The first time you add a domain name to the CDN console, Alibaba Cloud CDN verifies the ownership of the domain name. After the domain name passes ownership verification, lower-level domain names of the domain name can skip ownership verification when they are added to Alibaba Cloud CDN.
Method 1: Use a DNS record to verify the ownership (recommended)
The domain name image.example.com is used as an example to demonstrate how to verify the ownership of a domain name by adding a DNS record.
- On the verification page, click the Method 1: DNS Settings tab. Important Do not close the verification page before the verification process is completed. In some cases, DNS record verification may fail. If DNS record verification fails, you can use Method 2: Upload a verification file to verify the ownership.
- Add a TXT record in the system of your DNS service provider. The following example demonstrates how to add a TXT record. Alibaba Cloud DNS is used as the DNS service provider in this example. You can use similar methods to add TXT records in the systems of other DNS service providers, such as Tencent Cloud and Xinnet.
- Click Add DNS Record and enter the record type, host, and record value obtained in Step 1.
Parameter Description Example Record Type Select TXT. TXT Hostname Enter the prefix of the domain name. verification DNS Request Source Select the Internet service provider (ISP) of the domain name. We recommend that you keep the default setting. Record Value Enter the record value obtained in Step 1. verify_293b6443326fbbc7ff5e61d7768f**** TTL Period A smaller time-to-live (TTL) value indicates a shorter period of time to apply record updates. The default value is 10 minutes. We recommend that you keep the default setting.
- Click Add DNS Record and enter the record type, host, and record value obtained in Step 1.
- After the TXT record takes effect, log on to the CDN console. Click Verify to complete the verification. If the system prompts that the domain name fails the verification, check whether the TXT record is correct. Wait for the TXT record to take effect and try again.
- If you add a TXT record, it immediately takes effect. If you modify a TXT record, the time it takes for the updates to take effect is based on the TTL. The default TTL is 10 minutes.
- If your Linux operating system does not have dig installed, you can run the
yum install bind-utilscommand to install dig.
D:\example>nslookup -qt=txt verification.example.com DNS request timed out. timeout was 2 seconds. Server: Unknown Address: 10.10.10.10 DNS request timed out. timeout was 2 seconds. Non-authoritative answer: verification.example.com text = "verify_293b6443326fbbc7ff5e61d7768f****"
[rot@example ~]# dig verification.example.com txt ; << > > DiG 9.11.26-RedHat-9.11.26-3.1.al8 << > > verification.example.com txt ;; global options: +cmd ;; Got answer: ;; - > >HEADER<<- opcode: QUERY, status: NOERROR, id: 63246 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 13561416e9b77d0701000000615fb0d7304d137ea064**** (good) ;; QUESTION SECTION: ;verification.example.com. IN TXT ;; ANSWER SECTION: verification.example.com. 600 IN TXT "verify_293b6443326fbbc7ff5e61d7768f****" ;; Query time: 152 msec ;; SERVER: 100.100.100.136#53(100.100.100.136) ;; WHEN: Fri Oct 08 10:45:43 CST 2021 ;; MSG SIZE rcvd: 143
Method 2: Upload a verification file to verify the ownership
The domain name image.example.com is used in this topic to demonstrate how to verify the ownership of a domain name by uploading a verification file.
- On the verification page, click the Method 2: Verification File tab. Do not close the verification page before the verification process is completed.
- Click
verification.htmlto download the verification file of the domain name. - Upload the verification file to the root directory on the origin server of the domain name. The origin server can be an Elastic Compute Service (ECS) instance, an Object Storage Service (OSS) bucket, a Cloud Virtual Machine (CVM) instance, a Container-Optimized OS (COS) instance, or an Elastic Compute Cloud (EC2) instance.
After you upload the verification file, CDN visits the origin server at
http://example.com/verification.htmlto obtain the verification file. Then, Alibaba Cloud CDN determines whether you have uploaded the verification file as required. Make sure that the verification file is accessible. - Click Verify to complete the verification.
Method 3: Call API operations to verify the ownership
If you want to call the AddCdnDomain or BatchAddCdnDomain API operation to add a domain name to Alibaba Cloud CDN, you must first call the relevant API operation to verify the ownership.
- Use a DNS record to verify the ownership.
- Cal the DescribeVerifyContent API operation to query the record value.
- Add a TXT record in the system of your DNS service provider. For more information, see Step 2.
- Call the VerifyDomainOwner API operation to verify the ownership of a domain name. This operation verifies the ownership of one domain name at a time.
Set VerifyType to dnsCheck.
- Call the AddCdnDomain or BatchAddCdnDomain API operation to add the domain name to Alibaba Cloud CDN.
- Use a verification file to verify the ownership.
- Call the DescribeVerifyContent API operation to query the record value and acquire the verification file.
- Upload the verification file to the root directory on the origin server of the domain name. The origin server can be an ECS instance, an OSS bucket, a CVM instance, a COS instance, or an EC2 instance.
- Call the VerifyDomainOwner API operation to verify the ownership of a domain name. This operation verifies the ownership of one domain name at a time.
Set VerifyType to dnsCheck.
- Call the AddCdnDomain or BatchAddCdnDomain API operation to add the domain name to Alibaba Cloud CDN.
FAQ
- Q: Why does Alibaba Cloud CDN verify the ownership of domain names?
A: Ownership verification ensures that domain names are added to Alibaba Cloud CDN only by their owners. If a domain name that belongs to User A is added to Alibaba Cloud CDN by User B, security issues may arise.
- Q: If I have multiple Alibaba Cloud accounts and this is the first time a domain name is added to Alibaba Cloud, does Alibaba Cloud CDN verify the ownership of the domain name for each account?
A: Yes. Each Alibaba Cloud account is identified as an independent user. The first time a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN verifies the ownership of the domain name for each account (user).
- Q: If a domain name passes ownership verification after I add a DNS record or upload a verification file, can I delete the record or file?
A: Yes. The required DNS record or file is used only for ownership verification. After the domain name passes the verification, you can delete the record or file.
- Q: Do I need to prove the ownership of a domain name that has been added to CDN?
A: No. For example, you have added the domain name example.aliyundoc.com to CDN and the CNAME that is assigned to the domain name works as expected. In this case, you are deemed to own the domain name aliyundoc.com. When you add lower-level domain names of aliyundoc.com, such as **.aliyundoc.com and ***.aliyundoc.com, ownership verification is not required.
- Q: If I call the AddDomain operation to add a domain name to Alibaba Cloud CDN, do I need to prove the ownership of the domain name?
A: Yes. You must first add a DNS record or upload a verification file to the root directory of the origin server of the domain name that you want to add. Then, call the AddCdnDomain operation to add the domain name to Alibaba Cloud CDN. For more information, see Method 3: Call API operations to verify the ownership.
- Q: What do I do if I cannot prove the ownership of my domain name by adding a DNS record or uploading a verification file to the origin server?
A: You can use Alibaba Cloud Dynamic Route for CDN (DCDN). For more information, see Activate DCDN.