After you add a website to Anti-DDoS Pro or Anti-DDoS Premium, you must modify the DNS records of the website to reroute the inbound traffic of the website to an Anti-DDoS Pro or Anti-DDoS Premium instance. This topic describes how to modify the DNS records of a website. DNS records can be CNAME records or the A records. In this example, the DNS resolution service is provided by Alibaba Cloud DNS.

Prerequisites

  • A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
  • The back-to-origin IP addresses of instances are added to the whitelist of the origin server. If you deploy third-party security software on your origin server, such as a firewall, add the back-to-origin IP addresses to the whitelist of the security software. For more information, see Allow back-to-origin IP addresses to access the origin server.
  • The traffic forwarding settings take effect. Before you switch service traffic to Anti-DDoS Pro or Anti-DDoS Premium, we recommend that you verify that the instances can forward inbound traffic to the origin server on your local machine. For more information, see Verify the forwarding configuration on your local machine.

Select a DNS record type

When you modify the DNS records of your website, you can choose to modify the CNAME or A record to reroute network traffic to the CNAME record or IP address of an associated instance.
Note You can query the CNAME record and IP address of an associated instance on the Website Config page.
CNAME record and IP address of an instance
  • If you choose to use the CNAME record, you can modify DNS records just for once. If the IP address of the instance changes, Anti-DDoS Pro or Anti-DDoS Premium automatically reroutes traffic based on the CNAME record. If your website is associated with multiple instances, Anti-DDoS Pro or Anti-DDoS Premium automatically schedules traffic and reroutes it to the IP addresses of the instances.
  • If you choose to use the A record, you must modify DNS records each time the IP address of the instance changes. If your website is associated with multiple instances, you must manually schedule traffic and reroute traffic to the IP addresses of the instances.

We recommend that you use the CNAME record in most cases and use the A record only if the CNAME record is unavailable or conflicts with other DNS records.

Procedure

In the following example, the domain name is managed by Alibaba Cloud DNS.

Note Alibaba Cloud DNS provides basic DNS services for free and offers other value-added services in the paid edition. If you activated the value-added services of Alibaba Cloud DNS in the paid edition for your website, we recommend that you enable NS Mode Access to reroute traffic to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Enable NS Mode Access to protect a website.

If you use third-party DNS services, log on to the system of the DNS provider to modify the DNS records. The following example is for reference only.

Assume that the domain name of your website associated with an instance is bgp.ddostest.com. The following procedure describes how to modify and add DNS records in the Alibaba Cloud DNS console.

  1. Log on to the Alibaba Cloud DNS console.
  2. On the Manage DNS page, find the domain name ddostest.com and click Configure in the Actions column.DNS records
  3. On the DNS Settings page, find the A record or CNAME record whose Host is bgp and click Edit in the Actions column.
    Note If you cannot find the DNS record that you want to manage in the list, you can click Add Record to add the record.
    Modify the record
  4. In the Add Record or Edit Record dialog box, select a record type and modify the record.
    • (Recommended) CNAME record: Set Type to CNAME and set Value to the CNAME record of the instance that you want to set to protect the domain name. Add Record dialog box
    • A record: Set Type to A and set Value to the IP address of the instance that you want to set to protect the domain name.A record
  5. Click OK and wait for the settings to take effect.
  6. Check whether the website can be accessed.

What to do next

After you add your website to Anti-DDoS Pro or Anti-DDoS Premium, you can perform the following operations:
  • Enable Sec-Traffic Manager and configure scheduling rules between Anti-DDoS Pro or Anti-DDoS Premium and protected cloud resources. These rules trigger Anti-DDoS Pro or Anti-DDoS Premium in specific scenarios only. For more information, see Sec-Traffic Manager.
  • Change the public IP address of the Elastic Compute Service (ECS) origin server. If the IP address of your origin server is exposed, attackers may bypass Anti-DDoS Pro or Anti-DDoS Premium to attack the origin server. To prevent this, you can change the IP address of an ECS origin server in the Anti-DDoS Pro or Anti-DDoS Premium console. For more information, see Change the public IP address of an ECS origin server.