If you want to associate a domain name with an IP address, point it to a web server, or link it to an email service, you must Add Records for the domain name. Public Zone directs users and systems to resources, such as web services, email services, and URLs, using these records.
Use cases
Web and demo services
For a domain name example.com, to allow access to a website at www.example.com and a demo service at playground.example.com, you can configure DNS records with www and playground as the host records.
Single entry point
To make example.com the sole entry point, redirect all other subdomains, such as a.exmple.com、b.example.com, to www.example.com to avoid resolution failures. Set up a record for www, and create a wildcard DNS record with the host set to * and the record type as Explicit URL. This acts as a catch-all for unconfigured subdomains.
Email configuration
For Alibaba Mail users who want to log in with an email address, such as <userId>@example.com, configure DNS settings for the mailbox.
Custom services
When configuring services such as a custom domain for an OSS bucket, a CDN-accelerated domain, a WAF-protected site, or streaming domains, add the domain such as demo.example.com to the corresponding service and generate a CNAME record, such as on-premises-dns.aliyun.com. You must then configure a record and set the host record to demo and the record type to CNAME. This DNS record points the domain name to the corresponding service, which provides the final endpoint.
Preparations
A domain name has been purchased.
Ensure the domain name is listed in Alibaba Cloud DNS - Public Zone. Domains purchased from Alibaba Cloud are added automatically. If the domain name is not found:
You have not purchased a domain name. Purchase one from Alibaba Cloud Domain Names.
Your domain name is from a third-party registrar. Manually add it to Alibaba Cloud DNS - Public Zone and update DNS server addresses as necessary. See migrate DNS services for more.
Check the domain name status.
Verify that the domain status is Normal and all identity verifications are complete. If resolving to servers in Chinese mainland, an ICP filing is required.
Check that DNS Server IP Address are Normal. For more, see DNS servers for a domain name.
Get the record value.
For ECS or dedicated virtual machines, access the console to view public IP addresses.
For web hosting, contact your service provider to get the endpoint.
For CDN-accelerated domains, configure domains in the console to get the CNAME value.
For email configuration, get MX and other necessary records from the provider.
Select a DNS record type
The following table describes the DNS record types that Alibaba Cloud DNS supports and use cases.
Record type | Use cases | Popularity score (Total score: 5) |
A | Maps a domain name to an IPv4 address. Often used for website domain name resolution. | 5. Most basic type. Almost every domain name uses it. |
CNAME | Maps a domain name to another domain name. Often used for website resolution, CDN acceleration, enterprise email, and Global Traffic Manager. | 5. Alias mapping is common and versatile type used for CDN and other Alibaba Cloud services. |
MX | Specifies the mail server for a domain name and sorts servers by priority. | 4. Required for email services. If you do not use an email service, you do not need this record. |
AAAA | Maps a domain name to an IPv6 address. Often used when a website needs to be accessed over an IPv6 address. | 4. IPv6 adoption is accelerating, with most cloud services supporting IPv6 by default. |
TXT | Provides text information about a domain name. Often used for domain ownership verification, digital certificates, SPF records (for anti-spam), and domain name retrieval. | 5. Used for verification, such as SSL, SPF, email, and DNS. |
Explicit/Implicit URL forwarding | Points a domain name to an existing site. Both explicit and implicit URL forwarding are supported. | 2. Supported by only some DNS providers. It is mainly used for domain name redirection. |
NS | Specifies the DNS servers that manage the DNS records for a domain name. Often used to delegate a subdomain to another DNS provider. | 3. Commonly used for subdomain delegation. Changes are infrequent. |
SRV | Specifies the host and port for specific services. This is common in Microsoft directory services. | 2. Required for instant messaging and enterprise service protocols. It is rarely used for standard websites. |
CAA | Specifies which certification authorities (CAs) are allowed to issue HTTPS certificates for a domain name. This helps prevent the mis-issuance of certificates and improves website security. | 2. Enhances security for certificate (SSL/TLS) management. |
PTR | Maps an IP address to a domain name. A PTR record can be used to verify whether an IP address corresponds to a specific domain name. | 1. Used for reverse DNS lookups, such as for mail servers. Rarely used for standard websites. |
SVCB | Improves service discovery by providing protocol and endpoint information. This optimizes client connection decisions and enhances performance and security. | 1. An emerging record type used by protocols such as HTTP/3 and QUIC. Not widely used at present. |
HTTPS | An HTTPS record is a specialized version of the SVCB record that is used exclusively for describing HTTPS services. | 1. Browsers are gradually supporting the new standard for HTTPS optimization, but it is not widely used by typical websites yet. |
Add a DNS record
A
An A record maps a domain name to a fixed IPv4 address. It is typically used for website domain name resolution. For example, if you have set up a website that is accessible at a public IP address and you have a domain name, you can add an A record. After the record takes effect, you can access your website using the domain name.
