To map a domain name to an IP address, point it to a web server, or configure it for your email service, you must add a DNS record. Public Zone uses DNS records to direct internet users and systems to the correct resources, such as websites, email services, and URLs.
Scenarios
Scenario 1
For a domain name such as example.com, you can configure DNS records with www and playground as the host records to allow access to a website at www.example.com and a demo service at playground.example.com.
Scenario 2
If you have a domain name such as example.com and want to use www.example.com as the sole entry point, you can redirect other subdomains, such as a.example.com and b.example.com, to www.example.com. This prevents resolution failures. To do this, you can configure a DNS record for the www host record and a wildcard DNS record with the host record set to * and the record type set to Explicit URL Forwarding. The wildcard record acts as a catch-all to redirect all unconfigured host records.
Scenario 3
If you use Alibaba Mail and want your users to log on with an email address such as <userId>@example.com, you must configure the DNS settings for your mailbox.
Scenario 4
When you configure services such as a custom domain name for an OSS Bucket, an accelerated domain name in CDN, a WAF firewall for a website, or an ingest domain for live streaming, you must add the domain name, such as demo.example.com, to the corresponding service. This action generates a CNAME record, such as on-premises-dns.aliyun.com. You must then configure a DNS record with the host record set to demo and the record type set to CNAME. This DNS record points the domain name to the service, which provides the final endpoint.
Choose a DNS record type
The following table describes the record types supported by Alibaba Cloud DNS and their common scenarios.
Record type | Description and scenarios | Commonness score |
A record | Points a domain name to a specified IPv4 address. Often used for website domain name resolution. | 5 points. This is the most basic record type. Almost every domain name requires an A record. |
CNAME record | Points a domain name to another domain name. Often used for website resolution, CDN acceleration, enterprise email, and Global Traffic Manager. | 5 points. Alias pointing is common and versatile. Frequently used for CDN and cloud services. |
MX record | Specifies the mail server for a domain name and sorts servers by priority. | 4 points. Required for email-related services, but not needed otherwise. |
AAAA record | Points a domain name to a specified IPv6 address. Often used when a website needs to be accessed over an IPv6 address. | 4 points. IPv6 adoption is accelerating. In recent years, most cloud services have added default support for IPv6. |
TXT record | Used to identify and describe a domain name. Often used for domain ownership verification, digital certificates, SPF records (for anti-spam), and domain name retrieval. | 5 points. Commonly used for various verifications, such as SSL, SPF, email, and DNS. |
ALIAS record | Used for CNAME flattening. It overcomes CNAME limitations and resolves conflicts that occur when you need to configure a CNAME record and other record types for the same host. For example, when a root domain requires both an MX record for email and a CNAME record. | 2 points: Used in scenarios where a CNAME record conflicts with other records, such as MX and TXT records. |
Explicit URL Forwarding, Implicit URL Forwarding | Points a domain name to an existing site. | 2 points. Supported by only some DNS providers. Mainly used for domain name redirection. |
NS record | Specifies the DNS servers that manage the DNS configuration for a domain name. Often used to delegate a subdomain to another DNS provider. | 3 points. Common for subdomain-level settings. Not changed frequently. |
SRV record | Identifies which server is running a specific service. Common in Microsoft's directory management systems. | 2 points. Required for instant messaging and enterprise service protocols. Rare for regular websites. |
CAA record | Specifies the authorized certification authorities (CAs) that can issue HTTPS certificates for a domain name. Used to prevent incorrect issuance of HTTPS certificates and improve website security. | 2 points. Enhances security for certificate (SSL/TLS) management. Common in specific scenarios. |
PTR record | Maps an IP address to a domain name. A PTR record can be used to verify whether an IP address corresponds to a specific domain name. | 1 point. Mainly used for reverse DNS lookups, such as for mail servers. Rarely used for regular websites. |
SVCB record | Aims to improve service discovery by providing protocol and endpoint information. This optimizes client connection decisions and improves performance and security. | 1 point. An emerging protocol used by HTTP/3, QUIC, and others. Currently uncommon. |
HTTPS record | A specialized version of the SVCB record, specifically for describing HTTPS services. | 1 point. A new standard for HTTPS optimization. Browser support is gradually being added. Not yet common for regular websites. |
Add a DNS record
A record
An A record points a domain name to a static IP address. It is typically used for website domain name resolution. For example, if you have set up a website that is accessible at a public IP address and you have a domain name, you can add an A record. After the record takes effect, you can access your website using the domain name.
