Moving a DNS zone to a different folder
When you create a DNS zone, it is placed in the current folder.
In Yandex Cloud, you can move a DNS zone to a different folder.
Learn more about the Yandex Cloud resource hierarchy here.
Limitations
Moving a DNS zone does not relocate its Yandex Monitoring metrics: existing metrics remain in the source folder, and new metrics will be created in the destination folder.
Moving a DNS zone
Updating a DNS zone folder
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.
-
Get a list of all DNS zones in the default folder:
yc dns zone listResult:
+----------------------+---------------------+--------------+----------------------------------------------------+ | ID | NAME | ZONE | VISIBILITY | DESCRIPTION | +----------------------+---------------------+--------------+----------------+-----------------------------------+ | aet29qhara5j******** | my-public-zone | example.com. | PUBLIC | Automatically created DNS for ... | | aet2q4fn8i8i******** | my-private-zone | internal. | PRIVATE | Automatically created DNS for ... | +----------------------+---------------------+--------------+----------------+-----------------------------------+ -
Get a list of all folders in the default cloud:
yc resource-manager folder listResult:
+----------------------+--------------------+------------------+--------+ | ID | NAME | LABELS | STATUS | +----------------------+--------------------+------------------+--------+ | b1gd129pp9ha******** | my-folder | | ACTIVE | | b1g66mft1vop******** | default | | ACTIVE | +----------------------+--------------------+------------------+--------+ -
View the description of the CLI command for moving a DNS zone:
yc dns zone move --help -
Move the DNS zone to a different folder with the following parameters:
- Set
idto the DNS zone ID, e.g.,aet29qhara5j********. - In
destination-folder-id, specify the destination folder ID, e.g.,b1g66mft1vop********.
yc dns zone move \ --id aet29qhara5j******** \ --destination-folder-id b1g66mft1vop********For more information about the
yc dns zone movecommand, see the CLI reference. - Set
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
-
Configure access permissions for the target folder. The account from the source folder you are going to use to perform the operation must have at least the
dns.editorrole for the target folder. -
In the configuration file, update the
folder_idparameter in theyandex_dns_zoneresource:resource "yandex_dns_zone" "zone1" { name = "<zone_name>" description = "<zone_description>" zone = "<domain_zone>." public = true folder_id = "<target_folder_ID>" }Where:
name: Zone name. Note that the zone name must be unique within a folder.description: Zone description.zone: Domain zone name. Note that the zone name must end with a trailing dot. You cannot create top-level domain (TLD) zones. To create a domain name with non-Latin characters, use Punycode encoding.public: Zone visibility, public or private.folder_id: ID of the folder to place the DNS zone in (by default, specified from the environment variable).
For more information about
yandex_dns_zoneproperties, see this provider guide. -
Apply the new configuration:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
-
Apply the changes:
terraform apply -
Type
yesand press Enter to confirm the changes.
Terraform will move the DNS zone to the specified destination folder without re-creating it. You can check the update using the management console.
-
Use the move REST API method for the DnsZone resource or the DnsZoneService/Move gRPC API call.
REST API example
Below is an example of a Bash script for Linux.
To use it, get authenticated with the API and install cURL.
-
Create a script file:
sudo touch <file_name> -
Open the file to write the script to:
sudo nano <file_name> -
Place the script in the file:
#!/bin/bash # Creating variables export IAM_TOKEN=`yc iam create-token` dnsZoneId='<DNS_zone_ID>' destinationFolderId='<folder_ID>' # Moving a DNS zone curl \ --request POST \ --header "Authorization: Bearer ${IAM_TOKEN}" \ --header "Content-Type: application/json" \ --data '{ "destinationFolderId": "'"${destinationFolderId}"'" }' \ "https://dns.api.cloud.yandex.net/dns/v1/zones/${dnsZoneId}:move"Where:
IAM_TOKEN: IAM token for API authentication.dnsZoneId: ID of the DNS zone to move.destinationFolderId: ID of the folder to move the DNS zone to.
-
Make the file executable:
chmod +x <file_name> -
Run the script:
./<file_name>
gRPC API example
Below is an example Bash script for calling the gRPC API using grpcurl.
-
Install
grpcurl:-
Using Bash:
curl -L https://github.com/fullstorydev/grpcurl/releases/download/v1.9.3/grpcurl_1.9.3_linux_x86_64.tar.gz | tar -xz sudo mv grpcurl /usr/local/bin/ -
Using Golang:
go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest
-
-
Create a script file:
sudo touch <file_name> -
Open the file to write the script to:
nano <file_name> -
Place the script in the file:
#!/bin/bash # Creating variables export IAM_TOKEN=$(yc iam create-token) dnsZoneId='<DNS_zone_ID>' destinationFolderId='<folder_ID>' # Moving a DNS zone grpcurl \ -d "{ \"dns_zone_id\": \"${dnsZoneId}\", \"destination_folder_id\": \"${destinationFolderId}\" }" \ -H "authorization: Bearer ${IAM_TOKEN}" \ -H "x-client-request-id: $(uuidgen)" \ dns.api.cloud.yandex.net:443 \ yandex.cloud.dns.v1.DnsZoneService/MoveWhere:
IAM_TOKEN: IAM token for API authentication.dnsZoneId: ID of the DNS zone to move.destinationFolderId: ID of the folder to move the DNS zone to.x-client-request-id: Unique request ID for tracing.
-
Make the file executable:
chmod +x <file_name> -
Run the script:
./<file_name>
This will return an operation in JSON format:
{
"id": "dns-zone-move-123456789",
"description": "Update DNS Zone",
"createdAt": "2026-02-19T09:52:35.239149422Z",
"createdBy": "aje6f5h1h2h3********",
"modifiedAt": "2026-02-19T09:52:35.239218092Z",
"done": true,
"metadata": {
"@type": "type.googleapis.com/yandex.cloud.dns.v1.MoveDnsZoneMetadata",
"dnsZoneId": "aet29qhara5j********"
},
"response": {
"@type": "type.googleapis.com/yandex.cloud.dns.v1.DnsZone",
"createdAt": "2026-02-19T07:09:53.853Z",
"folderId": "b1g66mft1vop********",
"id": "aet29qhara5j********",
"name": "my-public-zone",
"publicVisibility": {},
"zone": "example.com."
}
}
Where:
id: Unique operation ID.metadata.dnsZoneId: ID of the DNS zone to move.response: Updated DNS zone after migration.done: Operation completion status.
For a detailed method description, see the gRPC API reference.