How do I determine whether my CDN configuration is applied?

The following methods can be used to verify whether your CDN configuration is applied:
  • Method 1: Run the ping or dig command followed by a CDN domain. If the CDN domain is redirected to *.*kunlun*.com, your CDN configuration is applied.
    • ping
    • dig

  • Method 2: Run the nslookup or dig command to check the basic information of CDN nodes such as IP addresses, latency, and packet loss. You can use IP check tools in the CDN console to check whether a resolved IP address is the IP address of a CDN node. If yes, your CDN configuration is applied.

  • Method 3: Obtain the response header corresponding to the CDN domain and check whether the CDN node information exists.

Does CDN support wildcard domain acceleration?

Wildcard domains indicate that you can use a wildcard (*) in a CDN domain to accelerate all its second-level domains. For example, you can set * as a CDN domain. After * is resolved to the CNAME created by CDN, all second-level domains of will be accelerated, such as
Note Third-level domains (for example, of a wildcard domain (* cannot be accelerated.
CDN supports wildcard domain acceleration. The following types of acceleration services support wildcard domain acceleration:
The following rules apply when you add wildcard domains:
  • Each CDN domain must be less than 100 bytes in length.
  • Up to third-level wildcard domains are supported, such as *
  • Similar to common domains, traffic generated by all second-level domains of a wildcard domain is billed. Traffic generated by wildcard domains is recorded in resource monitoring. A wildcard domain is billed as a CDN domain. Billing data is not provided for each second-level domain.
  • A log file is provided for a single wildcard domain at set intervals. The log file contains acceleration information for all second-level domains of the wildcard domain.
  • URLs and directories of wildcard domains are not supported when the cache is refreshed or preheated. URLs and directories of accurate domains can be refreshed.

Can I add different subdomains to multiple accounts when I add CDN domains?

When a wildcard domain such as * is not added to any account, different subdomains can be added to multiple accounts.

What are the IP addresses of the back-to-origin CDN nodes?

To prevent the origin server from being attacked, many customers expect CDN to provide the IP addresses of back-to-origin nodes and then set an IP address whitelist for the origin server. Only back-to-origin nodes can access the origin server.

However, different CDN nodes are intelligently allocated to access your origin server during the back-to-origin process each time. IP addresses of the back-to-origin CDN nodes are not fixed. Therefore, we do not recommend you set the back-to-origin policy of the origin server to a fixed IP address list. This may cause back-to-origin failure.

If you need to configure a whitelist for protection software such as dongle on the origin server, you can call the DescribeL2VipsByDomain operation to obtain IP addresses of CDN back-to-origin nodes and add them to the whitelist, so as not to affect resource retrieval.

Why is the "DOMAIN_OWNER_CONFLICT" error message reported when I add a CDN domain?

Cause: The account to which the subdomain is added is not the account to which a wildcard domain belongs.

Solution: Delete the wildcard domain or add a subdomain to the same account.

What are the differences between the origin host and the origin server?

An origin host determines which origin server requests are sent to. An origin server indicates which IP address requests are sent to. The following differences between the origin host and the origin server exist:
  • Example 1: Domain name of an origin server

    Assume that the domain of the origin server is, and the origin host is The actual back-to-origin request is sent to the IP address resolved from, which corresponds to the site on the host.

  • Example 2: IP address of an origin server

    Assume that the IP address of the origin server is, and the origin host is CDN nodes retrieve contents from the origin server whose IP address is This IP address corresponds to the site on the host.

If the problem persists, submit a ticket.

Why is my CDN domain not approved? How can I resubmit a CDN domain for approval?

If the content from your origin server is not stored on Alibaba Cloud, the content must be reviewed. The content may fail to be approved due to the following reasons:
  • The content cannot be accessed normally or the content does not include any substantive information.
  • Private game servers
  • Role-playing and card playing game servers
  • Websites where pirated software can be downloaded
  • P2P financial websites
  • Lottery websites
  • Illegal hospital and medicine websites
  • Websites related to pornography, drugs, and gambling

For more information, see Limits on domains.

The following steps describe how to view reasons for rejection and resubmit the CDN domain for approval:
  1. Log on to the CDN console.
  2. Click Domain Names to view the CDN domains that fail to be approved. Move the pointer over the icon to the right of Not Approved for a CDN domain to view the reason for rejection.
  3. Click Delete on the right of the unapproved CDN domain.
  4. Make adjustments based on the reason for rejection and submit the CDN domain again.

What is the back-to-origin policy for multiple origin servers?

CDN enables you to set multiple IP addresses and origin domains for origin servers. You can also set priorities for each origin server, including primary and secondary priorities.
  • Origin server health check: A four-layer health check is automatically conducted to test port 80 of an origin server. The heath check interval is 2.5 seconds. The origin server is marked as unavailable after three consecutive failed checks.
  • After you configure the parameters, a CDN node retrieves contents from the specified multiple origin servers in polling mode. Therefore, you must ensure that the contents from the corresponding site of each origin server are the same. Otherwise, the CDN node obtains different data.

The back-to-origin policy for multiple origin servers: 100% back-to-origin traffic is first sent to the primary origin server. After three consecutive failed checks of the primary origin server, 100% back-to-origin traffic is then sent to the secondary origin server. When a health check on an origin server is successful, the origin server is marked as available and its priority is recovered. If all origin servers have the same priority, a CDN node will retrieve contents from these origin servers in polling mode.

What is the purpose of configuring an origin host?

If the origin Web server of a CDN user is bound with another domain rather than a CDN domain, and no limit is set on the access permissions of the domain (for example, the default website can be accessed by using the server IP address), you can configure the origin host in the CDN console so that CDN service can be used when the Web server is not bound to a CDN domain.

If your Web server is bound to instead of, you only need to enter in the Origin Host dialog box.

Test and verification
  1. When you access the server by running the curl command, no website contents are returned. This indicates that a domain may be bounded to the origin server or access to the domain is limited.
  2. When you use the -H parameter to transfer the CDN domain, the website cannot be opened. This indicates that this CDN domain is not bounded to the origin server.
  3. When you use the -H parameter to transfer the CDN domain, the website can be opened. This indicates that this CDN domain is not bounded to the origin server. Set the origin host to in the CDN console. After a test, you will find that can be accessed.

How do I bind a host to a domain?

You can bind a host and specify an IP address for the domain without modifying domain resolution configurations. Compare the results before and after CDN is used.

You can perform the following steps:
  1. Open the hosts file in the C:\Windows\System32\drivers\etc directory.
  2. Enter an IP address, a space, and your domain.

    If you run the ping command, the resolved IP address is
    Note Windows domain resolution process: When you access a domain from the browser, the system tries to obtain the corresponding IP address from the DNS cache and the hosts file. If no IP address is obtained, the local DNS is used to obtain the IP address. For more information, see the relevant documentation.

For example, CDN is enabled for your domain If an error occurs when you access and you cannot modify domain resolution configurations, you can modify the local hosts file.

If access to fails after the host IP address is changed to the IP address of the origin server, an error occurs on the origin server, rather than on CDN. If can be accessed after the host IP address is changed to the IP address of the origin server, but the CDN domain cannot be accessed, you can compare these two links. If parameter filtering is enabled, the parameters behind the question mark (?) in the URL will be filtered out. For example, when you access, **=** is actually accessed. ? However, ***=** is filtered out. In this case, you only need to disable parameter filtering.