Anti-DDoS:Change DNS records to protect website services

Access methods

The following two access methods are supported: the CNAME record and the A record. We recommend that you use the CNAME record. You can use the A record only if the CNAME record is unavailable or conflicts with other DNS records.

• Method 1: CNAME record (recommended)

  Change the DNS records to map the domain name of a website to a CNAME that is assigned by Anti-DDoS Pro or Anti-DDoS Premium. If the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance changes, the instance automatically redirects traffic based on the CNAME record. If your website is associated with multiple instances, Anti-DDoS Pro or Anti-DDoS Premium schedules traffic to the instances.

• Method 2: A record

  Change the DNS records to map the domain name of a website to the IP address of an Anti-DDoS Pro or Anti-DDoS Premium instance. You must change DNS records each time the IP address of the instance changes. If your website is associated with multiple instances, you must manually schedule traffic to the instances.

Usage notes

The DNS records must be consistent with the CNAME that is assigned by Anti-DDoS Pro or Anti-DDoS Premium or with the IP address of an Anti-DDoS Pro or Anti-DDoS Premium instance. This way, service traffic can be forwarded as expected.

Prerequisites

• A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.

• The back-to-origin IP addresses of the Anti-DDoS Pro or Anti-DDoS Premium instance are added to the whitelist of the origin server. If you deploy third-party security software, such as a firewall, on your origin server, add the back-to-origin IP addresses to the whitelist of the security software. For more information, see Allow back-to-origin IP addresses to access the origin server.

• The traffic forwarding settings are in effect. Before you switch service traffic to the Anti-DDoS Pro or Anti-DDoS Premium instance, we recommend that you use your local computer to verify that the instance can forward traffic to the origin server. For more information, see Verify traffic forwarding settings on a local machine.

  Warning

  If you switch your service traffic to Anti-DDoS Pro or Anti-DDoS Premium before the forwarding settings take effect, your service may be interrupted.

Procedure

In the following example, a domain name is hosted on Alibaba Cloud DNS. If you use a third-party DNS resolution service, the following example is provided for reference only.

1. Log on to the Alibaba Cloud DNS console.

2. On the Domain Name Resolution page, find the domain name that you want to manage and click DNS Settings in the Actions column.

3. On the DNS Settings page, find the DNS record that you want to modify and click Modify in the Actions column.

   Note

   If you cannot find the DNS record that you want to change in the list, you can click Add DNS Record to add a record.

4. In the Modify DNS Record or Add DNS Record panel, select a record type and change the record.

   • CNAME record (recommended): Set the Record Type parameter to CNAME and the Record Value parameter to the CNAME that is assigned by Anti-DDoS Pro or Anti-DDoS Premium for the domain name.

   • A record: Set the Record Type parameter to A and the Record Value parameter to the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance with which the domain name is associated.

   Note

   To obtain the CNAME or the IP address, log on to the Anti-DDoS Pro console and choose Provisioning > Website Config.

5. Click OK and wait for the settings to take effect.

6. Check whether your website can be accessed from a browser.

   If an exception occurs during website access, see How do I handle the issues of slow response, high latency, and access failure on my service that is protected by an Anti-DDoS Pro or Anti-DDoS Premium instance?.

What to do next