An A record maps a domain name to a fixed IPv4 address, a fundamental step for website domain resolution. It directs traffic from a domain name to the public IP of its hosting server, allowing users to access the website with the domain name once the record propagates.
Limits
Public IPv4 address for the target server is required, such as
192.0.2.1.Alibaba Cloud ECS: The public IP address can be found in Alibaba Cloud ECS console.
Other Providers: Obtain the public IP address from your service provider.
Conflict Rules: For any host record other than
@, an A record cannot coexist with an NS, CNAME, or URL record if they share the same host record and resolution line. To resolve a conflict error, either delete the conflicting record or modify the host record. For more information, see DNS record conflict rules.
Configuration
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
The required format for the Record Value depends on the selected type.
Select A to map the domain name to an IPv4 address.
Host Record
The prefix of a subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Defines how DNS responds when multiple record values exist for the same host.
Polling (Round Robin): Returns all configured record values in response to a query. The client's local DNS resolver selects one at random, distributing traffic evenly.
Weight: Distributes traffic among record values based on their weights. For more, see Weight Configuration.
Polling
Record Values
This is typically the public IPv4 address of the web server. You can add multiple addresses.
If you select Weight for the Record Values Load Strategy, a Weight must be specified for each record value to control the traffic distribution ratio.
Alibaba Cloud ECS: Find the public IP address in the ECS console.
Other providers: Get the public IP address from your service provider.
Example
FAQ
CNAME
A canonical name (CNAME) record points a domain name to another domain name, which then provides the IP address. CNAME records are used for services such as CDN, enterprise email, and Global Traffic Manager.
Resolution process
The following example illustrates the resolution process for a CNAME record that points www.example.com to app.cloud-example.net:
A client attempts to resolve
www.example.com.The client's local DNS resolver checks its cache. If the record is not found, it queries a recursive DNS server, such as
114.114.114.114, and8.8.8.8.The recursive server initiates an iterative query:
It first queries the root DNS servers to find the .com TLD servers.
Then, it asks the TLD servers for the DNS of example.com.
Upon querying the authoritative DNS with regard to www.example.com, it finds a CNAME record redirecting to app.cloud-example.net.
It instructs the recursive DNS server to query that domain instead.
The authoritative server responds
www.example.comas an alias forapp.cloud-example.net(CNAME record). The recursive server then starts a new resolution process forapp.cloud-example.netto find its corresponding A or AAAA record (IP address). This may involve another CNAME record, though nesting CNAMEs more than two levels deep is not recommended as it can increase latency.Once the final IP address is found, the recursive server returns it to the client.
Limits
Using a CNAME record on the default line while A and AAAA records exist for the same host on smart lines can cause inaccurate traffic routing.
If the host record is not
@, a DNS record conflict occurs if a CNAME record and other DNS records have the same host record and line. If a conflict is reported when adding a CNAME record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS Record Conflict Rules.
Configuration
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
The required record value depends on the record type.
