All Products
Search

This Product

    Alibaba Cloud DNS:JSON API for DoH

    Document Center

    Alibaba Cloud DNS:JSON API for DoH

    Last Updated:Feb 27, 2024

    You can use the URLs described in the following section to call the JSON API for DNS over HTTPS (DoH). Both Transport Layer Security (TLS) and non-TLS API operations are provided.

    • https://223.5.5.5/resolve?name=Domain name&type=Record type&uid=Account ID&ak=AccessKey ID&key=****&ts=Timestamp

    • http://223.5.5.5/resolve?name=Domain name&type=Record type&uid=Account ID&ak=AccessKey ID&key=****&ts=Timestamp

    • https://223.6.6.6/resolve?name=Domain name&type=Record type&uid=Account ID&ak=AccessKey ID&key=****&ts=Timestamp

    • http://223.6.6.6/resolve?name=Domain name&type=Record type&uid=Account ID&ak=AccessKey ID&key=****&ts=Timestamp

    Request parameters

    Request method: GET. The following table lists the request parameters.

    Parameter

    Type

    Description

    Example

    Required/Optional and default value

    name

    string

    The domain name in the request.

    name=www.taobao.com

    Required. No default value is available.

    type

    integer

    The request type.

    type=1

    Optional. Default value: 1.

    edns_client_subnet

    IP

    EDNS Client Subnet (ECS) IP address

    edns_client_subnet=1.2.XX.XX/24

    Used by the Domain Name System (DNS) proxy. This parameter does not apply to regular clients.

    short

    boolean

    short=true, short=1

    Optional. The short mode is disabled by default.

    uid

    string

    The account ID displayed in the Alibaba Cloud DNS console.

    uid=9**9

    Required. No default value is available.

    ak

    string

    The AccessKey ID displayed in the Alibaba Cloud DNS console.

    ak=test

    Required. No default value is available.

    ts

    string

    The timestamp.

    ts=1614927253

    This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.

    Required. No default value is available.

    key

    string

    The hash string for authentication.

    key=fb321ab77496a89c04de0a1e979bfee4b4678a0dcd57f4da1da83****490f64b

    The signature generated by using the AccessKey secret.

    Required. No default value is available.

    did

    string

    The ID of the device.

    did=afck0100

    Optional.

    edns_client_subnet parameter

    The edns_client_subnet parameter is designed to support ECS that is specified in the RFC 7871 specifications. ECS is a DNS extension that forwards the subnet information about users to authoritative DNS servers to improve the accuracy of DNS resolution and traffic scheduling. A long mask provides more accurate address information, but a short mask better protects user privacy. We recommend that you use /24 as the mask length.

    Note

    This parameter is designed for scenarios in which the DNS proxy uses the JSON API for DoH. After the DNS proxy receives DNS queries from a user, it uses the edns_client_subnet parameter to pass the subnet information about the user to Alibaba Cloud Public DNS. Then, Alibaba Cloud Public DNS passes the subnet information to an authoritative DNS server.

    For example, if the value of edns_client_subnet is 1.2.XX.XX/24, the authoritative DNS server selects a DNS route for the user based on the prefix of 1.2.XX.XX/24.

    Values of the type parameter

    Record type

    ID

    Description

    Example (taobao.com and www.taobao.com used in the example)

    A

    1

    An IPv4 record that maps a domain name to an IPv4 address.

    101.37.XX.XX

    NS

    2

    A name server record.

    ns1.taobao.com

    CNAME

    5

    An alias record that associates a domain name with another domain name.

    www.taobao.com.danuoyi.tbcache.com

    SOA

    6

    A Start of Authority (SOA) record that contains administrative information about a zone.

    ns4.taobao.com. hostmaster.alibabadns.com. 2018011109 3600 1200 3600 360

    TXT

    16

    A TXT record.

    "v=spf1 include:spf1.staff.mail.aliyun.com -all"

    AAAA

    28

    An IPv6 record that maps a domain name to an IPv6 address.

    240e:e1:fxx0:1:3::xxx

    Algorithm used for generating the key parameter for authentication

    key = sha256(uid+userKey+ts+qname+ak)

Note: The plus sign (+) indicates that the strings are concatenated.

    In the preceding code, the value of the uid parameter is a string that is converted from a number. For example, if the ID of the user is 9**9, set the value of the uid parameter to 9**9 as a string. The value of the userkey parameter is the AccessKey secret that is obtained on the Public DNS page of the Alibaba Cloud DNS console. The value of the ts parameter is also a string that is converted from a number. The value of the qname parameter is the domain name that the user wants to resolve. The value of the ak parameter is the AccessKey ID that is obtained on the Public DNS page of the Alibaba Cloud DNS console.

