All Products
Search

This Product

    Alibaba Cloud DNS:Solutions to inaccurate intelligent DNS resolution

    Document Center

    Alibaba Cloud DNS:Solutions to inaccurate intelligent DNS resolution

    Last Updated:Apr 08, 2024

    Overview

    The solutions described in this topic are applied to domain names that are resolved by using Alibaba Cloud DNS. If your domain names are hosted by the Domain Name System (DNS) servers of other vendors, contact the vendors for specific solutions. If you use domain names that are hosted by the DNS servers of Alibaba Cloud DNS, you can use the following methods to troubleshoot issues when you encounter inaccurate intelligent DNS resolution:

    Note

    If you do not know whether your domain name is hosted by the DNS servers of Alibaba Cloud DNS, you can check it in the Alibaba Cloud DNS console. For more information, see the Query the DNS servers assigned by Alibaba Cloud DNS section of the Manage DNS servers assigned by Alibaba Cloud DNS topic.

    1. View the egress IP addresses of the local DNS server

    Intelligent DNS resolution of Alibaba Cloud DNS is implemented based on the egress IP addresses of the local DNS servers used by clients instead of the IP addresses of these clients. The clients include mobile phones, personal computers (PCs), and Internet of Things (IoT) devices. You can obtain the egress IP addresses of the local DNS server used by a client by using one of the following methods:

    • Contact the administrator of the network in which the client is located.

    • Run the dig +short TXT whoami.ds.akahelp.net command in a Linux operating system or the nslookup -q=txt whoami.ds.akahelp.net command in a Windows operating system several times.

    Important

    After you run the command in the Linux operating system, you may obtain the following parameters:

    $ dig +short TXT whoami.ds.akahelp.net ok at 11:20:47#Run the command in the Linux operating system. 
"ns" "123.126.xx.xx" #ns indicates the egress IP address of the local DNS server used by the client, which may be an IPv4 address or an IPv6 address. 
"ecs" "120.52.xx.xx/32/24" #ecs indicates the client subnet in the DNS request. 
"ip" "123.126.xx.xx" #ip indicates the representative client IP address selected by the authoritative name server from the client subnet. To protect user privacy, the real IP address of the client is not carried by the local DNS server.

    Execution result of the command in the Windows operating system

    image.png

    Execution result of the command in the Linux operating system

    1702299255277_3F96CC19-CDDD-46f7-9ABD-206397980758.png

    After you obtain the egress IP addresses of the local DNS server, run the dig domain name @vip4.alidns.com +subnet=egress IP address of the local DNS server command to check whether the domain name is resolved as expected.

    Note

    Replace vip4.alidns.com with the actual name of the DNS server. For more information, see the Query the DNS servers assigned by Alibaba Cloud DNS section of the Manage DNS servers assigned by Alibaba Cloud DNS topic.

    2. Check whether the DNS record that contains a custom line takes effect

    If you want to use a custom line, you must specify a CIDR block as the DNS request source. Enter the egress CIDR block of the local DNS servers used by clients instead of the CIDR block of the clients. Otherwise, the DNS resolution line cannot be matched and only the DNS records that contain the default line are returned.

    Important

    1. A local DNS server often uses more than one egress IP addresses. To make intelligent DNS resolution more accurate, contact the administrator of the network in which the client is located to obtain the egress IP addresses of the local DNS server.

    2. If the local DNS server only has a few egress IP addresses, run the dig +short TXT whoami.ds.akahelp.net command in the Linux operating system or the nslookup -q=txt whoami.ds.akahelp.net command in the Windows operating system several times to obtain the egress IP addresses of the local DNS server.

    3. Custom lines do not support IPv6 addresses. If the egress IP addresses of local DNS servers are IPv6 addresses, the custom line will not be matched and only the DNS records that contain the default line are returned.

    3. Check whether a CNAME record that contains the default line is cached

    Prerequisites

    1. A canonical name (CNAME) record that contains the default line is added.

    2. A, AAAA, text (TXT), and mail exchanger (MX) records that contain non-default lines are added.

    Causes for inaccurate intelligent DNS resolution

    When a DNS request for a DNS record that contains a non-default line is initiated:

    1. If the DNS record is an A record and an AAAA record that contains the non-default line is added, no DNS record is returned. This does not cause inaccurate intelligent DNS resolution.

    2. If the DNS record is an AAAA record and an A record that contains the non-default line is added, no DNS record is returned. This does not cause inaccurate intelligent DNS resolution.

    3. If the DNS record is an A record and only a TXT or MX record that contains the non-default line is added, the CNAME record that contains the default line is returned and cached in the local DNS server. This causes inaccurate intelligent DNS resolution.

    4. If the DNS record is an AAAA record and only a TXT or MX record that contains a non-default line is added, the CNAME record that contains the default line is returned and cached in the local DNS server. This causes inaccurate intelligent DNS resolution.

    5. If the DNS record is an MX or TXT record and no MX or TXT record that contains the non-default line is added, the CNAME record that contains the default line is returned and cached in the local DNS server. The CNAME record has the highest priority. During the time-to-live (TTL) period of the cached CNAME record, the DNS request for the A or AAAA record that contains the non-default line still hits the cached CNAME record that contains the default line. In this case, the CNAME record is returned and inaccurate intelligent DNS resolution occurs.

    Solution

    After you add an A record and an AAAA record that contain non-default lines for a domain name, add a CNAME record for the domain name. Take the domain name dns-example.top as an example. Add an A record and an AAAA record for the domain name. When you configure the A record and the AAAA record, enter test as the hostname and select China Mobile as the DNS resolution line. This maps the domain name test.dns-example.top to an IPv4 address and an IPv6 address. Then, add a CNAME record for the domain name dns-example.top to map dns-example.top to test.dns-example.top.

    Important

    1. test.dns-example.top is used for reference only. When you configure a CNAME record, replace test.dns-example.top with an actual second-level domain name that is not added with a DNS record based on your business requirements.

    2. You must add a CNAME record after an AAAA record and an A record are added. Otherwise, the DNS resolution may be interrupted.

    Before the DNS settings are modified:

    image.png

    After the DNS settings are modified:

    image.png

    The CNAME record that contains the default line has the same priority as the CNAME record that contains a non-default line. If you initiate a DNS request for an MX record or a TXT record that contains a non-default line and no corresponding MX record or TXT record is added, no DNS record is returned. In this case, cache pollution issues do not occur.