After you add a website to Anti-DDoS Pro, you must modify the DNS records of your website to reroute inbound traffic to the Anti-DDoS Pro instance. If you have purchased the paid edition of Alibaba Cloud DNS service for domain name resolution, you can enable NS Mode Access to automatically modify DNS records. This topic describes how to enable NS Mode Access in the Anti-DDoS Pro console.

Prerequisites

  • An Anti-DDoS Pro instance is purchased.
    Note Only Anti-DDoS Pro supports NS Mode Access. If you use Anti-DDoS Premium, we recommend that you modify the DNS records of websites. For more information, see Modify DNS records to protect websites.
  • The domain name of your website is managed by the paid edition of Alibaba Cloud DNS. For more information, see Alibaba Cloud DNS product overview.
  • A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
  • The back-to-origin IP addresses of instances are added to the whitelist of the origin server. If you deploy third-party security software on your origin server, such as a firewall, add the back-to-origin IP addresses to the whitelist of the security software. For more information, see Allow back-to-origin IP addresses to access the origin server.
  • The traffic forwarding settings take effect. Before you switch service traffic to Anti-DDoS Pro or Anti-DDoS Premium, we recommend that you verify that the instances can forward inbound traffic to the origin server on your local machine. For more information, see Verify the forwarding configuration on your local machine.

Background information

After you enable NS Mode Access, Anti-DDoS Pro automatically modifies the DNS records based on the forwarding rules in the website configuration. NS Mode Access supports the following two modes:
  • Anti-DDoS: enables Anti-DDoS Pro and automatically modifies DNS records to reroute inbound traffic to the Anti-DDoS Pro instance.Anti-DDoS mode
  • Back-To-Source: disables Anti-DDoS Pro and forwards the traffic to the origin server.Back-To-Source mode

We recommend that you use the following steps to configure NS Mode Access. If the domain name of your website is managed by a third-party DNS service and cannot be migrated to Alibaba Cloud DNS, NS Mode Access is unavailable. In this case, you must manually modify the DNS records of your website. For more information, see Modify DNS records to protect websites.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Mainland China.
  3. In the left-side navigation pane, choose Provisioning > Website Config.
  4. On the Website Config page, find the domain name whose DNS records you want to modify and click Configure DNS Settings in the Actions column.Configure DNS settings
  5. On the Configure DNS Settings page, find the NS Mode Access section, turn on Status, and select Anti-DDoS or Back-To-Source as the access mode.
    • If you select the Anti-DDoS mode, Anti-DDoS Pro automatically modifies the DNS records and reroutes inbound traffic to the Anti-DDoS Pro instance.
    • If you select the Back-to-Origin mode, Anti-DDoS Pro automatically modifies the DNS records and forwards inbound traffic to the origin server.
    NS Mode Access
    If you have purchased the paid edition of Alibaba Cloud DNS, you can enable this feature. If you did not purchase the paid edition of Alibaba Cloud DNS, an error message appears.
  6. Wait for the settings to take effect. You can use a third-party DNS testing platform to check whether a domain name is resolved as expected.