Limits
Obtain the public IPv4 address of the server to which you want to point your domain name. Example:
192.0.2.1.If you use an Alibaba Cloud ECS server: You can view your public IP address in the Alibaba Cloud ECS console.
If you use a non-Alibaba Cloud server: Contact your service provider to obtain the public IP address of the server.
If the host record is not
@, an A record conflicts with an NS, CNAME, ALIAS, or URL record if they have the same host record and resolution line. If a conflict is reported when you add an A record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
Different record types require different record values.
Select A from the drop-down list. This points the domain name to a specified IPv4 address.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin:
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all records for the line. The Local DNS server selects which result to return. If the Local DNS server returns all addresses, the client selects one at random.
Ratio:
Returns a record from the Record Values based on the configured weights. For more information about how to configure weights, see Configure weights.
Round Robin
Record Values
The public IPv4 address of the web server. You can add multiple addresses.
If you set Record Values Load Strategy to Ratio, you can set the Ratio for each record value. When responding to a query, the system returns a record value based on the probability determined by its preset weight.
If you use an Alibaba Cloud ECS server: You can view your public IP address in the Alibaba Cloud ECS console.
If you use a non-Alibaba Cloud server: Contact your service provider to obtain the public IP address of the server.
Example
FAQ
CNAME record
A CNAME record, also known as a canonical name record, points a domain name to another domain name, which then provides the IP address. CNAME records are most commonly used for services such as CDN, enterprise email, and Global Traffic Manager.
Resolution flow
For example, the CNAME record for www.example.com points to app.cloud-example.net. When a user accesses www.example.com, the full resolution process for the CNAME record is as follows:
A user enters
www.example.comin a browser, or an application attempts to connect to this domain name.The user's computer first checks its local cache. If no record is found, it queries a recursive DNS server, such as 114.114.114.114 or 8.8.8.8.
If the recursive DNS server's cache does not contain the record, it initiates a standard DNS query:
It asks the root DNS server: "Who is responsible for the .com top-level domain?"
The root server returns the address of the .com top-level domain (TLD) DNS server.
The recursive DNS server asks the TLD server: "Who is responsible for example.com?"
The TLD server returns the authoritative DNS server for example.com.
The recursive DNS server asks the authoritative DNS server: "What is the DNS record for www.example.com?"
The authoritative DNS finds that
www.example.comis configured with a CNAME record that has the valueapp.cloud-example.net. It responds to the recursive DNS server, "www.example.comis an alias forapp.cloud-example.net. Please query the latter."
The recursive DNS server receives
app.cloud-example.netand starts a new resolution process, although it may already have the record cached. The server typically finds the A record (IP address) forapp.cloud-example.netor encounters another CNAME record. In theory, CNAME records can be chained, but we recommend that you do not use more than two levels of redirection.The recursive DNS server continues until it finally obtains an IP address.
Limits
If you add a CNAME record for the default line and also add A and AAAA records for smart lines, smart DNS scheduling may become inaccurate.
If the host record is not
@, a CNAME record conflicts with all other record types if they have the same host record and line. If a conflict is reported when you add a CNAME record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
The record value that you must specify depends on the record type.
Select CNAME from the drop-down list. This record type points a domain name to another domain name, which then provides the IP address.
Hostname
The prefix for the subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
The only supported method for returning record values is Ratio. For more information about configuring weights, see Configure weights.
Ratio
Record Values
The destination domain name to which the hostname points. You can add multiple domain names.
If you set Record Values Load Strategy to Ratio, you can set the Ratio for each record value. When responding to a query, the system returns a record value based on the probability determined by its preset weight.
Example:
aliyundoc.com.Example
FAQ
MX record
To receive emails, you must add an MX record. An MX (mail exchanger) record is used by email systems to locate the mail server based on the suffix of the recipient's address. For example, when someone sends an email to vincen@example.com, the system performs an MX record lookup for example.com. If an MX record exists, the system forwards the email to the mail server that is specified in the MX record, according to its priority. For a quick, one-click setup of email resolution, see Add mailbox records.
Limits
You have deployed a mailbox server and obtained the domain name for your email service.
If the host record is not
@, an MX record conflicts with an NS or CNAME record if they have the same host record and resolution line. If a conflict is reported when you add an MX record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
This section uses Alibaba Cloud Mail as an example and shows the required email records.