Select CNAME from the drop-down list. This record type points a domain name to another domain name, which is then resolved to an IP address.
Hostname
The prefix of a subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Weight method is supported for returning record values. To configure weights, see Weight Configuration.
Weight
Record Values
The target domain name. You can add multiple domain names to create a record set.
If you select Weight for the Record Values Load Strategy, a Weight must be specified for each record value to control the traffic distribution ratio.
Example:
aliyundoc.com.Example
FAQ
MX
MX (Mail Exchanger) record specifies the mail servers responsible for accepting email messages on behalf of a domain. When an email is sent to an address like user@example.com, the sending mail system queries the MX records for example.com to find the correct destination server. These records include a priority value, which allows for setting up primary and backup mail servers. The server with the lowest priority value is tried first. For an automated setup, see Add mailbox records.
Limits
Prerequisite: You have a mail server and get the domain address your email service provider.
Record Conflicts: For any host record other than
@, an MX record cannot coexist with an NS, CNAME, or URL record if they share the same host record and resolution line. If a conflict error occurs, either delete the conflicting record or modify the host record. For more information, see Resolve record conflict rules.
Configuration
The following example shows how to configure email records for Alibaba Cloud Mail:
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
The required record value varies based on the selected record type.
Select MX from the drop-down list. An MX record is used by email systems to locate the mail server address for a domain.
Hostname
The prefix of a domain name.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Polling method is supported for MX records.
When this method is used for A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all matching records, and the client's local DNS resolver selects one.
Polling
Record Values
Record value:
The domain name of the mail server retrieved from your mailbox provider, such as
mx1.qiye.aliyun.com.MX Priority:
A lower value indicates a higher priority. For example, a server with priority
5(mx1.qiye.aliyun.com) is tried before a server with priority10(mx2.qiye.aliyun.com).
Example:
aliyundoc.com 5.ImportantA complete email setup may also require CNAME and TXT records. Get the full set of required DNS records from your mailbox provider. If your mailbox provider is Alibaba Cloud Mail, see Add email domain resolution.
Example
FAQ
AAAA
An AAAA record maps a domain name to a fixed IPv6 address, making it fundamental for services that support IPv6 access.
Limits
Get the IPv6 address of the server that you want to point your domain name to in advance. Example: ff03:0:0:0:0:0:0:c1.
If the host record is not
@, an AAAA record conflicts with an NS, CNAME, or URL record if they have the same host record and resolution line. If a conflict is reported when you add an AAAA record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS Record Conflict Rules.
Configuration
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
The record value that you must specify depends on the record type.
Select AAAA from the drop-down list. This record type maps a domain name to an IPv6 address, which is typically the IPv6 address of a web server. For example, ff03:0:0:0:0:0:0:c1.
Hostname
The subdomain prefix.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Defines how DNS responds when multiple record values exist for the same host.
Polling (Round Robin): Returns all configured record values in response to a query. The client's local DNS resolver selects one at random, distributing traffic evenly.
Weight: Distributes traffic among record values based on their weights. For more, see Weight Configuration.
Polling
Record Values
The IPv6 address of the web server. You can add multiple addresses.
If you select Weight for the Record Values Load Strategy, a Weight must be specified for each record value to control the traffic distribution ratio.
For example, ff03:0:0:0:0:0:0:c1.
Example
FAQ
TXT
A TXT record associates arbitrary text with a domain name. It is a versatile record used for digital certificate verification and SPF records (for anti-spam).
Limits
For any host record other than
@, a TXT record cannot coexist with an NS, CNAME, or URL record on the same resolution line. To resolve a conflict, delete the conflicting record or use a different host record. For more information, see DNS record conflict rules.The maximum length of a TXT record value is 8,192 characters.
Configuration
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
The record value that you must specify depends on the record type.
Select TXT from the drop-down list. TXT records are often used for SSL digital certificate verification and SPF records (for anti-spam).
