After you add a website to Anti-DDoS Pro or Anti-DDoS Premium, you must change the DNS records to map the domain name of the website to a CNAME that is assigned by Anti-DDoS Pro or Anti-DDoS Premium or to the IP address of an Anti-DDoS Pro or Anti-DDoS Premium instance. This way, the traffic that is destined for the website is redirected to Anti-DDoS Pro or Anti-DDoS Premium for protection. This topic describes how to change the DNS records of a website. DNS records can be CNAME or A records. In this example, the DNS resolution service is provided by the free edition of Alibaba Cloud DNS.
Prerequisites
- A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
- The back-to-origin IP addresses of the Anti-DDoS Pro or Anti-DDoS Premium instance are added to the whitelist of the origin server. If you deploy third-party security software, such as a firewall, on your origin server, add the back-to-origin IP addresses to the whitelist of the security software. For more information, see Allow back-to-origin IP addresses to access the origin server.
- The traffic forwarding settings are in effect. Before you switch service traffic to
the Anti-DDoS Pro or Anti-DDoS Premium instance, we recommend that you use your local
computer to verify that the instance can forward traffic to the origin server. For
more information, see Verify the forwarding configurations on your local computer.
Warning If you switch your service traffic to the Anti-DDoS Pro or Anti-DDoS Premium instance before the forwarding settings take effect, your service may be interrupted.
Access methods

- If you use the CNAME record, you need to change DNS records only once. If the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance changes, the instance automatically redirects traffic based on the CNAME record. If your website is associated with multiple instances, Anti-DDoS Pro or Anti-DDoS Premium automatically schedules traffic to these instances.
- If you use the A record, you must change DNS records each time the IP address of the instance changes. If your website is associated with multiple instances, you must manually schedule traffic to these instances.
We recommend that you use the CNAME record. You can use the A record only if the CNAME record is unavailable or conflicts with other DNS records.
Procedure
In the following example, your domain name is hosted on Alibaba Cloud DNS.
If you use a third-party DNS service, log on to the system of the DNS provider to change the DNS records. The following example is only for reference.
Assume that you add the domain name example.aliyundoc.com
to Anti-DDoS Pro or Anti-DDoS Premium. The following procedure describes how to change
and add DNS records in the Alibaba Cloud DNS console.
References
- Enable Sec-Traffic Manager and configure scheduling rules between Anti-DDoS Pro or Anti-DDoS Premium and protected cloud resources. These rules trigger Anti-DDoS Pro or Anti-DDoS Premium only in specific scenarios. For more information, see Overview.
- Change the public IP address of the Elastic Compute Service (ECS) instance where your origin server resides. If the IP address of your origin server is exposed, attackers may bypass Anti-DDoS Pro or Anti-DDoS Premium to attack the origin server. To protect against this type of attack, you can change the IP address of the ECS origin server in the Anti-DDoS Pro or Anti-DDoS Premium console. For more information, see Change the public IP address of an ECS origin server.