CNAME reuse

Updated at:
Copy as MD

If you host multiple domains on a single server and need to add them to Anti-DDoS Proxy (Outside Chinese Mainland), you can enable CNAME reuse. After this feature is enabled, you only need to configure one domain in Anti-DDoS Proxy. You can then point the DNS records of the other domains to the CNAME address provided by Anti-DDoS Proxy, without adding them individually. This allows Anti-DDoS Proxy to forward traffic for all of your domain names. This topic explains how to enable and use CNAME reuse.

How it works

With CNAME reuse enabled, you point the DNS records of multiple domains to the single CNAME address provided by Anti-DDoS Proxy. This eliminates the need to create a separate configuration for each domain.

Limitations

Only Anti-DDoS Proxy (Outside Chinese Mainland) supports CNAME reuse. This feature is not available for Anti-DDoS Proxy (Chinese Mainland).

Use cases

CNAME reuse helps you avoid creating duplicate configurations for multiple domains in the following scenarios:

  • Scenario 1: You are a reseller, an independent software vendor (ISV), or a distributor managing a large, frequently changing number of domains hosted on the same origin server and requiring DDoS protection.

  • Scenario 2: Your business uses multiple second-level domain names for marketing or search engine optimization (SEO).

  • Scenario 3: Your business uses multiple backup domains.

Usage restrictions

CNAME reuse has the following restrictions.

Restriction

Description

Protocol type

HTTP and HTTPS protocols are supported.

Note

If you add domains by using the HTTPS protocol, all domains that reuse the same CNAME address share a single SSL certificate.

Origin server

All domains that share a CNAME address must use the same origin server.

Enable CNAME reuse

You can use CNAME reuse with Sec-Traffic Manager. When you enable CNAME reuse, you can choose whether to use Sec-Traffic Manager. For more information about Sec-Traffic Manager, see Overview of Sec-Traffic Manager.

  • If you use it with Sec-Traffic Manager, you must associate a corresponding general interaction rule. The CNAME address of the interaction rule is then reused for the DNS resolution of your domain names.

  • If you do not use Sec-Traffic Manager, the CNAME address from the Website Config in Anti-DDoS Proxy is reused for DNS resolution.

This guide uses the following example scenario:

  • The origin server has two IP addresses: 192.10.XX.XX and 192.11.XX.XX.

  • Three domains are hosted on the origin server at 192.10.XX.XX: a.example, b.example, and c.example.

Follow these steps to add multiple domains (a.example, b.example, and c.example) from a single origin server IP address (192.10.XX.XX) to Anti-DDoS Proxy (Outside Chinese Mainland) by using CNAME reuse.

  1. Enable CNAME reuse in the Website Config settings.

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select the Outside Chinese Mainland region.

    3. In the navigation pane on the left, choose Onboarding > Website Config.

    4. Add or edit a website configuration, and turn on the CNAME Reuse switch. For more information about how to add a website configuration, see Add a website.

      Example: Set Origin IP Address to 192.10.XX.XX and Websites to a.example (or b.example, or c.example).

      In the Instance field, select your purchased Anti-DDoS Proxy instance, such as ddosDip. For Feature Plan, select Standard Function. For Protocol Type, select both HTTP and HTTPS. Keep the default Server Port settings (HTTP 80 and HTTPS 443), and confirm that the CNAME Reuse switch is turned on.

  2. Choose a traffic scheduling option and update the CNAME record for your domains.

    When you enable CNAME reuse, you must choose whether to use Sec-Traffic Manager. Follow the appropriate steps below:

    • Without Sec-Traffic Manager

      1. In the Enable CNAME Reuse with Sec-Traffic Manager dialog box, select Enable CNAME Reuse Without Sec-Traffic Manager and click OK.

      2. After the website configuration is added, copy the CNAME address.

      3. At your DNS provider, create a CNAME record for each domain (a.example, b.example, and c.example) that points to the CNAME address you copied.

    • With Sec-Traffic Manager

      1. In the Enable CNAME Reuse with Sec-Traffic Manager dialog box, select Enable CNAME Reuse with Sec-Traffic Manager, choose a traffic scheduling rule, and then click OK.

        The Sec-Traffic Manager rule must be associated with both the origin server IP address (192.10.XX.XX) and the Anti-DDoS Proxy IP used in the Website Config. If no rule is available, click Create Traffic Scheduling Rule to create one (as shown in the example below), and then apply the rule.

        Important

        The Anti-DDoS Proxy IP in the interaction rule must be the same as the one associated with the Anti-DDoS Proxy instance in the Website Config.

        In the Add Rule dialog box, set Interaction Scenario to Cloud Service Interaction. Enter a Rule Name, such as CNAMEReuse_Example. For Anti-DDoS Proxy IP, select the instance associated with your Website Config. For Associated Resource, select Cloud Asset IP and add your origin server IP address. Set Switch-back Time to 60 minutes.

      2. After you select the traffic scheduling rule, copy its CNAME address.

      3. At your DNS provider, create a CNAME record for each domain (a.example, b.example, and c.example) that points to the rule's CNAME address you copied.

  3. Optional: To protect domains hosted on a different origin server (for example, 192.11.XX.XX), repeat Step 1 and Step 2.

Disable CNAME reuse

If you no longer need to use CNAME reuse, you can turn off the CNAME Reuse switch in the Website Config.

Warning

Before you disable CNAME reuse, update your DNS records to ensure no domains point to the Anti-DDoS Proxy CNAME address. If you disable the feature while domains still point to the CNAME address, traffic to your websites will be disrupted.

  1. Log on to the Anti-DDoS Proxy console.

  2. In the top navigation bar, select the Outside Chinese Mainland region.

  3. In the left-side navigation pane, choose Onboarding > Website Config.

  4. Edit the existing website configuration and disable Cname Reuse.

  5. Decide whether to keep the Website Config and the traffic scheduling rule:

    • If you keep the Website Config, its forwarding logic remains in effect.

    • If you keep the traffic scheduling rule, Sec-Traffic Manager remains in effect.