All Products
Search

This Product

    Edge Security Acceleration:NS setup

    Document Center

    Edge Security Acceleration:NS setup

    Last Updated:Nov 12, 2024

    If you select NS for DNS setup when you add a website, Edge Security Acceleration (ESA) manages DNS resolution for your domain. To prevent service interruptions, you need to add all DNS records of the domain to ESA and update the nameservers to the ones assigned by ESA at your registrar. The DNS records can be imported at a time.

    Add DNS records and enable proxy

    You can upload a file to import DNS records or manually add them, and then enable proxy for your domain.

    Import DNS records at a time (recommended)

    1. Log on to the ESA console.

    2. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    3. In the left-side navigation pane, choose DNS > Records.

    4. Click Import.

    5. On the Import page, click Download Template. Then modify the downloaded template as needed. Example:

      ;Host TTL IN RecordType RecordValue

$ORIGIN example.com.

; A record
1.example.com.   600 IN  A   8.8.8.8

; AAAA record
2.example.com.   600 IN  AAAA		2400:cb00:2049:1::a29f:f9

; CNAME record
2.example.com.   600 IN  CNAME     example.com.

; MX record
4.example.com.    600 IN  MX	15 mailhost.example.com.

; TXT record
4.example.com.   600 IN  TXT	xxxxxxxxxxxxxxxxxxx

; NS record
4.example.com.    600 IN  NS	ns.example.com.

; SRV record
_sip._tcp.example.com.   600 IN  SRV	1 5 7001 srvhostname.example.com.

; CAA record
hostname.example.com.    600 IN  CAA	0 issue example.com

; CERT record
cert.example.com.	1	IN	CERT	0 0 0 VEVwQk5GWXlUR3RXVVZwc1RIcGFhMGh0UVhWUGQweFJFZENNM0JSVFROV2JVd3lWbFJOTkVSS1dnPT0=

; SMIMEA record
smimea.example.com.	1	IN	SMIMEA	12 12 12 436c6f7564666c61726520444e53

; SSHFP record
sshfp.example.com.	1	IN	SSHFP	12 12 436C6F7564666C61726520444E53

; TLSA record
tlsa.example.com.	1	IN	TLSA	12 12 12 436c6f7564666c61726520444e53

; URI record
uri.example.com.	1	IN	URI	12 12 "http://www.example.com/service"

    6. Click Select File to import the DNS records.

      Note

      After the import, A and AAAA records that correspond to the same hostname are collectively referred to as one A/AAAA record.

    7. After the records are imported, enable ESA proxy for the domain name as needed and select a business scenario. image

      Note

      • We recommend that you enable proxy for A/AAAA and CNAME records to experience acceleration and security provided by ESA.

      • Select an appropriate business scenario to further improve the acceleration performance.

    8. Click OK.

    Add DNS records manually

    1. Log on to the ESA console.

    2. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    3. In the left-side navigation pane, choose DNS > Records.

    4. Click Add Record. In the dialog box that appears, add a DNS record.

      Parameter

      Description

      Proxy Status

      Specifies whether to proxy requests of the selected record type. We recommend that you enable proxy for A/AAAA and CNAME records to benefit from acceleration and security provided by ESA. If proxy is disabled for a record, only DNS resolution is used. This means that requests do not go through ESA POPs.

      Record Type

      Supported record types are A, CNAME, MX, TXT, SRV, AAAA, NS, CAA, CERT, SMIMEA, SSHFP, TLSA, and URI, in which only A/AAAA and CNAME records can be proxied.

      Hostname

      The prefix of the subdomain. For example, if you add a subdomain named www.example.com, enter www in the Hostname field.

      Record Value

      Enter the value based on the selected record type. For example, the record value of an A record is an IP address.

      TTL

      Specifies how long resolution results are retained in the local DNS cache. We recommend that you set the parameter to Auto.

      Note

      The TTL cannot be adjusted for proxied DNS records.

    5. Click Next and select a business scenario based on your business requirements.

    6. Click OK.

    Note

    By default, when an ESA POP requests resources from the origin server, the domain name in a client request is used as the Host request header. If you configure an origin domain name that is different from the requested domain name, such as one that a CNAME record points to, you need to modify the Host request header in origin requests to ensure that desired resources are returned. For more information, see Origin host.

    Update your nameservers

    After the DNS records are added, update your nameservers to the ones assigned by ESA. Then ESA takes over all domain name resolution for your root domain.

    Obtain the nameservers assigned by ESA

    On the Overview page

    1. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    2. In the left-side navigation tree, click Overview. On the page that appears, copy the nameservers assigned to your website.

      image

    On the Records page

    1. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    2. In the left-side navigation tree, choose DNS > Records. image

    Update your nameservers at your registrar

    If you use NS setup, you need to change the nameservers of the domain to the ones assigned by ESA at your registrar. The procedure varies with different DNS providers.

    Important

    The DNS resolution service provided by ESA is different from that provided by Alibaba Cloud Domain Names. If your domain registrar is Alibaba Cloud, you also need to change nameservers to those assigned by ESA.

    If DNSSEC is configured for your domain name, go to your registrar to delete the DS record and disable DNSSEC.

    Click Verify Nameserver. After the DNS server changes take effect, ESA proxy is enabled for your website.