:Blacklist and whitelist

Rules

Domain Name System (DNS) requests are first checked against the whitelist. If the whitelist is empty, the check is passed by default. If the whitelist is not empty, only domain names in the whitelist can pass the check. Then, the requests are checked against the blacklist. Domain names in the blacklist are blocked and rejected for resolution. Domain names that are not in the blacklist are resolved as expected.

1. If both the whitelist and blacklist are empty, all domain names can be resolved as expected by default.

2. If only the whitelist is configured, only domain names in the whitelist can be resolved as expected.

3. If only the blacklist is configured, only the domain names that are not in the blacklist can be resolved as expected.

4. If both the whitelist and blacklist are configured, the domain names that are not added to the whitelist are rejected for resolution, and the domain names that are added to both the whitelist and blacklist are also rejected for resolution. Only the domain names that are added to the whitelist can be resolved as expected.

Procedure

This section describes how to add domain names to the whitelist. You can add domain names to the blacklist by following almost the same procedure.

1. Log on to the Alibaba Cloud DNS console.

2. In the left-side navigation pane, click Recursive Resolution (Public DNS). Then, click the Blacklist/Whitelist tab.

3. Click the Whitelist tab. On the Whitelist tab, click Add Domain Name. In the Add Domain Name dialog box, enter the domain names that you want to add. Then, click OK.

   Note

   • If you add a specific domain name to the whitelist or blacklist, the blacklist rule or the whitelist rule takes effect only on the domain name. If you want the rule to take effect on all subdomain names of the domain name, select Zone (Include All Subdomain Names) for the Type parameter.

   • You can enter up to 50 domain names or zones at a time. All subdomain names of the entered zones are also added to the whitelist or the blacklist. The types of domain names added at a time must be the same.

   • You can add up to 100 entries to the whitelist or the blacklist. A domain name is counted as one entry regardless of whether the domain name contains subdomain names.

4. After you add domain names to the whitelist, the domain names are in the Disable state. You can click Enable in the Actions column that corresponds to the domain names to enable the domain names.

   Warning

   • After domain names are enabled, the blacklist or the whitelist takes effect. Proceed with caution.

   • If you use DoH to access Public DNS and aliyun.com is not added to the whitelist or aliyun.com is added to the blacklist, you cannot log on to the Alibaba Cloud DNS console by using the browser that uses DoH. You can disable DoH on the browser and then log on to the Alibaba Cloud DNS console to modify the settings of the blacklist or the whitelist.

   • If you use an SDK to access Public DNS, the blacklist and whitelist policies are obtained when you initiate the SDK. This efficiently reduces the number of DNS requests sent to Public DNS and reduces fees.

   • If you use DoH to access Public DNS, the blacklist and whitelist policies take effect in Public DNS. In this case, DNS requests initiated by the client are already delivered to Public DNS and the number of DNS requests over DoH is counted. The fees cannot be reduced.

Batch operation

You can click the Batch Disable, Batch Enable, and Batch Delete buttons to manage multiple domain names at a time in the blacklist or the whitelist. You can search for a domain name by using fuzzy match.