You can connect to the Recursive Gateway and Bind Enterprise Public Egress IP Address. This improves the stability and availability of your Internet domain name queries by preventing unusual queries, such as those from internal crawlers or randomly generated domain names, from triggering rate limiting on the public recursive DNS.
Why Bind Enterprise Public Egress IP Address
Unencrypted connections primarily use the UDP/TCP protocol to initiate recursive DNS requests. You typically configure addresses such as 223.5.5.5, 223.6.6.6, 2400:3200::1, and 2400:3200:baba::1 directly in the DNS settings of devices such as PCs and IoT devices. The DNS parsing traffic from these unencrypted connections is not associated with a user identity. This means the product cannot identify the source of the DNS traffic. By attaching the source network's egress IP address, you can identify and gather statistics on the DNS parsing traffic. In scenarios where public DNS servers are under attack, experience high traffic levels, or other events trigger intelligent rate limiting for recursive DNS resolution, the system prioritizes requests from attached source IPs to ensure they are not affected by rate limiting.
Procedure
After you attach the IP address, UDP/TCP request traffic from it is attributed to your account. In extreme cases, if the system activates its intelligent DNS rate limiting policy, it prioritizes traffic from attached source IPs to ensure resolution requests are not limited. Note that DNS parsing traffic identified from the attached source IP is billable. The product provides a free monthly resource plan of 20 million UDP/TCP requests (equivalent to 10 million HTTP requests). For more information, see Product Billing.
Navigate to Recursive QPS Protection > Add.
In the dialog box that appears, enter the Source IPv4 Address.
ImportantThe Bind Enterprise Public Egress IP Address feature is available only to enterprise users who have verified their identity. You can only attach the source IPv4 address of the Internet egress for your current network. To attach and authenticate the IP address, you must perform the operation from within that network.
Personal and home users typically access hot spot domain names. Because these domain names are requested by many users on the Internet, their records are often stored in the DNS cache. Public DNS servers usually do not rate-limit requests for hot spot domain names. Therefore, personal and home users can use the service without attaching an IP address.