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
The required record value depends on the selected record type.
Select MX from the drop-down list. MX stands for mail exchanger. An MX record is used by email systems to find the mail server for a recipient's domain.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin is the only supported method for retrieving record values.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all records for the line. The local DNS server then selects a result to return. If the local DNS server returns all addresses, the client randomly selects one.
Round Robin
Record Values
Record Value:
Obtain the record value from your mailbox provider. You can add multiple values. For example, the record value for Alibaba Cloud Mail is
mx1.qiye.aliyun.com.Priority:
A lower MX priority value indicates a higher priority. For example, an email is first sent to
mx1.qiye.aliyun.comwith an MX priority of5. If that attempt fails, the email is then sent tomx2.qiye.aliyun.comwith an MX priority of10.
Example:
aliyundoc.com 5.ImportantThe preceding steps describe only the settings for an MX record. To complete the mailbox setup, you must also set CNAME and TXT records. Contact your mailbox provider for the specific DNS records that you need to configure. If your mailbox provider is Alibaba Cloud Mail, see Add email DNS records.
Example
FAQ
AAAA record
An AAAA record points a domain name to a static IPv6 address. It is typically used for DNS configuration when a website supports IPv6.
Limits
Obtain the IPv6 address of the server to which you want to point the domain name in advance. Example: ff03:0:0:0:0:0:0:c1.
If the host record is not
@, an AAAA record conflicts with an NS, CNAME, ALIAS, or URL record if they have the same host record and resolution line. If a conflict is reported when you add an AAAA record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
The required record value varies based on the record type.
Select AAAA from the drop-down list. This record type points a domain name to an IPv6 address, which is typically the IPv6 address of a web server. For example: ff03:0:0:0:0:0:0:c1.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin:
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all records for the line. The Local DNS server selects which result to return. If the Local DNS server returns all addresses, the client selects one at random.
Ratio:
Returns a record from the Record Values based on the configured weights. For more information about how to configure weights, see Configure weights.
Round Robin
Record Values
The IPv6 address of the web server. You can enter multiple addresses.
If you set Record Values Load Strategy to Ratio, you can set the Ratio for each record value. When responding to a query, the system returns a record value based on the probability determined by its preset weight.
For example: ff03:0:0:0:0:0:0:c1.
Example
FAQ
TXT record
If you want to identify and describe a domain name, you can use a TXT record. TXT records are often used for digital certificates and SPF records (for anti-spam).
Limits
If the host record is not
@, a TXT record conflicts with an NS or CNAME record if they have the same host record and resolution line. If a conflict is reported when you add a TXT record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.The maximum length of a TXT record value is 8,192 characters.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
Different record types require different record values.
Select TXT from the drop-down list. TXT records are often used for SSL digital certificate validation and for Sender Policy Framework (SPF) records to prevent spam.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin is the only supported method for retrieving record values.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all records that match the specified line. The local DNS server then determines which record to return. If the local DNS server returns all addresses, the client randomly selects one.
Round Robin
Record Values
TXT records are often used for verification. You can obtain the record value from your certificate service or email service provider. For example, you may need to add a TXT record for verification when delegating a subdomain. You can add multiple values.
NoteWe recommend that you remove unused TXT records during regular maintenance. This helps prevent resolution failures that can occur if the number of TXT records for a single subdomain exceeds the limit on the recursive DNS servers of some carriers.
Example:
5d597b2c12464a7a8d0dde6b858ce543.Example
FAQ
ALIAS record
Background information
According to DNS protocol specifications, CNAME records have the highest priority. If a domain name is configured with CNAME, MX, and TXT records simultaneously, a recursive DNS server will return the CNAME record even when queried for the MX record. To prevent incorrect configurations, Alibaba Cloud DNS performs a pre-check when you add DNS records. For more information, see DNS record conflict rules.
Function Introduction
The ALIAS record type provides a CNAME flattening effect. The record value is a domain name, and the system automatically resolves the record value recursively and returns the final IP address. This reduces the number of query hops, improves resolution speed, and can replace CNAME records to resolve conflicts. For example, it can be used when a domain name is configured with a CNAME record for WAF/CDN and also needs an MX record for email. This feature is available only in the Ultimate and Exclusive Editions.
ALIAS vs. CNAME
Similarities: The record value for both is another domain name.
