All Products
Search
Document Center

Alibaba Cloud DNS:Set up fast failover with GTM

Last Updated:Jun 04, 2026

Create a GTM instance that distributes traffic across two addresses with health checks for automatic failover.

Tutorial overview

Step

Description

Quick links

Authorize access to cloud resources

First-time GTM use requires a service-linked role authorization. Once authorized, GTM can access CloudMonitor alert notification groups.

Note

This authorization is required only once per account. Skip this step if already authorized.

Authorize access to cloud resources

Create an instance

Create a GTM instance for your application service. Standard and Ultimate editions are available.

Create an instance

Create an address pool

Create an address pool to group your application's service addresses. Configure the pool type, load balancing policy, and address return mode.

Create an address pool

Configure an access policy

An access policy routes users to a specific address pool collection. GTM supports two types: geo-based access policy and latency-based access policy. Use the geo-based access policy to return addresses by ISP or region. Use the latency-based access policy to route users to the lowest-latency backend.

Configure an access policy

Set up basic configurations

Configure basic settings for your GTM instance: business domain, CNAME access domain type, global TTL, and alert notification group.

Set up basic configurations

Enable health checks

Enable Ping, TCP, or HTTP(S) health checks to monitor application availability in real time.

Enable health checks

Connect to GTM by using a CNAME record

After configuration and testing, point your business domain to the GTM CNAME access domain to connect your application to GTM.

Connect to GTM by using a CNAME record

Authorize access to cloud resources

First-time GTM use requires a service-linked role authorization. Once authorized, GTM can access alert notification groups in your CloudMonitor service.

Note

This authorization is required only once per account. Skip this step if already authorized.

On the Cloud Resource Access Authorization page, verify the service-linked role AliyunServiceRoleForGTM with policy AliyunServiceRolePolicyForGTM, then click Confirm Authorization.

Create an instance

Purchase a GTM instance before proceeding.

Important

Multiple business domains that resolve to the same addresses can share one GTM CNAME access domain. Otherwise, each domain requires a separate instance.

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. Click Create Instance to open the product purchase page.

  3. Select an edition based on your requirements, click Buy Now, and complete the payment.

  4. After purchase, an instance is created automatically. The instance list shows the instance ID (for example, gtm-cn-wwo3xxx), CNAME access domain, health check task quota, alert notification count, status (Normal), plan version, and expiration date. In the Operation column, click Configure, Upgrade, or Renew to manage the instance.

Create an address pool

An address pool groups IP addresses or domain names that provide the same application service.

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. In the instance list, find the instance that you want to manage and click Configure in the Operation column.

  3. Select the Address Pool Configuration tab, and then click Add Address Pool. After you configure the parameters, click Confirm.

    In the Add Address Pool dialog box, set Address Pool Name (for example, testPool), Address Pool Type (for example, IPv4), and Load Balancing Policy (Address) (for example, Return All Addresses). In Address List, add an address (for example, 1.1.XX.XX) and select the Mode (for example, smart return). Add more addresses with Add Row or Batch Add.

Address pool configuration.

Configure an access policy

Important
  • The latency-based access policy is available only for the Ultimate edition.

  • If you enable the latency-based access policy, GTM ignores the load balancing policy configured in the address pool.

  • You can enable only one type of access policy for an instance.

Prerequisites

  • You have created an instance and authorized access to cloud resources.

  • At least two public IP addresses are available for your application service. These can be from Alibaba Cloud services (such as SLB or ECS) or any other public source. Alibaba Cloud service IPs are recommended.

Procedure

Geo-based access policy

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. In the instance list, find the instance that you want to manage and click Configure in the Operation column.

  3. On the Basic Configuration page, find the Geo-based access policy section and click Configure.

  4. Click Add Access Policy.

    The Access Policy page lists configured policies with columns: Policy name, DNS query source, Current effective address pool collection, and Address pool type. Click Add Access Policy in the upper-left corner.

