edit-icon download-icon

Website service provisioning with CNAME

Last Updated: Oct 18, 2018

Currently, Anti-DDoS Pro supports CNAME and A record access modes. However, we recommend CNAME.

What is CNAME

CNAME is a DNS alias record that can be considered as a redirection. For example, the real origin site IP address corresponding to the domain name www.abc.com is 1.1.1.1, and the corresponding CNAME is abcde12345.alicloudddos.com.

As a result, when A record is used, DNS resolves www.abc.com to its A record 1.1.1.1; when CNAME address is used, DNS resolves www.abc.com to its CNAME record abcde12345.alicloudddos.com.

You must not worry about or configure the real IP address corresponding to the CNAME address. The client auto queries the CNAME record and ultimately gets the IP address (1.1.1.1).

During the access to Anti-DDoS Pro, we suppose that the Anti-DDoS Pro IP addresses are 2.2.2.2, 3.3.3.3, and 4.4.4.4 (indicating different lines). For the same domain name, CNAME records generated in the three lines are the same. You only need to configure CNAME resolution for one line, resolving www.abc.com to the CNAME address, and Alibaba Cloud will handle the corresponding IP addresses for the CNAME record.

The point is that one CNAME record can correspond to multiple IP addresses which are changeable. The process is transparent and imperceptible to you. However, if you use A record, you must manually change the resolution configuration if you need to change the resolved IP address.

What is the advantage of CNAME access

CNAME access is more convenient. You only need to modify the resolution configuration once at your domain name resolution service provider (such as Alibaba cloud DNS or DNSPod) to make the change effective, with zero deployment and zero operation efforts.

When the Anti-DDoS Pro service on a line suffers an exception, such as black hole, domain names using CNAME resolution can be automatically switched to another Anti-DDoS Pro line.

Procedure

Follow these steps to access Anti-DDoS Pro through CNAME:

  1. Purchase an Anti-DDoS Pro instance.

  2. Log on to the Anti-DDoS Pro console, add the domain name, and then configure the forwarding rules.

    CNAME access

  3. Modify the DNS resolution configuration at your DNS service provider to resolve the domain name to the CNAME record of Anti-DDoS Pro.

  4. Wait for DNS settings to come into effect (about a few minutes). Then the website is connected to Anti-DDoS Pro through CNAME.

  5. Test if the website can be accessed normally.

How is the operator line resolved at Anti-DDoS Pro CNAME resolution?

In general, China Telecom and China Unicom lines are resolved to China Telecom and China Unicom Anti-DDoS Pro services respectively, and Hong Kong line is resolved to Hong Kong Anti-DDoS Pro service.

Under normal circumstances, you only need the CNAME resolution of one default line to replace the previous link-specific resolution. The intelligent resolution is handled by Alibaba Cloud automatically.

The CNAME address offered by Anti-DDoS Pro is capable of link-specific resolution. We can check whether the domain name corresponding to the CNAME record has been configured in China Telecom, China Unicom, or Hong Kong lines. If so, we can perform link-specific resolution in the three lines automatically.

Thank you! We've received your feedback.