Differences:
CNAME | ALIAS |
| 
|
Limits
The ALIAS record type is available only in the Ultimate and Exclusive Editions.
For a single domain name, the Ultimate Edition supports up to 10 ALIAS records. The Exclusive Edition does not limit* the number of ALIAS records. For more information, see Edition comparison.
*Unlimited: If you exceed the default system limit during actual use, you can request a parameter limit increase, provided the product remains stable and secure.
If you downgrade a paid edition to the Personal or Free Edition, the ALIAS records are retained but become inactive. If you downgrade the Exclusive Edition to the Ultimate Edition and have more than 10 ALIAS records, the records are retained and resolve normally. However, you cannot modify them. To modify an existing ALIAS record, you must delete the excess records to bring the total count to 10 or fewer.
The ALIAS record type is mutually exclusive with the DNSSEC feature. To use ALIAS records, disable DNSSEC for the domain name first.
An ALIAS record conflicts with A, AAAA, and CNAME records, but not with other record types. For more information, see DNS record conflict rules.
ALIAS records are supported only in Public DNS and are not yet supported in GTM.
Usage notes
Because the ALIAS record type relies on public recursive servers, fluctuations in the public network or failures of recursive servers may cause resolution to fail. Therefore, no service availability SLA is provided for ALIAS record resolution.
When Public DNS iteratively queries an ALIAS domain name, it uses the
ECSfield to pass the source IP address of the Local DNS query to the recursive server. If the recursive server supports this, a smart DNS result can be obtained.CDN providers may report that a CNAME record is not configured after you set an ALIAS record. You can provide feedback to the provider and suggest that they modify their check rules.
The TTL of the response for an ALIAS record is based on the TTL configured for the record itself. It does not inherit the TTL from the external recursive query result.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
The record value that you must specify depends on the record type.
Select ALIAS from the drop-down list. An ALIAS record points a domain name to another domain name. The system automatically performs recursive resolution and returns the final IP address.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Record values are returned based solely on Ratio. To configure weights, see Weight configuration.
Ratio
Record Values
The target domain name. You can add multiple domain names.
If you set Record Values Load Strategy to Ratio, you can set the Ratio for each record value. When responding to a query, the system returns a record value based on the probability determined by its preset weight.
Example:
aliyundoc.com.Example
URL forwarding
URL forwarding includes two types, Explicit URL Forwarding and Implicit URL Forwarding, and is a feature that points a domain name to an existing website. This feature works by resolving the domain name to an Alibaba Cloud forwarding server that acts as a proxy. During this process, Alibaba Cloud DNS automatically adds an A record for the domain name that points to a URL forwarding server address. Consequently, it is expected that the dig command returns an A record with an IP address, such as 203.107.XX.XX, after you add a URL forwarding record.
Explicit URL Forwarding: Explicit URL forwarding uses 301 (permanent redirect) or 302 (temporary redirect) redirection technology. The browser's address bar displays the target address, and the content displayed is from the target website.
Implicit URL forwarding: Implicit URL Forwarding uses iframe technology. The domain name in the browser's address bar does not change, but the content displayed is from the target website.
The URL forwarding feature does not guarantee availability as defined by the Service-Level Agreement (SLA). For guaranteed resolution stability, we recommend that you build your own Nginx reverse proxy to implement HTTPS forwarding and hide the resolution port.
Prerequisites
When you add a URL forwarding record, the domain name to be forwarded is resolved to an Alibaba Cloud forwarding server, which then handles the forwarding proxy. Alibaba Cloud's URL forwarding servers are deployed in the Chinese mainland. Therefore, the domain name to be forwarded must have an ICP filing. The ICP filing does not have to be with Alibaba Cloud. To apply for an ICP filing with Alibaba Cloud, see ICP filing procedure.
Limits
The record value for URL forwarding cannot be an IP address.
The domain name to be forwarded cannot contain an underscore (_).
URL forwarding does not support wildcard DNS records.
The target domain name for URL forwarding cannot be a Chinese domain name.
The domain name to be forwarded supports HTTP but not HTTPS. The target address supports both HTTP and HTTPS.
If the host record is not
@, a URL record conflicts with NS, CNAME, A, and AAAA records if they have the same host record and resolution line. If a conflict is reported when you add a URL record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.URL forwarding is a special feature. Alibaba Cloud DNS does not provide attack prevention for it. If you encounter a blackhole due to an attack, you cannot use URL forwarding. In this case, you must change the record for the host to an A or CNAME record.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
When you use Explicit URL Forwarding, accessing the forwarded domain name updates the address in the browser's address bar to the target address and displays the content of the target website.
