The NS delegation step is the only manual DNS change you need to make. Everything else - subdomain records, certificates, email configuration - is handled automatically.
</Info>

### Tips for Choosing a Domain

* **Use a separate top-level domain** - e.g., `yourcompany.co` or `yourcompany.app` instead of a subdomain of `yourcompany.com`. This prevents browser cookies from being shared between the application and your primary domain, which is a security best practice.
* **Keep it short** - subdomains are created under your root domain, and certificate Common Names have a 64-character limit.
* **If using a subdomain**, choose something distinct - e.g., `tool.yourcompany.com` to keep it separate from your primary product domain.

## DNS Providers

We support two DNS providers for managing your domain's records:

### Route 53

If your domain is managed in AWS Route 53, the system can configure DNS records automatically using your existing AWS credentials.

### Cloudflare

If your domain is managed in Cloudflare, you'll provide a Cloudflare API token with DNS edit permissions for your zone. The system uses this to create the required records.

## TLS Certificates

TLS certificates are provisioned automatically as part of DNS setup. You don't need to create, upload, or manage certificates. They are renewed automatically before expiration.