  5. Configure the access policy. Access policy.

    In the Modify Access Policy dialog box, set Policy Name to Global and select Global from the DNS Query Source drop-down list. You can select DNS query sources based on ISP or Chinese mainland regions, but cannot mix them in the same policy. Each query source can be used in only one access policy.

    Important

    Without a backup address pool collection, the system removes unhealthy addresses but does not fail over when the primary collection becomes unavailable. If healthy addresses remain in the primary collection, GTM returns those addresses.

Note

Weight configuration.

GTM uses Alibaba Cloud DNS scheduling. If DNS results occasionally differ from your weight configuration during testing, this is expected. Weighted round-robin applies at the local DNS level — each local DNS server queries the authoritative DNS only once per TTL period.

For example, if Shanghai users share localDNSA and Beijing users share localDNSB, each local DNS receives a weight-based response from Alibaba Cloud DNS. Within the TTL period, all users behind the same local DNS receive the same resolution result.

Latency-based access policy

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. On the Basic Configuration page, find the Latency-based access policy section and click Configure.

  3. Click Add Access Policy to configure the access policy.

  4. In the Add Access Policy dialog box, enter the required parameters. Access policy.

    Set Policy Name. In Primary Address Pool Collection, select an Address Pool Type (such as IPv4), then select an existing pool from Select Address Pool or click Add Address Pool to create one.

Basic configuration

Configure the global settings for your GTM instance: Instance Name, CNAME Access Domain Type, Business Domain, Global TTL, and Alert Notification Group.

Prerequisites

You have created an instance, authorized access to cloud resources, and configured an access policy.

Procedure

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. In the instance list, find the instance that you want to manage and click Configure in the Operation column.

  3. On the Basic Configuration page, click Modify. Configure the Instance Name, CNAME Access Domain Type, Business Domain, Global TTL, and Alert Notification Group. Then, click Confirm. Basic configuration.

Enable health checks

Prerequisites

You have created an instance and created an address pool.

Procedure

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. In the instance list, find the instance that you want to manage and click Configure in the Operation column.

  3. Select the Address Pool Configuration tab. Click the + icon next to an address pool to expand its details. Then, click Add to configure a health check.

  4. Health check configuration

    Configure health check rules for addresses in the address pool to monitor application availability.

  • GTM supports Ping health check, TCP health check, and HTTP(S) health check. The default protocol is Ping.

    For Ping health checks, configure Check Interval, Number of Ping Packets, Packet Loss Rate, Timeout, Consecutive Failures, and Failure Rate. In Monitoring Nodes, select BGP or non-BGP nodes.

    Important
    1. Place monitoring nodes in the same region as your service addresses to avoid false alarms. Do not use Chinese mainland nodes to monitor services outside Chinese mainland, or vice versa.

    2. If all addresses are Alibaba Cloud IPs and you use blackhole filtering for fault testing, select non-BGP monitoring nodes. Blackhole filtering is an ACL policy at the Alibaba Cloud–ISP interconnection; traffic between Alibaba Cloud IPs flows internally, which can reduce health check effectiveness.

Connect to GTM by using a CNAME record

If your domain uses Alibaba Cloud DNS, configure a CNAME record in the Alibaba Cloud DNS console.

Prerequisites

You have authorized access to cloud resources, created an instance, configured an access policy, and set up basic configurations.

Procedure

  1. Go to the Alibaba Cloud DNS - Global Traffic Manager console.

  2. In the Actions column for the target instance, click Configure to open the Basic Configuration page. Then, click the copy icon next to CNAME Access Domain (Public Network).

  3. In the left-side navigation pane, choose Resolution Configuration > Public Zone. Find your domain and click Resolution Settings in the Actions column to open the Resolution Settings page.

  4. On the Resolution Settings page, add a CNAME record for your business domain and point it to the GTM CNAME access domain.