This topic describes how to access Alibaba Cloud Public DNS by calling the JSON API for DoH on a client.
Process
The following figure shows the process of DNS resolution when you access Alibaba Cloud Public DNS by calling the JSON API for DoH on a client.
Design policies
The DNS resolution must follow the following design policies:
Failover policy
Alibaba Cloud Public DNS implements disaster recovery across data centers deployed in different regions by using the BGP anycast technology. To ensure normal DNS resolution even in the worst case, we recommend that you use the following failover policy:
1. Initiate a DNS request to Alibaba Cloud Public DNS.
2. If the value of statusCode returned by Alibaba Cloud Public DNS is not 200 or displays connection timeout, send the DNS request to the local DNS server. We recommend that you set the timeout period to 3 seconds.
Cache policy
To minimize the number of DNS resolutions, we recommend that you cache resolution results on the local device. The following section describes the cache rules:
1. TTL of cached results: We recommend that you set the TTL to a value ranging from 60 seconds to 600 seconds.
2. Cached data update: The cached data needs to be updated in the following scenarios:
Network status changes: When the network type of your client switches from WWAN to Wi-Fi or from Wi-Fi to WWAN, the Internet service provider (ISP) of the client may change. You need to send a new DNS request to Alibaba Cloud Public DNS to obtain the optimal IP address.
Expiration of cached results: When a cached DNS result expires, the client sends a new DNS request to Alibaba Cloud Public DNS to obtain the IP address associated with the latest domain name. To allow users to obtain the latest IP address as soon as possible after the cached result expires, we recommend that you update the expired cached results every 1 minute by using a timer.
IP precedence policy
After the client sends a DNS request to Alibaba Cloud Public DNS and obtains the resolution results, the system can cache the DNS resolution results. At the same time, the system can asynchronously test the connection speed of IP addresses by using the socket code or running the ping command, rank the IP addresses, and then update the cached data. This implements IP precedence.
Usage notes
The TTL specified for caching resolution results cannot be shorter than 60 seconds. This prevents the increase in costs caused by frequent access to Alibaba Cloud Public DNS.
For services using Alibaba Cloud Public DNS, the local DNS server is required for disaster recovery. If Alibaba Cloud Public DNS cannot work properly due to network instability or an Alibaba Cloud Public DNS failure, the local DNS server can be used for DNS resolution.
We recommend that you implement different features with the same domain but different URLs so as to reduce the number of DNS requests and costs.
We recommend that you set the timeout period of the requests for Alibaba Cloud Public DNS to a value ranging from 2 seconds to 5 seconds.