Currently, Anti-DDoS Pro supports CNAME and A record access modes. However, we recommend CNAME.
CNAME is a DNS alias record that can be considered as a redirection. For example, the real origin site IP address corresponding to the domain name
220.127.116.11, and the corresponding CNAME is
As a result, when A record is used, DNS resolves
www.abc.com to its A record
18.104.22.168; when CNAME address is used, DNS resolves
www.abc.com to its CNAME record
You must not worry about or configure the real IP address corresponding to the CNAME address. The client auto queries the CNAME record and ultimately gets the IP address (
During the access to Anti-DDoS Pro, we suppose that the Anti-DDoS Pro IP addresses are
22.214.171.124 (indicating different lines). For the same domain name, CNAME records generated in the three lines are the same. You only need to configure CNAME resolution for one line, resolving
www.abc.com to the CNAME address, and Alibaba Cloud will handle the corresponding IP addresses for the CNAME record.
The point is that one CNAME record can correspond to multiple IP addresses which are changeable. The process is transparent and imperceptible to you. However, if you use A record, you must manually change the resolution configuration if you need to change the resolved IP address.
CNAME access is more convenient. You only need to modify the resolution configuration once at your domain name resolution service provider (such as Alibaba cloud DNS or DNSPod) to make the change effective, with zero deployment and zero operation efforts.
When the Anti-DDoS Pro service on a line suffers an exception, such as black hole, domain names using CNAME resolution can be automatically switched to another Anti-DDoS Pro line.
Follow these steps to access Anti-DDoS Pro through CNAME:
Purchase an Anti-DDoS Pro instance.
Log on to the Anti-DDoS Pro console, add the domain name, and then configure the forwarding rules.
Modify the DNS resolution configuration at your DNS service provider to resolve the domain name to the CNAME record of Anti-DDoS Pro.
Wait for DNS settings to come into effect (about a few minutes). Then the website is connected to Anti-DDoS Pro through CNAME.
Test if the website can be accessed normally.
In general, China Telecom and China Unicom lines are resolved to China Telecom and China Unicom Anti-DDoS Pro services respectively, and Hong Kong line is resolved to Hong Kong Anti-DDoS Pro service.
Under normal circumstances, you only need the CNAME resolution of one default line to replace the previous link-specific resolution. The intelligent resolution is handled by Alibaba Cloud automatically.
The CNAME address offered by Anti-DDoS Pro is capable of link-specific resolution. We can check whether the domain name corresponding to the CNAME record has been configured in China Telecom, China Unicom, or Hong Kong lines. If so, we can perform link-specific resolution in the three lines automatically.