The Authoritative DNS Resolution Agent service provides an efficient DNS proxy and a disaster recovery plan. This lets you connect to the Alibaba Cloud DNS infrastructure without a complex migration. This service enhances DNS security, accelerates access speed, and provides high availability and disaster recovery for your DNS services.
Benefits
DDoS caching: Caches DNS responses to protect your authoritative DNS servers from DDoS attacks and reduce their load.
DNS access acceleration: Accelerates DNS access using Alibaba Cloud's global points of presence (POPs) to serve requests from nearby locations.
DNS service backup: If your authoritative DNS server fails, the DNS cache continues to provide the service using cached data. This reduces downtime.
Saves bandwidth and reduces costs in self-hosted DNS scenarios.
Product limitations
Create Authoritative Domain Name
Switch to the Authoritative DNS Resolution Agent tab.
Click Create Authoritative Domain Name, and configure the parameters.
Parameter
Description
Authoritative Zone Name
The service domain name that requires the Authoritative DNS Resolution Agent.
Service Instance
Select and attach an instance from the list of purchased Authoritative DNS Resolution Agent instances.
NoteIf the list is empty, purchase an instance first.
Running Mode
Proxy Mode: When a DNS query is received, the service responds directly from the cache if a cached record exists. If no cached record exists, the service queries the origin server, responds with the result, and then caches the DNS record.
Minimum TTL Period of Back-to-origin Cached Data, Maximum TTL Period of Back-to-origin Cached Data
The minimum and maximum cache TTL for the DNS records of the Authoritative Zone Name. The unit is seconds. The value must be in the range of 30 to 86400.
NoteAfter you connect to the Authoritative DNS Resolution Agent service, the TTL for local DNS queries is determined by the settings in the Authoritative DNS Resolution Agent service. If a carrier forcibly extends the TTL, contact the carrier to resolve the issue.
Back-to-origin DNS Query Protocol
Sends DNS queries to the authoritative server over UDP.
NoteCurrently, only UDP is supported.
Origin DNS supports the edns-client-subnet protocol: If your authoritative server supports the EDNS protocol, you can enable this option. When a recursive resolution query is made, if the local DNS also supports the EDNS protocol, the Authoritative DNS Resolution Agent service forwards the client's egress IP address from the local DNS query to your origin DNS server.
Origin DNS Servers
Enter one or more origin DNS servers. The default port is 53. Change the port number as needed to match your origin DNS server.
Query cached data
DNS record caching mechanism
If the origin server is configured with smart DNS, DNS records from origin-fetch queries for the Authoritative Zone Name are cached based on the matched smart DNS rule.
Authoritative DNS Resolution Agent uses a cache reserve mechanism. If a record is in the cache and has not expired, queries for that domain name are served directly from the Authoritative DNS Resolution Agent cache. When the cache expires, the next query for that domain name triggers an origin fetch, and the new response updates the cached record. If an origin fetch fails, the service continues to serve the expired data from the cache until the record is purged due to infrequent requests.
Procedure
Switch to the Authoritative DNS Resolution Agent tab.
In the Actions column for the target domain name, click Cached Data.
NoteYou can query Cached Data for three line types: carrier, outside mainland China, and Alibaba Cloud.
For carrier lines, data is categorized by China Telecom, China Unicom, and China Mobile. To view the data, select the corresponding province on the map.
For lines outside mainland China, data is categorized by Asia, Europe, North America, South America, Africa, and Oceania. To view the data, select the corresponding country.
For Alibaba Cloud lines, Cached Data is displayed by region.