Implicit URL Forwarding ensures that when a user accesses a domain name configured with Implicit URL Forwarding, the content of the destination website is displayed, but the domain name in the browser's address bar remains unchanged.
Select Explicit URL Forwarding or Implicit URL Forwarding from the drop-down list.
Hostname
The prefix of the subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin is the only supported method for retrieving record values.
Round Robin
Record Values
Another website.
NoteFor Explicit URL Forwarding:
URL forwarding supports
301permanent redirects and302temporary redirects.A 301 redirect indicates that a resource has been permanently moved. Search engines will replace the old URL with the new URL when crawling new content.
A 302 redirect indicates that a resource is temporarily available at a new address. Search engines will crawl the new content but retain the old URL.
Example:
www.aliyun.com.Examples
Explicit URL Forwarding
Implicit URL Forwarding
FAQ
NS record
To delegate a subdomain to another DNS provider, or if you want a subsidiary, department, or business to independently manage the DNS records for a subdomain, you must add an NS record to the primary domain name. For more information about subdomain delegation scenarios, see Subdomain management.
Limits
Delegating a primary domain name (host record set to @) is not supported. To delegate a primary domain name to another DNS provider, change the DNS server addresses directly at your domain name registrar. For more information, see Change the DNS servers of a domain name.
If the host record is not
@, an NS record conflicts with all other record types if they have the same host record and resolution line. If a conflict is reported when you add an NS record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
Add the subdomain to Alibaba Cloud DNS to obtain the DNS server addresses assigned to the subdomain. For detailed steps, see Subdomain management.
Go to the authoritative DNS server of the primary domain name to modify the DNS records for the subdomain. For example, if you use Alibaba Cloud Public DNS, go to the Alibaba Cloud DNS - Public DNS page and click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
An NS record is used to delegate a subdomain to another DNS provider.
Select NS from the drop-down list.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin is the only supported method for retrieving record values.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all records for the specified line. The local DNS server then selects which record to return. If the local DNS server returns all addresses, the client randomly selects one.
Round Robin
Record Values
The domain name of the authoritative DNS server for the subdomain.
NoteOther DNS providers typically provide multiple DNS server addresses. To specify all of them, you can add multiple NS records for the same host record (subdomain), each with a different record value.
For example,
ns3.dnspod.netis a DNS server domain name provided by Tencent Cloud DNS.Example
SRV record
An SRV record identifies which server is running a specific service. It is common in Microsoft's directory management systems.
Limits
If the host record is not
@, an SRV record conflicts with an NS or CNAME record if they have the same host record and resolution line. If a conflict is reported when you add an SRV record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
An SRV record specifies the server that provides a specific service. It also defines the address, port, priority, and weight for that service.
Select SRV. This record type points a domain name to another domain name, which is then used for address resolution.
Hostname
The hostname for an SRV record follows the format _service._protocol.
Example: _sip._tcp
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin is the only supported method for retrieving record values.
Round Robin
Record Values
The format is
PriorityWeightPortTarget hostExample: 0 5 5060 www.cloud-example.com .
Example
CAA record
A Certificate Authority Authorization (CAA) record is a type of DNS resource record. This record specifies which certification authorities (CAs) are authorized to issue certificates for a domain name. If a request for an SSL/TLS certificate is made to an unauthorized CA, the request is rejected.
Certificate Authority Authorization (CAA) is a DNS record type that improves security by allowing you to specify which certification authorities (CAs) are authorized to issue certificates for your domain name. This prevents unauthorized third parties from obtaining an SSL/TLS certificate for your domain name from other CAs and helps prevent the incorrect issuance of HTTPS certificates.
Limits
If the host record is not
@, a CAA record conflicts with an NS or CNAME record if they have the same host record and resolution line. If a conflict is reported when you add a CAA record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
A CAA record specifies which Certificate Authorities (CAs) are authorized to issue certificates for a domain. This prevents other CAs from issuing SSL/TLS certificates for the domain name, which helps prevent incorrect certificate issuance and improves website security.
Select CAA from the drop-down list.
Hostname
The subdomain prefix.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin is the only supported method for retrieving record values.
