Currently, Anti-DDoS Pro supports CNAME and A record access modes. However, we recommend CNAME.
CNAME is a DNS alias record that can be considered as a redirection. For example, the real origin site IP address corresponding to the domain name www.abc.com is 220.127.116.11, and the corresponding CNAME is abcde12345.alicloudddos.com.
As a result, when A record is used, DNS resolves www.abc.com to its A record 18.104.22.168; when CNAME address is used, DNS resolves www.abc.com to its CNAME record abcde12345.alicloudddos.com.
You must not worry about or configure the real IP address corresponding to the CNAME address. The client auto queries the CNAME record and ultimately gets the IP address (22.214.171.124).
During the access to Anti-DDoS Pro, we suppose that the Anti-DDoS Pro IP addresses are 126.96.36.199, 188.8.131.52, and 184.108.40.206 (indicating different lines). For the same domain name, CNAME records generated in the three lines are the same. You only need to configure CNAME resolution for one line, resolving www.abc.com to the CNAME address, and Alibaba Cloud will handle the corresponding IP addresses for the CNAME record.
The point is that one CNAME record can correspond to multiple IP addresses which are changeable. The process is transparent and imperceptible to you. However, if you use A record, you must manually change the resolution configuration if you need to change the resolved IP address.
What is the advantage of CNAME access?
- CNAME access is more convenient. You only need to modify the resolution configuration once at your domain name resolution service provider (such as Alibaba cloud DNS or DNSPod) to make the change effective, with zero deployment and zero operation efforts.
- When the Anti-DDoS Pro service on a line suffers an exception, such as black hole, domain names using CNAME resolution can be automatically switched to another Anti-DDoS Pro line.
- Purchase an Anti-DDoS Pro instance.
- Log on to the Anti-DDoS Pro console, add the domain name, and then configure the forwarding rules.
- Modify the DNS resolution configuration at your DNS service provider to resolve the domain name to the CNAME record of Anti-DDoS Pro.
- Wait for DNS settings to come into effect (about a few minutes). Then the website is connected to Anti-DDoS Pro through CNAME.
- Test if the website can be accessed normally.
How is the operator line resolved at Anti-DDoS Pro CNAME resolution?
In general, China Telecom and China Unicom lines are resolved to China Telecom and China Unicom Anti-DDoS Pro services respectively, and Hong Kong line is resolved to Hong Kong Anti-DDoS Pro service.
I have configured link-specific resolution. How to configure it after CNAME access?
Under normal circumstances, you only need the CNAME resolution of one default line to replace the previous link-specific resolution. The intelligent resolution is handled by Alibaba Cloud automatically.
The CNAME address offered by Anti-DDoS Pro is capable of link-specific resolution. We can check whether the domain name corresponding to the CNAME record has been configured in China Telecom, China Unicom, or Hong Kong lines. If so, we can perform link-specific resolution in the three lines automatically.