After you add a website to Anti-DDoS Pro, you must modify the DNS records of your website to reroute inbound traffic to the Anti-DDoS Pro instance. If you have purchased the paid edition of Alibaba Cloud DNS service for domain name resolution, you can enable NS Mode Access to automatically modify DNS records. This topic describes how to enable NS Mode Access in the Anti-DDoS Pro console.

Prerequisites

  • An Anti-DDoS Pro instance is purchased.
    Note Only Anti-DDoS Pro supports NS Mode Access. If you use Anti-DDoS Premium, we recommend that you modify the DNS records of websites. For more information, see Change DNS records to protect website services.
  • The domain name of your website is managed by the paid edition of Alibaba Cloud DNS.
  • A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
  • The back-to-origin IP addresses of the Anti-DDoS Pro or Anti-DDoS Premium instance are added to the whitelist of the origin server. If you deploy third-party security software, such as a firewall, on your origin server, add the back-to-origin IP addresses to the whitelist of the security software. For more information, see Allow back-to-origin IP addresses to access the origin server.
  • The traffic forwarding settings are in effect. Before you switch service traffic to the Anti-DDoS Pro or Anti-DDoS Premium instance, we recommend that you use your local computer to verify that the instance can forward traffic to the origin server. For more information, see Verify the forwarding configuration on your local machine.
    Warning If you switch your service traffic to the Anti-DDoS Pro or Anti-DDoS Premium instance before the forwarding settings take effect, your service may be interrupted.

Background information

After you enable NS Mode Access, Anti-DDoS Pro automatically modifies the DNS records based on the forwarding rules in the website configuration. NS Mode Access supports the following two modes:
  • Anti-DDoS: enables Anti-DDoS Pro and automatically modifies DNS records to reroute inbound traffic to the Anti-DDoS Pro instance.Anti-DDoS mode
  • Back-To-Source: disables Anti-DDoS Pro and forwards the traffic to the origin server.Back-To-Source mode

We recommend that you use the following steps to configure NS Mode Access. If the domain name of your website is managed by a third-party DNS service and cannot be migrated to Alibaba Cloud DNS, NS Mode Access is unavailable. In this case, you must manually modify the DNS records of your website. For more information, see Change DNS records to protect website services.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Mainland China.
  3. In the left-side navigation pane, choose Provisioning > Website Config.
  4. On the Website Config page, find the domain name whose DNS records you want to modify and click Configure DNS Settings in the Actions column.Configure DNS settings
  5. On the Configure DNS Settings page, find the NS Mode Access section, turn on Status, and select Anti-DDoS or Back-To-Source as the access mode.
    • If you select the Anti-DDoS mode, Anti-DDoS Pro automatically modifies the DNS records and reroutes inbound traffic to the Anti-DDoS Pro instance.
    • If you select the Back-to-Origin mode, Anti-DDoS Pro automatically modifies the DNS records and forwards inbound traffic to the origin server.
    NS Mode Access
    If you have purchased the paid edition of Alibaba Cloud DNS, you can enable this feature. If you did not purchase the paid edition of Alibaba Cloud DNS, an error message appears.
  6. Wait for the settings to take effect. You can use a third-party DNS testing platform to check whether a domain name is resolved as expected.