All Products
Search

This Product

    Alibaba Cloud DNS:FAQ about DNS protection

    Document Center

    Alibaba Cloud DNS:FAQ about DNS protection

    Last Updated:Mar 24, 2025

    This topic provides answers to frequently asked questions (FAQ) about DNS protection.

    FAQs

    What does DNS protection mean in the paid editions of Alibaba Cloud DNS?

    DNS protection means that Alibaba Cloud DNS provides protection against DNS attacks, mainly DNS query flood attacks, for all the domains that are bound to the paid instances of Alibaba Cloud DNS. In a DNS query flood, an attacker floods the DNS server of a domain with a large number of DNS queries. This instantly brings a large query load to the DNS server. If the number of DNS queries reaches a certain limit per second, the DNS resolution on the DNS server times out and the DNS server even crashes. As a result, the user client cannot obtain the IP address of the attacked domain, and the corresponding website is inaccessible.

    Does the free edition of Alibaba Cloud DNS support DNS protection?

    No, the free edition of Alibaba Cloud DNS does not support DNS protection.

    Does Alibaba Cloud DNS support DNSSEC?

    Alibaba Cloud DNS supports Domain Name System Security Extensions (DNSSEC). DNSSEC is a DNS security authentication mechanism provided by the Internet Engineering Task Force (IETF). DNSSEC enhances DNS verification by using public-key-encrypted digital signatures, providing security protection for the infrastructure of Alibaba Cloud DNS. This feature helps ensure that visitors are directed to your web server and avoid DNS hijacking and pollution.

    Can DNS protection be used to defend against DDoS attacks?

    To use DNS protection, ensure that DNS protection service has been purchased for the paid instance bound to the domain name. There are different levels of defense available:

    • DNS Attack Defense Basic: available for all domain names bound to a paid instance of Alibaba Cloud DNS. It protects your domain names against up to 10 million DDoS attacks per second. You can select this level of protection to defend against regular DDoS attacks.

    • DNS Attack Defense Advanced: available for all domain names bound to a paid instance of Alibaba Cloud DNS. It protects your domain names against over 100 million DDoS attacks per second. You can select this level of protection if your services frequently suffer from serious DDoS attacks.

    For more information about DNS protection, see DNS protection.

    What are the scope and capability of DNS protection?

    Alibaba Cloud DNS provides two levels of DNS protection: DNS Attack Defense Basic and DNS Attack Defense Advanced. DNS Attack Defense Basic can defend against an attack of over 10 million DNS queries per second. DNS Attack Defense Advanced can defend against an attack of over 100 million DNS queries per second.

    Is DNS protection available within the validity period for a paid instance of Alibaba Cloud DNS?

    Yes, Alibaba Cloud DNS protects your domain name against all distributed denial of service (DDoS) attacks that occur during the validity period for the paid instance of Alibaba Cloud DNS that is bound to your domain name.

    Where can I view DNS protection data if I have purchased DNS protection?

    You can view DNS protection data in the Alibaba Cloud DNS console. For more information, see DNS protection.

    What should I do if the number of DNS queries in an attack exceeds the upper limit supported by DNS Attack Defense Advanced?

    If you encounter such an attack, submit a ticket to contact us.