All Products
Search

This Product

    Edge Security Acceleration:DNS

    Document Center

    Edge Security Acceleration:DNS

    Last Updated:Dec 05, 2024

    Alibaba Cloud Edge Security Acceleration (ESA) provides a powerful and flexible Domain Name System (DNS) service. You can select NS or CNAME to set up your domain when you add your website to ESA. After you add your website to ESA, ESA provides features such as static and dynamic content delivery, security protection, and edge computing for the website. This improves the user experience and security of your website.

    Note

    If your website receives DNS queries that exceeds the ESA protection limit, DNS resolution of your domains may be blackholed or halted.

    DNS setup

    You can select CNAME or NS to set up your domain.

    • CNAME: This setup option is suitable for large enterprises that use multiple proxy services at the same time. If you use different cloud services for your subdomains, such as api.example.com and img.example.com, and you want only some subdomains to be added to Alibaba Cloud ESA, select CNAME. In this case, your current DNS provider remains unchanged. ESA generates a CNAME for your website. You must add the CNAME record to the DNS settings of your domain at your DNS provider.

    • NS: This setup option is suitable for individual developers and small- and medium-sized enterprises. If you want to configure and proxy the DNS records of your website such as example.com on ESA, select NS. In this case, you must update the NS records of your domain with the nameservers assigned by ESA. Then, you can manage DNS records of your domain in the ESA console.

    DNS terms

    DNS

    Domain Name System (DNS) is a core Internet service that can translate domain names into IP addresses or translate IP addresses into domain names. Built on a distributed database, DNS makes it easier for people to access the Internet without the need to remember strings of machine-readable IP addresses.

    domain name hierarchy

    To accommodate the increasing number of Internet users, a hierarchical tree structure is used for naming on the Internet. Any host or router connected to the Internet has a unique name in the DNS hierarchy. This name is a domain name. A domain is a manageable division in the DNS namespace. Grammatically, each domain name is a series of labels separated with dots (.). Domains can be divided into subdomains, and subdomains can be divided into lower-level subdomains. This creates top-level domains, primary domains, and subdomains. The following figure shows the domain hierarchy.

    image

    • .com is a top-level domain.

    • aliyun.com is a root domain or a primary domain.

    • example.aliyun.com is a subdomain, or a second-level domain.

    • www.example.aliyun.com is a third-level domain.

    website

    A website has a domain name such as example.com and multiple DNS records such as A record, CNAME record, and MX record may be configured for the domain name. A website is the smallest unit for domain name management. Website settings include DNS records, TTL settings, security settings, and traffic management rules of the domain name and its subdomains.

    DNS record

    DNS records are used to map domain names to IP addresses or other associated resources. DNS record types such as A, AAAA, CNAME, TXT, MX, PTR, and SRV are supported.

    DNS server

    Multiple servers are included when you perform DNS resolution. In ESA, a DNS server is often referred to the ESA authoritative nameserver.

    TTL

    The time to live (TTL) specifies the longest period of time that a DNS record can be cached on a local DNS server. Once the TTL expires, the local DNS server deletes the record. If a user sends a request to the domain again afterward, the local DNS server makes a new recursive or iterative query.

    CNAME flattening

    CNAME flattening is a DNS resolution technology that allows you to use CNAME records at root domains such as example.com.

    In most cases, if a CNAME record is configured for a root domain, you cannot configure other types of DNS records such as A record or AAAA record for the root domain. ESA provides the CNAME flattening feature that allows you to configure other types of DNS records for a root domain name without the need to clear the CNAME record. This way, after you initiate a DNS query, the system can automatically return the final IP address without performing CNAME resolution. This greatly speeds up DNS resolution.