All Products
Search

This Product

    Anti-DDoS:Use the CNAME reuse feature

    Document Center

    Anti-DDoS:Use the CNAME reuse feature

    Last Updated:Mar 31, 2026

    When multiple domain names on the same origin server need DDoS protection, adding each domain name separately is time-consuming and operationally expensive. CNAME reuse solves this: add one domain name to Anti-DDoS Proxy (Outside Chinese Mainland), then point all other domain names on that server to the single CNAME that Anti-DDoS Proxy assigns. Traffic from every mapped domain name flows through Anti-DDoS Proxy (Outside Chinese Mainland) without additional per-domain configuration.

    Use cases

    • Large-scale domain management: Agents, independent software vendors (ISVs), or distributors managing a large number of domain names on the same server, where the number of domain names changes frequently.

    • Multi-domain SEO campaigns: Multiple second-level domain names required for promotion and search engine optimization (SEO) of the same service.

    • Domain name redundancy: Multiple alternative domain names required for a service.

    Supported product

    Only Anti-DDoS Proxy (Outside Chinese Mainland) supports CNAME reuse. Anti-DDoS Proxy (Chinese Mainland) does not support this feature.

    Limits

    ConstraintDetails
    ProtocolHTTP and HTTPS are supported.
    SSL certificate sharingIf domain names are added using HTTPS, all domain names mapped to the same CNAME share an SSL certificate after CNAME reuse is enabled.
    Origin serverAll domain names mapped to the same CNAME must be hosted on the same origin server.

    Enable CNAME reuse

    CNAME reuse works with or without Sec-Traffic Manager:

    • Without Sec-Traffic Manager: The CNAME assigned by Anti-DDoS Proxy (Outside Chinese Mainland) is reused.

    • With Sec-Traffic Manager: Select a general interaction rule. The CNAME configured in that rule is reused.

    The following example uses an origin server with two IP addresses (192.10.XX.XX and 192.11.XX.XX). IP address 192.10.XX.XX hosts three domain names: a.example, b.example, and c.example. The steps show how to add these three domain names to an Anti-DDoS Proxy (Outside Chinese Mainland) instance using CNAME reuse.

    Step 1: Add a domain name and enable CNAME reuse

    1. Log on to the Anti-DDoS Proxy (Outside Chinese Mainland) console.

    2. In the top navigation bar, select Outside Chinese Mainland.

    3. In the left-side navigation pane, choose Provisioning > Website Config.

    4. Add a website and enable CNAME reuse, or enable CNAME reuse for an existing domain name. For more information, see Add one or more websites. In this example, set Origin IP Address to 192.10.XX.XX. Set Websites to a.example, b.example, or c.example.

      网站配置,CnameReuse

    Step 2: Select a traffic scheduling option and update DNS records

    In the Select Traffic Scheduling Rule dialog box, choose whether to use Sec-Traffic Manager.

    Without Sec-Traffic Manager

    1. Enable CNAME reuse without Sec-Traffic Manager and click OK.

      不使用流量调度器

    2. After the domain name is added, record the CNAME assigned to it.

    3. In your DNS provider console, update the DNS records for all domain names hosted on 192.10.XX.XX (a.example, b.example, and c.example). Create a CNAME record and set its value to the CNAME you recorded.

    With Sec-Traffic Manager

    1. Enable CNAME reuse with Sec-Traffic Manager and click OK. The Sec-Traffic Manager rule must be associated with both the origin server IP address (192.10.XX.XX in this example) and the Anti-DDoS Proxy (Outside Chinese Mainland) instance IP address used in the website configuration. If no rules are available, click Create Sec-Traffic Manager Rule to create one, then apply it.

      Important

      The Anti-DDoS Proxy (Outside Chinese Mainland) instance IP address in the Sec-Traffic Manager rule must match the IP address used in the website configuration.

      使用流量调度器

      流量调度器规则

    2. After selecting a Sec-Traffic Manager rule, record the CNAME of the rule.

      防护规则cname

    3. In your DNS provider console, update the DNS records for all domain names hosted on 192.10.XX.XX (a.example, b.example, and c.example). Create a CNAME record and set its value to the CNAME you recorded.

    Step 3 (Optional): Add domain names on another IP address

    To protect domain names hosted on the other origin server IP address (192.11.XX.XX), repeat Step 1 and Step 2 for those domain names.

    Disable CNAME reuse

    Warning

    Before disabling CNAME reuse, make sure that traffic from all domain names mapped to the CNAME is no longer routed to your Anti-DDoS Proxy (Outside Chinese Mainland) instance. If traffic is still routed to the instance when you disable CNAME reuse, inbound traffic cannot be forwarded to the origin server.

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select Outside Chinese Mainland.

    3. In the left-side navigation pane, choose Provisioning > Website Config.

    4. Find the domain name, click Edit in the Actions column, and disable CNAME Reuse.

    5. Choose whether to retain the website configuration or the Sec-Traffic Manager rule:

      • Retain the website configuration: Traffic forwarding rules remain in effect.

      • Retain the Sec-Traffic Manager rule: Sec-Traffic Manager remains in effect.

    What's next