Hetzner DNS API vs Google's Cloud DNS

Managing DNS records programmatically is essential for modern infrastructure automation. Two notable options for API-driven DNS management are Hetzner's DNS API and Google Cloud DNS, both of which integrate well with infrastructure-as-code tools like Terraform. This article compares the two services in terms of features, pricing, and practical considerations for automating DNS with Terraform.

Hetzner DNS is a free DNS hosting service provided by Hetzner Online, the German hosting company. It offers a RESTful API that allows you to create, update, and delete DNS zones and records programmatically. The service supports all standard record types including A, AAAA, CNAME, MX, TXT, SRV, CAA, and NS records. Hetzner DNS is available to all Hetzner customers at no additional cost, regardless of whether you use their other hosting products. The API uses token-based authentication and returns JSON responses.

Google Cloud DNS is a managed, authoritative DNS service running on Google's global anycast network. It provides low-latency DNS resolution worldwide and integrates deeply with the broader Google Cloud Platform ecosystem. Cloud DNS supports DNSSEC for cryptographic authentication of DNS responses and offers both public and private DNS zones. Private zones are particularly useful for resolving internal hostnames within Google Cloud VPC networks. Pricing is based on the number of managed zones and the volume of DNS queries, which can add up for high-traffic domains.

When it comes to Terraform integration, both services have well-maintained providers. The Hetzner DNS Terraform provider (available as a community provider) supports managing zones and records declaratively. Google Cloud DNS has first-class support in the official Google provider for Terraform, with resources for managed zones, record sets, and DNS policies. The Google provider is generally more mature and better documented, which is expected given Google Cloud's broader adoption in enterprise environments.

A typical Terraform configuration for Hetzner DNS involves defining a zone resource and then adding record resources that reference the zone. The API token is provided through an environment variable or Terraform variable. For Google Cloud DNS, the configuration follows a similar pattern using google_dns_managed_zone and google_dns_record_set resources, authenticated through a service account with appropriate IAM permissions.

The pricing difference is significant. Hetzner DNS is entirely free, making it an attractive option for cost-conscious projects, personal domains, and small businesses. Google Cloud DNS charges per managed zone (approximately $0.20 per zone per month) plus per million queries ($0.40 for the first 25 million queries). While these costs are modest for most workloads, they accumulate when managing many zones or serving high-traffic domains.

Performance characteristics differ as well. Google Cloud DNS leverages Google's global anycast infrastructure, providing consistently low DNS resolution latency worldwide. Hetzner DNS operates from a smaller number of nameservers, primarily located in Europe. For websites and services with a predominantly European audience, Hetzner DNS performs well. For globally distributed services requiring the lowest possible DNS latency across all continents, Google Cloud DNS has an advantage. It is also worth noting that Hetzner is migrating its DNS management to a new console interface, with the legacy DNS Console being phased out in early 2026 in favor of the updated Hetzner Console with integrated DNS management.

DNSSEC support is another differentiator. Google Cloud DNS offers fully managed DNSSEC, handling key generation, rotation, and signing automatically. Hetzner DNS does not currently support DNSSEC, which may be a consideration for security-sensitive deployments that require cryptographic verification of DNS responses.

For teams already using Hetzner infrastructure, their DNS API provides a natural, cost-free way to manage DNS alongside server provisioning in Terraform. Opting for an independent European provider for a foundational service like DNS also reduces reliance on a single hyperscaler's ecosystem, keeping more of your infrastructure stack under your own control. For organizations invested in Google Cloud Platform, Cloud DNS offers deeper integration with other GCP services, including automatic DNS registration for Compute Engine instances and GKE services. The choice between them ultimately depends on your existing infrastructure, geographic requirements, budget constraints, and whether features like DNSSEC and private zones are important to your use case.

Terraform, Azure, AWS, GCP