All Products
Search

This Product

    Alibaba Cloud DNS:Authoritative Zone

    Document Center

    Alibaba Cloud DNS:Authoritative Zone

    Last Updated:Jan 19, 2026

    Use the Authoritative Zone feature to customize domain name resolution for any domain name or to resolve latency-sensitive issues.

    What is the Authoritative Zone

    This feature lets you define private authoritative domain name zones and DNS records directly in HTTPDNS. However, it is only effective for resolution requests from connection types that carry a dedicated configuration ID (Account ID), such as an SDK, API, DNS over TLS (DoT), or DNS over HTTPS (DoH).

    Note

    • Unencrypted connection types do not support the Authoritative Zone feature. Examples include terminals configured directly with 223.5.5.5/223.6.6.6, 2400:3200::1, or 2400:3200:baba::1.

    • The Authoritative Zone feature is not supported when you access Enterprise Recursive Gateway by attaching public egress IP addresses.

    • Resolution request matching priority: Blacklist/Whitelist > Authoritative Zone > Cache > Recursion.

    Why use the Authoritative Zone

    • Faster: When an app or Internet of Things (IoT) terminal requests resolution for a domain name defined in the Authoritative Zone, HTTPDNS directly returns the resolution result. It does not perform recursive resolution. This means it does not send resolution queries to root servers, top-level domain servers, or authoritative DNS servers, which results in faster resolution.

    • Anti-hijacking: Defining important domains in the Authoritative Zone provides stronger anti-hijacking capabilities. Domains in the Authoritative Zone have shorter resolution paths and do not require recursive resolution. This greatly reduces the risk of domain name hijacking.

    • More secure: You can use private domains in the Authoritative Zone as service endpoints in apps or IoT terminals. These private domains cannot be resolved from the public network. This prevents service unavailability caused by DNS-related network attacks.

    Procedure

    image

    Step 1: Add a domain name (Zone)

    1. Go to Alibaba Cloud DNS - HTTPDNS.

    2. Switch to the Authoritative Zone tab.

    3. Click Add Zone. In the dialog box that appears, enter the domain name (Zone), select whether to enable Recursive Resolution Proxy for Subdomain Names, and then submit the form.

      Important

      • If you do not enable the subdomain recursive resolution proxy, resolution requests for non-existent subdomains under the built-in authoritative domain name (Zone) will fail. HTTPDNS will not perform further iterative queries.

      • The effective scope settings take effect immediately. We recommend that you complete all DNS record configurations before you set the scope to prevent resolution failures caused by missing DNS records.

      image

    Step 2: Add DNS records

    1. On the Authoritative Zone tab, click Settings next to the domain name (Zone) that you want to configure.

    2. On the Settings tab, click the Add Record button. In the Add Record dialog box, specify the configuration and submit the form.

      Note

      Record Type: The Authoritative Zone supports A, canonical name (CNAME), AAAA, TXT, MX, and SRV record types. For more information about the differences between record types, see Add a DNS record.

      Hostname: The host record is the domain name prefix. Common host records include www, @, *, and mail.

      Query Source: Smart DNS resolution lines are supported. For more information, see Enumeration of DNS resolution lines. You can also Custom ACLs.

      Record Values Load Strategy: If you set multiple IP addresses for a record, the DNS response returns all the IP addresses in a round-robin manner by default. If you enable the weighted round-robin feature, you can set weights to adjust the traffic distribution ratio among different record values. If you set multiple domain name addresses, the DNS response returns the domain name addresses based on their weights. The weight can be an integer from 0 to 100.

    Step 3: Set the effective scope

    1. On the Authoritative Zone tab, click Effective Scope next to the domain name (Zone) that you want to configure.

    2. On the Zone Settings tab, select the Effective Scope, select the Unique configuration ID for your account, and then click OK.image

      Important

      • The settings take effect immediately. We recommend that you complete all DNS record configurations before you set the scope to prevent resolution failures caused by missing DNS records.

      • Cross-account effective scope settings are not supported.