Alibaba Cloud DNS is a managed domain name resolution platform that provides end-to-end DNS services for enterprises across public networks, private networks, and mobile applications. It covers multicloud, hybrid cloud, and Internet of Things (IoT) use cases.
Architecture
Alibaba Cloud DNS consists of two components: a cloud platform and an edge component.
Cloud platform -- Delivers domain name resolution as a Software as a Service (SaaS) offering for public Internet users and cloud-based enterprises.
Edge component -- Uses self-hosted DNS software and a mobile software development kit (SDK) to handle resolution in IDC, multicloud, and application-specific environments.
Together, these form a cloud-edge architecture with centralized management and unified scheduling. This architecture supports end-to-end resolution from the central cloud to edge nodes and from public clouds to private networks. You can configure and monitor all resolution settings from a single Alibaba Cloud DNS console.
Sub-products
Alibaba Cloud DNS provides five sub-products that address different resolution needs:
Public Zone -- Public Authoritative DNS is an authoritative DNS service for the Internet. It directs user traffic to the corresponding websites or application servers.
Private Zone -- Internal DNS is a DNS resolution service for corporate intranet environments, including Alibaba Cloud VPCs, self-hosted IDCs, and other cloud VPCs. It serves ECS instances, containers, and office terminals.
Global Traffic Manager -- Global Traffic Manager is a DNS-based traffic management service. It uses health checks and load balancing policies, including polling, proximity-based routing, weighted, and sequential. It provides fault isolation and switchover to help you build zone-redundancy and disaster recovery architectures.
Recursive Gateway -- Enterprise Recursive Gateway is a throttling protection service for enterprises that use Alibaba Cloud Public DNS (223.5.5.5/223.6.6.6) for domain name queries. It prevents throttling caused by internal crawlers or malicious requests from affecting normal resolution.
HTTPDNS -- Mobile DNS (HTTPDNS) is a resolution service for mobile apps and IoT devices. It supports HTTP/HTTPS, DNS over HTTPS (DoH), and DNS over TLS (DoT). It replaces traditional Local DNS to prevent domain hijacking, reduce resolution latency, and eliminate update failures.
Benefits
End-to-end resolution across all environments
The cloud-edge architecture covers all domain name resolution needs, from internal networks to the public Internet and from PCs to mobile devices.
Internal application access -- PrivateZone or self-hosted DNS provides authoritative resolution for custom domain names. This supports service discovery and interconnection for ECS instances, containers, and office terminals.
Outbound Internet access -- Enterprise Recursive Gateway provides a unified recursive resolution entry point for public domain names. This accelerates Internet access for SaaS applications and web browsing.
External service access -- Globally distributed authoritative DNS nodes deliver high availability (HA), low latency, and high success rates for external services such as websites, e-commerce platforms, and API operations.
Application and IoT terminal access -- HTTPDNS uses HTTP/HTTPS protocols to replace traditional Local DNS, preventing DNS hijacking. It provides precise scheduling and low-latency resolution for mobile services.
Centralized management with lower O&M costs
A unified console manages domain name resolution configurations across all environments.
Single-console configuration -- Configure and adjust resolution rules for Public Authoritative DNS, Internal DNS, Enterprise Recursive Gateway, and HTTPDNS without switching between systems.
Monitoring and alerting -- Real-time monitoring, alerting, log analysis, and data visualization help detect anomalies and locate problems.
Scalable architecture -- Add resolution policies and customize scheduling rules as your business grows, without architectural changes.
Access at the control plane and service plane
Alibaba Cloud DNS supports access at both the control plane and the service plane.
Control plane access -- Manage DNS configurations through the web console, OpenAPI, Terraform, or SDKs in multiple languages. These options support different operational workflows and automation requirements.
Service plane access -- Connect to DNS resolution through multiple paths:
Local terminal access -- Deploy self-hosted DNS software for private resolution services on internal terminals.
Cloud terminal access -- ECS applications in a VPC connect to PrivateZone through dedicated IP addresses (100.100.2.136 and 100.100.2.138) for automatic private domain name resolution.
Mobile terminal access -- Integrate the SDK to access HTTPDNS, avoiding resolution issues common with traditional Local DNS and improving application performance.