Round Robin
Record Values
flag: The default value is 0. This indicates that if the issuing CA does not recognize this information, the information should be ignored.
tag: Supports three values: issue, issuewild, and iodef.
issue: Authorizes a single CA to issue any type of certificate for the domain name.
issuewild: Authorizes a single CA to issue a wildcard certificate for the hostname.
iodef: Allows the CA to send violation reports to a specified email address.
value: The domain name of the CA or the email address for violation notifications. Example: "ca.cloud-example.com". Note: The value must be enclosed in double quotation marks.
Example: 0 issue "ca.cloud-example.com"
Example
PTR record
Reverse DNS lookup: Maps an IP address to a domain name, which is the opposite of a forward DNS lookup (where an A or AAAA record maps a domain name to an IP address). A PTR record can be used to verify whether an IP address corresponds to a specific domain name.
Procedure:
The Reverse DNS Lookup feature provided by Alibaba Cloud DNS lets you configure PTR records for public IP addresses (EIPs or static public IP addresses of ECS instances) under your Alibaba Cloud account. For more information, see What is reverse DNS lookup?.
For non-Alibaba Cloud public IP addresses, contact your data center or hosting provider.
SVCB record
An SVCB (Service Binding) record is used to improve service discovery. It informs the client about additional parameters of a service before a connection is attempted, such as supported protocols and details of the service endpoint. It can be used for different transport protocols and is closely related to HTTPS records.
The introduction of SVCB records allows DNS to provide more flexible and detailed configuration information. This allows clients to make more informed decisions about service requests before establishing a connection. This not only improves performance and enhances security but also optimizes the user experience.
Limits
If the host record is not @, and the host record and resolution line are the same, an SVCB record conflicts with NS and CNAME records. Additionally, the alias mode and service mode of an SVCB record conflict with each other. If a conflict is reported when you add an SVCB record, you can resolve it by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
An SVCB record is a type of DNS record used for service discovery. It specifies information about supported protocols and Service Parameters.
Select SVCB from the drop-down list.
Hostname
The prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Set
Priority: A non-negative integer from 0 to 65535 that specifies the processing order for multiple SVCB records. Records with lower values have higher priority. If a service has multiple SVCB records, the client processes them in order of priority, starting with the record that has the lowest value. This is similar to the priority parameter for MX records.
NoteA priority of 0 indicates alias mode, which is similar to a CNAME record that points to another service name. In this mode, you cannot set Service Parameters.
A non-zero priority indicates service mode. In this mode, you can define service parameters.
Destination Zone Name: The domain name of the server that provides the service. This is also known as the target domain.
In alias mode (where the priority is 0), the target domain specifies another service name for the client to resolve.
In service mode, the target domain is typically the hostname that provides the service. The client then resolves this target domain to obtain the IP address of the service. Example:
www.example.com.
Service Parameters: A set of key-value pairs that define the service configuration and required features. These parameters provide clients with detailed guidelines and pre-connection information to optimize connection performance and security. The information can include desired protocol versions, a list of application-layer protocols (such as ALPN), Transport Layer Security (TLS) requirements, transport parameters, and IP address hints.
Service Parameters provide clients with pre-connection information on how to access a service and optimize the connection for performance and security. For example:
alpn="h2" ipv4hint="223.5.5.5" port="443" ech="MTIzNDU2Nzg="NoteCommon Service Parameters:
alpn="h3,h2": Indicates support for HTTP/2 and HTTP/3.
ipv4hint="223.5.XX.XX": Indicates the IPv4 address of the target domain.
ipv6hint="2400:3200::XX": Indicates the IPv6 address of the target domain.
port="443": Indicates the port number.
ech="MTIzNDU2Nzg=": A Base64-encoded string of the Encrypted Client Hello (ECH) configuration information.
mandatory="alpn,port": A list of parameters that the client must understand and process.
no-default-alpn: Indicates that there is no default application-layer protocol. If this parameter is present, the alpn parameter must also be present.
dohpath="/dns-query{?dns}": The URI template for DNS over HTTPS (DoH) access.
Separate multiple key-value pairs with spaces. The maximum length is 1,024 characters.
Example
HTTPS record
An HTTPS record is a specialized version of an SVCB record, specifically for describing HTTPS services. HTTPS records typically contain the same types of key-value parameters as SVCB records, but they are interpreted and processed with the assumption that the service protocol is HTTPS.
