General

Last change on 2025-10-07 • Created on 2025-10-07 • ID: NE-EB4CB

Can I use zones across projects?

As a general rule, each project is separate from the others. This means that DNS zones, managed certificates and Load Balancers can usually only be used together within the same project.

However, if you enable the option Share zone with other projects, you can use the zone with managed certificates and Load Balancers across all projects.

In the example below, this option is enabled for example.com, and disabled for example.org.

  • For example.com, you can create a managed Let's Encrypt certificate in any project, and add this certificate to a Load Balancer within that project.

  • For example.org, you can only create a managed Let's Encrypt certificate within the project of the zone itself. Accordingly, only Load Balancers within the same project as the zone can use a managed Let's Encrypt certificate for example.org.

Project A
load-balancer
Certificates:
managed-certificate-1
managed-certificate-1

example.org www.example.org
Zones

example.org example.com
Project B
load-balancer
Certificates:
managed-certificate-2
managed-certificate-2

example.com www.example.com

Are zones moveable between projects or accounts?

Yes, you can move your zones between projects or accounts.

  • Move to another project

    Only the owner of the source project can move zones out of it. Project ownership is indicated by the little crown in the project's overview.

    To move the zone, click on the three dots in the zone list and select "Transfer to Project".

  • Move to another account

    Moving zones to another account works by moving them to a different project which is owned by the target account.

    You can follow the steps as described:

    1. The receiver needs to create a project and then invite the owner of the zone.
    2. The owner of the zone needs to move his zone into the project he was invited to. From this moment on the receiver is owner of the zone.
    3. Now the receiver can move the zone into his own private project and delete the project created for the zone exchange.

    Therefore, the target account has to invite the current owner of the resource into a project and give the current account member permissions (or a higher level of permissions).

Why is my DNS zone scheduled for deletion?

You may have received one or more emails with the subject line:

Your DNS zone example.com has an incorrect delegation and will soon be deleted.

This indicates that your domain is not currently pointing to Hetzner’s name servers. As a result, the zone is unused, and any settings configured in the Hetzner Console have no effect.

To resolve this issue, please ensure that you are using a supported name server configuration and that your domain is delegated to Hetzner’s name servers. In the “Name servers” tab of the Hetzner Console, you can find the correct name server addresses to configure with your domain registrar (see Updating name servers of external domains).

If your zone remains incorrectly delegated, you will receive several reminder emails. Zones that are not properly delegated to Hetzner’s name servers for more than 28 days will be automatically deleted.

Which software can I use to operate my own DNS server?

The most well-known software for UNIX-based systems is probably BIND (Berkeley Internet Name Domain). Two lesser-known ones are NSD (Name Server Daemon) and djbdns (D. J. Bernstein DNS), for example.

Windows offers integrated Microsoft DNS servers in their server variants for Windows systems, or, at an additional cost, Simple DNS.

There is another alternative which is free-of-charge and and which you can run on current UNIX systems and OS X: PowerDNS. Unlike most other DNS daemons, PowerDNS uses a database system, in order to access the zone. (MySQL, PostgreSQL and Oracle are supported.) Zones are instantly updated without restarting PowerDNS. Supermaster/Slave support makes it easier to administer a large number of zones from another server.

Table of Contents