    Key generation sample

    Note

    Example:

    uid=9999 (uid is the value of AccountID displayed on the Alibaba Cloud DNS console instead of the Alibaba Cloud account ID.)

    userkey=12345

    ak=test

    qname=aliyun.com

    ts=1614927253 (2021-03-15 11:04:22)

    key=sha256(10001123451614927253aliyun.comtest)

    =>

    key=fb321ab77496a89c04de0a1e979bfee4b4678a0dcd57f4da1da83644a490f64b

    Sample request

    Sample response

    {
    "Status":0,  
    "TC":false,
    "RD":true,
    "RA":true,
    "AD":false,
    "CD":false,
    "Question": {       // The request segment.
        "name":"www.taobao.com.",
        "type":1
    },
    "Answer": [         // The response segment.
        {
            "name":"www.taobao.com.",
            "TTL":45,
            "type":5,
            "data":"www.taobao.com.danuoyi.tbcache.com."
        },
        {
            "name":"www.taobao.com.danuoyi.tbcache.com.",
            "TTL":45,
            "type":1,
            "data":"47.246.XX.XX"
        },
        {
            "name":"www.taobao.com.danuoyi.tbcache.com.",
            "TTL":45,
            "type":1,
            "data":"47.246.XX.XX"
        }
    ]
    // The Authority segment. Data in this segment must be consistent with data in the Answer segment. 
    // The Additional segment. Data in this segment must be consistent with data in the Answer segment.
    //Optional. The edns_client_subnet parameter can be set to 1.2.XX.XX/24.  
}

    The following table describes the parameters in the response.

    Parameter

    Description

    Example

    Status

    RCODE of the DNS packet header.

    0: noerror

    1: formerr

    2: servfail

    3: nxdomain

    TC

    TrunCation (TC) of the DNS packet header. This parameter specifies whether the packet can be truncated.

    false (This value is used in most cases.)

    RD

    Recursion Desired (RD) of the DNS packet header. This parameter specifies whether recursion is desired.

    true (This value is used in most cases.)

    RA

    Recursion Available (RA) of the DNS packet header. This parameter specifies whether recursion is available.

    true (This value is used in most cases.)

    AD/CD

    The identifier of the DNS packet header.

    false (This value is used in most cases.)

    Question

    The DNS request segment.

    None

    Answer

    The DNS response segment.

    None

    name

    The domain name. Both the Question and Answer segments contain the domain name.

    www.taobao.com

    type

    The request type. For more information, see Values of the type parameter.

    A, AAAA, TXT, CNAME, NS, SOA

    TTL

    The maximum duration for which the response value is cached in the server, in seconds.

    3600

    data

    The response result, which is related to the type parameter.

    None

    Example of the response in short mode:

    For example, if the DNS record type in the request for www.taobao.com is the A record, the following request URL is used:

    https://223.5.5.5/resolve?name=domain name&type=A&uid=account ID&short=1&ak=AccessKey ID&key=****&ts=timestamp

    The following code shows the response:

    ["221.229.XX.XX","61.155.XX.XX","221.229.XX.XX"]

    If the DNS record type in the request for www.taobao.com is the canonical name (CNAME) record, the following request URL is used:

    https://223.5.5.5/resolve?name=domain name&type=CNAME&uid=account ID&short=1&ak=AccessKey ID&key=****&ts=timestamp

    The following code shows the response:

    ["www.taobao.com.danuoyi.tbcache.com."]

    Failure response:

    If the request fails, the HTTP status code is 4xx or 5xx, and the error code for debugging or error reporting is returned. The result is displayed in the JSON format.

    Failure response example:

    {
 "code":"UrlParameterError"
}

    Error codes

    Error code

    HTTP status code

    Description

    UrlParameterError

    400

    The error message returned because the formats of the request parameters are invalid.

    NoPermission

    401

    The error message returned because user authentication failed.

    UrlPathError

    404

    The error message returned because the URL is invalid.

    NoResponse

    500

    The error message returned because no response was returned within a specified period of time.

    Note

    1. For more information about how to call the JSON API for DoH to use Alibaba Cloud Public DNS for DNS resolution, see Best practices for accessing Alibaba Cloud Public DNS by calling the JSON API for DoH.

    2. We recommend that you use Public DNS SDKs to access Public DNS. The SDKs contain the code for URL signing. You do not need to implement URL signing by yourself. For more information about how to use the SDKs, see SDK for Android developer guide and SDK for iOS developer guide.