Overview
DNS cache is a Domain Name System (DNS) proxy that allows you to use the infrastructure of Alibaba Cloud DNS without DNS migration. DNS cache can help enterprises improve the DNS protection, increase DNS access speed, and support backup for DNS servers.
Benefits
Distributed denial of service (DDoS) attack mitigation: DNS cache stores DNS responses to protect your authoritative DNS servers from DDoS attacks and reduce the load on your authoritative DNS servers.
DNS access acceleration: Alibaba Cloud DNS provides global nodes. DNS cache allows you to access the nearest node and accelerates the access.
Backup for DNS servers: When an error occurs in authoritative domain names, DNS cache allows you to use the service before the cached DNS records expire. This shorter the time wasted by failures.
Cost-effectiveness: If you use an on-premises DNS, DNS cache can help you reduce bandwidth usage to save costs.
Parameters in the console
1. Cache-accelerated Domain Name
The name of the domain that you want to enable cache acceleration. Both the domain name and subdomain name are supported.
2. Origin DNS Servers
The address and port of the authoritative DNS servers. If the address of the authoritative server is ns1.alidns.com, ns1.alidns.com:53 is displayed in the Origin DNS Servers column.
3. Alibaba Cloud DNS Access Status
The status that indicates whether DNS cache is enabled for the DNS servers.
Status | Description | Solution |
Normal | The DNS servers of the domain name are changed to cache1.alidns.com and cache2.alidns.com. | N/A |
Have not used AlibabaCloudDNS | The DNS servers of the domain name are not changed to cache1.alidns.com and cache2.alidns.com. | Change the DNS servers of the domain name to cache1.alidns.com and cache2.alidns.com. |
Running exception | The DNS servers of the domain name cannot be queried. | For more information, see DNS server status. |
Limits
1. If Alibaba Cloud DNS is applied to both the primary domain name and the subdomain name, you cannot use DNS cache for the subdomain name.
Procedure of enabling DNS cache
1. Log on to the Alibaba Cloud DNS console.
2. In the left-side navigation pane, click Domain Name Resolution. On the page that appears, click the Cache-accelerated Domain Names tab.
3. Click Add Cache-accelerated Domain Name and configure a domain name with cache acceleration.
Specify the following parameters:
Accelerated Domain Name: the domain name for which you want to implement cache acceleration.
Service Instance: the instance that you want to bind. You can select an instance of the Cached DNS cache type that you have purchased. If no instance is displayed in the drop-down list, click Purchase Service Instance to buy one.
Minimum TTL Period of Back-to-origin Cached Data and Maximum TTL Period of Back-to-origin Cached Data: the minimum and maximum time-to-live (TTL) during which the DNS records of the domain name with cache acceleration are effective. Unit: seconds. Valid values: 30 to 86400.
After DNS cache is enabled, the TTL of the on-premises DNS is subject to the TTL specified when you configure DNS cache. If the service provider extends the TTL, contact the service provider to resolve the issue.
Back-to-origin DNS Query Protocol: Resolution requests are sent to authoritative servers over UDP. Only UDP is supported.
Support for EDNS Client Subnet on Origin DNS Servers: You can select this check box if your authoritative server supports the Extension mechanisms for DNS (EDNS) protocol. Assume that the on-premises DNS also supports the EDNS protocol. When the on-premises DNS sends a recursive resolution request, DNS cache will send the IP address of the client to your origin DNS server.
Origin DNS Servers: You can specify one or more origin DNS servers. The default port is 53. You can specify the actual port of the origin DNS servers.
