Attach your network's public egress IP address to the Recursive Gateway to protect DNS query traffic from rate limiting. During high-traffic events or attacks on public DNS servers, the system prioritizes requests from attached source IPs.
Prerequisites
Before you begin, ensure that you have:
An Alibaba Cloud account with completed enterprise identity verification
Access to the network whose public egress IPv4 address you want to attach (you must perform the operation from within that network)
Procedure
Go to the Alibaba Cloud DNS - Enterprise Recursive Gateway console.
Navigate to Recursive QPS Protection > Add.
In the dialog box, enter your Source IPv4 Address.
Click OK to submit.
Result
After you attach the IP address, UDP/TCP request traffic from it is attributed to your account. The system identifies your DNS query traffic and prioritizes it when intelligent rate limiting is activated.
How rate limiting protection works
Standard DNS queries use the UDP/TCP protocol without encryption. Public recursive DNS addresses such as 223.5.5.5, 223.6.6.6, 2400:3200::1, and 2400:3200:baba::1 are configured directly in the DNS settings of devices like PCs and IoT devices.
DNS query traffic from these standard connections is not associated with a user identity. The system cannot identify who sent a specific DNS request. Unusual queries, such as those from internal crawlers or randomly generated domain names, can trigger rate limiting on the public recursive DNS. This affects the stability and availability of your domain name queries.
By attaching your source network's egress IP address, you enable the system to identify and gather statistics on your DNS query traffic. In scenarios where public DNS servers are under attack, experience high traffic levels, or other events trigger intelligent rate limiting for recursive DNS resolution, the system prioritizes requests from attached source IPs to ensure they are not affected by rate limiting.
Usage notes
The Bind Enterprise Public Egress IP Address feature is available only to enterprise users who have verified their identity. You can only attach the source IPv4 address of the Internet egress for your current network. To attach and authenticate the IP address, you must perform the operation from within that network.
Personal and home users typically access popular domains. Because many users on the Internet request these domains, their records are often stored in the DNS cache. Public DNS servers usually do not rate-limit requests for popular domains. Therefore, personal and home users can use the service without attaching an IP address.
Billing
After you attach the IP address, DNS query traffic identified from the attached source IP is billable. The product provides a free monthly resource plan of 20 million UDP/TCP requests, equivalent to 10 million HTTP requests. For more information, see Product Billing.