HTTPS records allow website operators to provide more detailed information about their HTTPS services, including which IP addresses are available and which protocols or service parameters are supported. This ensures that the most appropriate configuration is used the first time a client connects to the server, which reduces handshake latency, lowers the probability of connection failures, and enhances user privacy.
Limits
If the host record is not @, and the host record and resolution line are the same, an HTTPS record conflicts with NS and CNAME records. Additionally, the alias mode and service mode of an HTTPS record conflict with each other. If a conflict is reported when you add an HTTPS record, you can resolve it by deleting the conflicting record or modifying the host record.
Procedure
On the Alibaba Cloud DNS - Public DNS page, click the target domain name to go to the Settings page.
Click the Add Record button.
Complete the form fields.
Form item
Description
Recommended value
Record Type
An HTTPS record is a record type specific to HTTPS services. You can use an HTTPS record to specify a secure HTTPS connection protocol and an optimal service endpoint. This improves the security and reliability of HTTPS access.
Select HTTPS from the drop-down list.
Hostname
Refers to the prefix of a subdomain.
For
www.example.com, enterwww.For
example.com, enter@.For
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
The source of the DNS query. In most cases, select Default. If you want to return different record values based on the visitor's location, you can set other sources, such as carrier or region. For more information, see Smart DNS and Custom lines.
ImportantYou must add a DNS record for the Default line as a fallback. This prevents resolution failures when a DNS query does not match any of the specified resolution request sources.
If you have no special requirements, keep the default value Default.
For requests from Beijing and surrounding cities, select
China Region_North China.For requests from the China Telecom network, select:
China Telecom.
Record Values
Priority: A non-negative integer from 0 to 65,535 that specifies the order in which multiple HTTPS records are processed. Records with lower values have higher priority. If a service has multiple HTTPS records, the client processes them in order of priority, starting with the record that has the lowest value (highest priority). This is similar to the priority parameter for MX records.
NoteA priority of 0 indicates alias mode, in which you cannot set service parameters. This mode is similar to a CNAME record and directs traffic to another service name.
A non-zero priority indicates service mode, in which you can define service parameters.
Destination Zone Name: Specifies the domain name of the server to which the client connects.
In alias mode (priority 0), the target domain specifies another service name for the client to resolve.
In service mode, the target domain is typically the hostname that provides the service. The client resolves this domain name to obtain the IP address of the service. For example,
www.example.com.Service Parameters: A set of key-value pairs that defines the service configuration and required features. These parameters can provide information such as the desired protocol versions, a list of application-layer protocols for Application-Layer Protocol Negotiation (ALPN), transport layer security requirements, transport parameters, and IP address hints.
Service Parameters allow a service provider (SP) to provide clients with detailed guidelines and pre-connection information for accessing the service. This optimizes the performance and security of the connection. For example,
alpn="h2,h3" ipv4hint="223.5.XX.XX" ipv6hint="2400:3200::XX" port="443"NoteExamples:
alpn="h3,h2": Indicates support for HTTP/2 and HTTP/3.
ipv4hint="223.5.XX.XX": Indicates the IPv4 address of the target domain.
ipv6hint="2400:3200::XX": Indicates the IPv6 address of the target domain.
port="443": Indicates the port number.
mandatory="alpn,port": Specifies a list of required parameters.
no-default-alpn: Indicates that no default application-layer protocol exists. If this parameter is present, the `alpn` parameter is required.
dohpath="/dns-query{?dns}": Specifies the URI template for DNS-over-HTTPS (DoH) access.
Separate multiple key-value pairs with spaces. The maximum length is 1,024 characters.
Example:
aliyundoc.com.TTL
The time that the DNS record is cached on a carrier's Local DNS server. We recommend setting this to 10 minutes. A smaller TTL value means that changes to the record take effect faster for end users. For more information, see Configure TTL.
Edition
Free Edition
Personal Edition
Enterprise Ultimate Edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Example
Verify that the configuration has taken effect
To ensure that you verify the DNS record after it has taken effect, you must first understand the TTL effective mechanism.
In addition to verifying by directly accessing the URL, you can use other methods to check if the record has taken effect. For more information, see Methods to test whether a DNS record has taken effect. If the DNS record has not taken effect, see Quickly troubleshoot DNS resolution failures.
References
If a DNS record conflict is reported when you add a record, see DNS record conflict rules.
To add a wildcard DNS record with the host record set to *, see Wildcard domain resolution.
If you encounter problems during the setup process, see the following documents: