All Products
Search

This Product

    Alibaba Cloud DNS:Built-in authoritative module

    Document Center

    Alibaba Cloud DNS:Built-in authoritative module

    Last Updated:Jul 07, 2025

    You can use the built-in authoritative module for domain name resolution to implement customized resolution for any domain name or address resolution latency-sensitive issues.

    What is the built-in authoritative module?

    The "built-in authoritative module" feature allows you to define private authoritative domain name zones and DNS records directly in HTTPDNS. However, it is only effective for resolution requests accessed through SDK, API, DoT/DoH, or other methods that carry a dedicated configuration ID (Account ID).

    Note

    • Non-encrypted access methods do not support the built-in authoritative module feature, such as terminals directly configured with 223.5.5.5/223.6.6.6, 2400:3200::1, 2400:3200:baba::1.

    • The built-in authoritative module feature is not supported when accessing Enterprise Recursive Gateway by attaching public egress IP addresses.

    • Resolution request matching priority: Blacklist/Whitelist > Built-in authoritative module > Cache > Recursion.

    Why use the built-in authoritative module?

    • Faster: When an APP/IoT terminal requests resolution for a domain name defined in the built-in authoritative module, HTTPDNS directly returns the resolution result without performing recursive iterative resolution (no need to initiate resolution queries to root servers, top-level domain servers, or authoritative DNS servers), making resolution speed faster.

    • Anti-hijacking: Defining important domains as built-in authoritative domains provides better anti-hijacking effects. Built-in authoritative domains have shorter resolution paths and do not require recursive iterative resolution, which can greatly reduce the risk of domain hijacking.

    • More secure: When APP/IoT terminals use private built-in authoritative domains as service access endpoints, the public network cannot correctly resolve these private built-in authoritative domains, which prevents DNS-related network attacks from causing service unavailability.

    Procedure

    image

    Step 1: Add domain name (Zone)

    1. Access Cloud DNS-HTTPDNS.

    2. Switch to the Built-in Authoritative Module tab.

    3. Click the Add Domain Name (Zone) button. In the Add Built-in Authoritative Domain Name (Zone) dialog box, enter the corresponding domain name (Zone), select whether to enable Subdomain Recursive Resolution Proxy, and then click OK.

      Important

      • If you do not enable the subdomain recursive resolution proxy, when a request is made for a non-existent subdomain under the built-in authoritative domain name (Zone), the resolution will directly fail, and HTTPDNS will not continue with iterative queries.

      • The domain name effective scope takes effect immediately after it is set. It is recommended to complete all DNS record configurations before setting the scope to avoid resolution failures caused by empty domains.

    Step 2: Add DNS records

    1. On the Built-in Authoritative Module tab, click the Resolution Settings button next to the target built-in authoritative domain name (Zone).

    2. On the DNS Records tab, click the Add Record button. In the Add record dialog box, complete the configurations for Record Type, Host Record, Resolution Request Source, Record Value, Weight, TTL, and other settings, and then click OK.

      Note

      Record Type: The built-in authoritative module currently supports A, CNAME, AAAA, TXT, MX, and SRV record types. If you do not understand the differences between various resolution types, you can refer to Add DNS records for public authoritative resolution.

      Resolution Request Source: Supports intelligent resolution lines. For more information, see Resolution line enumeration. You can also Customize Resolution Lines.

      Weight: When multiple IP addresses are set, the resolution response returns all IP addresses in a polling manner by default. After enabling the weight resolution feature, you can set weights to adjust the proportion of traffic for different record values. When multiple domain name addresses are set, the resolution response returns domain name addresses only by weight. The weight value range is 0 to 100.

    Step 3: Set effective scope

    1. On the Built-in Authoritative Module tab, click the Effective Scope Settings button next to the target built-in authoritative domain name (Zone).

    2. On the Domain Settings tab, select the domain name effective scope, select the dedicated Account ID under your account, and then click OK.

      Important

      • The settings take effect immediately. It is recommended to complete all DNS record configurations before setting the scope to avoid resolution failures caused by empty domains.

      • Cross-account effective scope settings are not supported.