All Products
Search
Document Center

Alibaba Cloud DNS:CDN and GTM: Access security and high availability

Last Updated:Jun 03, 2026

Use cases

Web, gaming, video, and live streaming businesses use CDN for low-latency content delivery. When multiple origin servers are involved, Global Traffic Manager (GTM) monitors origin IP health and automatically isolates failures to ensure business continuity.

Solution architecture

Combine CDN and GTM in a serial architecture: user requests route to CDN first, then CDN uses GTM for origin fetch and failover.

image

Prerequisites

  • Your domain name cloud-example.com is managed by Alibaba Cloud DNS. Your service domain name is www.cloud-example.com.

    Note

    If your domain is not managed by Alibaba Cloud DNS, you can still use GTM. Add a CNAME record at your DNS provider to point the service domain name to the GTM access domain name.

  • A GTM instance is available, such as gtm-cn-vkl3pob**0a. If not, purchase a subscription instance.

  • Expected failover behavior: CDN fetches from origin server 1 by default. If server 1 fails, CDN switches to server 2. If both fail, CDN switches to server 3. When server 1 recovers, CDN automatically switches back.

Procedure

Step 1: Configure GTM

  1. Log on to the Alibaba Cloud DNS console for Global Traffic Manager.

  2. On the Access Domain Name Configuration tab, click Create Access Domain Name.

  3. In the Select Scenario dialog box, select Custom Scenario.

  4. On the Create Access Domain Name page, click the access domain name icon and complete the basic configuration. In this example, the access domain name is gtm.cloud-example.com. Step 1. Configure an access domain name.

  5. On the Access Domain Name page, click the address pool icon to configure an address pool and add addresses. Step 2. Configure an address pool.

    Note

    This example uses a Ping health check. Health check templates.

  6. On the Access Domain Name page, complete the configurations described in II. Configure an address pool and Configure a load balancing policy between address pools. This example uses preemptive mode and round robin.image

    Important

    If you see red or orange alerts, immediately investigate the health check status of your addresses.

  7. Configure monitoring and alerting. Configure alerts.

  8. On the Access Domain Name page, find the access domain name and click Enable.

  9. In the Enable Access Domain Name dialog box, verify the access domain name and click OK.

    Important
    • If a DNS record with the same name and type exists in Alibaba Cloud DNS Public Zone, GTM policies take precedence over DNS queries for that record type, enabling intelligent routing for load balancing and failover.

    • If you disable or delete the GTM instance, Alibaba Cloud DNS handles the authoritative DNS resolution for the domain.

Step 2: Configure CDN

  1. Log on to the Alibaba Cloud CDN console.

  2. In the left-side navigation pane, choose Domain Names and click Add Domain Name. Configure the business and origin information. Set Accelerated Domain Name to the service domain name www.cloud-example.com. In the Origin Server section, select Origin Domain and enter the GTM access domain name gtm.cloud-example.com. Add an accelerated domain name.

Step 3: Point your service domain name to CDN

  1. On the Alibaba Cloud DNS - Public Zone console, configure a CNAME record. Point your service domain name www.cloud-example.com to the CNAME target provided by CDN for the accelerated domain name: www.cloud-example.com.w.cdngslb.com. Configure a CNAME record.

  2. Return to the Domain Names page on the CDN console. When CNAME Status shows Configured and Status shows Running, content acceleration is active.

Important

Do not use this solution to fail over between multiple third-party CDN providers. Adding CDN provider CNAMEs to a GTM address pool does not provide effective health checks or failover because CDN nodes are distributed across a vast network, while GTM has limited monitoring nodes that cannot accurately assess CDN service health for reliable failover.