All Products
Search

This Product

    Alibaba Cloud DNS:Access Alibaba Cloud Public DNS by using DoH

    Document Center

    Alibaba Cloud DNS:Access Alibaba Cloud Public DNS by using DoH

    Last Updated:Apr 28, 2024

    This topic describes how to access Alibaba Cloud Public DNS by using DNS over HTTPS (DoH).

    Alibaba Cloud Public DNS provides DNS resolution by using TLS-encrypted HTTP connections based on the RFC 8484 specifications.

    Procedure

    DOH接入流程

    Obtain the user ID

    Log on to the Alibaba Cloud DNS console. On the pubDNS.accessConfiguration tab of the Recursive Resolution (Public DNS) page, view the account ID in the upper-right corner.

    image

    Enable DoH-based access

    1. On the Recursive Resolution (Public DNS) page, click the pubDNS.accessConfiguration tab.

    2. In the pubDNS.accessConfiguration.encrypt.guide step, turn on Enable to enable DoH-based access.image

      Warning

      • If you do not use DoH to access Alibaba Cloud Public DNS, you can turn off Enable.

      • Exercise caution when you deactivate Alibaba Cloud Public DNS Commercial Edition. After you deactivate Alibaba Cloud Public DNS Commercial Edition, you can use only Alibaba Cloud Public DNS Free Edition. No more bills are generated, and features such as statistics display in the console are no longer available. Alibaba Cloud Public DNS Free Edition does not guarantee service level agreement (SLA) compliance. In addition, the speed of DNS resolution may be limited, and DNS queries may be rejected.

      • After you deactivate Alibaba Cloud Public DNS Commercial Edition, you can reactivate the service. After the service is reactivated, you can use its features with the previous configurations, and charges for the service resume.

    Configure DoH as a regular user

    If the account ID that you obtained is 9**9, set the URL of the DoH server to https://9**9.alidns.com/dns-query.

    The following example describes how to configure a DoH server on Chrome:

    1. Open the Chrome browser, click the More icon in the upper-right corner, and then click Settings.

      1599813826622-5e23172a-3595-42ee-b1be-8359ad781892

    2. Enter DNS in the search box and click the arrow to the right of Security.

      1599813913378-46376364-4ff3-40d1-8da0-f0909f4ba1c6

    3. In the lower part of the Security page, turn on Encrypt the names of sites you visit in the Advanced section, set the Select DNS provider parameter to Add custom DNS service provider, and then enter https://9**9.alidns.com/dns-query in the input box.

      image

    Use DoH as a developer

    To use DoH as a developer, you must generate an HTTP request and send it to the DoH server based on the RFC 8484 specifications.

    You can use the GET and POST methods to generate an HTTP request. If you use the POST method, the DNS query is included in the message body of the HTTP request. If you use the GET method, the Base64URL-encoded DNS request content is assigned as the value of the only variable dns.

    Sample code for Python and Golang

    If you use the GET method to initiate a DoH query, the DNS binary packet is processed based on Base64URL to obtain DNS parameters and generate a complete DoH HTTP URL. Then, an HTTP request is initiated to obtain a DNS response packet.

    The following Python code shows how to use DoH to query the domain name alibaba.com: 

    import dns.message
import requests
import base64
import json

doh_url = "https://9**9.alidns.com/dns-query"
domain = "alibaba.com"
rr = "A"
result = []

message = dns.message.make_query(domain, rr)
dns_req = base64.b64encode(message.to_wire()).decode("UTF8").rstrip("=")
r = requests.get(doh_url + "?dns=" + dns_req,
                 headers={"Content-type": "application/dns-message"})
for answer in dns.message.from_wire(r.content).answer:
    dns = answer.to_text().split()
    result.append({"Query": dns[0], "TTL": dns[1], "RR": dns[3], "Answer": dns[4]})
    print(json.dumps(result))

    The following result is returned:

    $ python test_doh.py
[{"Answer": "106.11.XXX.XXX", "Query": "alibaba.com.", "RR": "A", "TTL": "133"}]

    The following Golang code shows how to use DoH to query the domain name alibaba.com: 

    package main

import (
        "encoding/base64"
        "fmt"
        "github.com/miekg/dns"
        "io/ioutil"
        "net/http"
        "os"
)

func main() {
       query := dns.Msg{}
       query.SetQuestion("www.taobao.com.", dns.TypeA)
       msg, _ := query.Pack()
       b64 := base64.RawURLEncoding.EncodeToString(msg)
       resp, err := http.Get("https://9**9.alidns.com/dns-query?dns=" + b64)
       if err != nil {
            fmt.Printf("Send query error, err:%v\n", err)
            os.Exit(1)
       }
       defer resp.Body.Close()
       bodyBytes, _ := ioutil.ReadAll(resp.Body)
       response := dns.Msg{}
       response.Unpack(bodyBytes)
       fmt.Printf("Dns answer is :%v\n", response.String())
}

    The following result is returned:

    Sent Get query https://dns.alidns.com/dns-query?dns=xzEBAAABAAAAAAAAA3d3dwZ0YW9iYW8DY29tAAABAAE
Dns answer is :;; opcode: QUERY, status: NOERROR, id: 50993
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;www.taobao.com.        IN       A

;; ANSWER SECTION:
www.taobao.com. 15      IN      CNAME   www.taobao.com.danuoyi.tbcache.com.
www.taobao.com.danuoyi.tbcache.com.     15      IN      A       221.229.XXX.XXX
www.taobao.com.danuoyi.tbcache.com.     15      IN      A       221.229.XXX.XXX

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 4096