Hostname
The prefix of the subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Polling method can be used to return record values.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all records that match the specified line. The local DNS server then selects one record to return. If the local DNS server returns all matching addresses, the client randomly selects one.
Round Robin
Record Values
TXT records are commonly used for verification. You can get the record value from your certificate service or email service provider. For example, you may need to add a TXT record for verification when you delegate a subdomain. You can add multiple values.
NoteWe recommend that you remove unnecessary TXT records during routine maintenance. This helps prevent the total length of TXT records for a single subdomain from exceeding the limit. If the limit is exceeded, resolution may fail on some carriers' recursive DNS servers.
Example:
5d597b2c12464a7a8d0dde6b858ce543.Example
FAQ
URL forwarding
URL forwarding points a domain name to an existing website. It includes explicit URL forwarding and implicit URL forwarding. This feature works by resolving the domain name to an Alibaba Cloud forwarding server, which then acts as a proxy. During this process, an A record that points to a URL forwarding server address provided by Alibaba Cloud DNS is automatically added for the domain name. Therefore, it is normal if the dig command returns an A record with an IP address such as 203.107.XX.XX after you add a URL forwarding record.
Explicit URL forwarding: Explicit URL forwarding uses 301 (permanent redirect) or 302 (temporary redirect) redirection. The browser's address bar displays the target URL, and the content of the target website is displayed.
Implicit URL forwarding: Implicit URL forwarding uses an iframe. The domain name in the browser's address bar does not change, but the content of the target website is displayed.
Alibaba Cloud DNS does not provide a Service-Level Agreement (SLA) for the availability of URL forwarding. For guaranteed resolution stability, we recommend that you build your own Nginx reverse proxy.
Prerequisites
When you add a URL forwarding record, the domain name is resolved to an Alibaba Cloud forwarding server, which then acts as the forwarding proxy. Alibaba Cloud's URL forwarding servers are deployed in the Chinese mainland. Therefore, you must obtain an ICP filing for the source domain name. The ICP filing does not have to be obtained through Alibaba Cloud. To obtain an ICP filing through Alibaba Cloud, see ICP filing process.
Limits
The record value for URL forwarding cannot be an IP address.
The source domain name for URL forwarding cannot contain an underscore (_).
URL forwarding does not support wildcard DNS resolution.
The target domain name for URL forwarding cannot be a Chinese domain name.
The source domain name for URL forwarding supports HTTP but not HTTPS. The target URL can be an HTTP or HTTPS address.
If the host record is not
@, a URL record conflicts with NS, CNAME, A, or AAAA records if they have the same host record and resolution line. If a conflict is reported when you add a URL record, you can resolve the conflict by deleting the conflicting record or modifying the host record. For more information, see DNS Record Conflict Rules.URL forwarding is a special feature. Alibaba Cloud DNS does not provide attack prevention for it. If you encounter an attack that triggers blackhole filtering, you cannot use URL forwarding. In this case, you must change the record type for the hostname to A or CNAME.
Configuration method
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
With Explicit URL forwarding, the URL in the browser's address bar changes to the destination URL, and the content of the destination website is displayed.
With Implicit URL forwarding, the domain name in the browser's address bar does not change, but the content of the destination website is displayed.
Select Explicit URL or Implicit URL.
Hostname
This is the prefix of a subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Record values are returned using the Polling method only.
Polling
Record Values
Another website.
NoteFor explicit URL forwarding:
This feature supports
301permanent redirects and302temporary redirects.A 301 redirect indicates that the resource at the old URL has been permanently moved and is no longer available. When a search engine scrapes the new content, it also replaces the old URL with the new one.
A 302 redirect indicates that the redirection is temporary and the resource at the old URL is still available. The search engine scrapes the new content but retains the old URL.
Example:
www.aliyun.com.Example
Explicit URL
Implicit URL
FAQ
NS
If you want to delegate a subdomain to another DNS provider or allow a subsidiary, department, or business to independently manage DNS resolution for a subdomain, you need to add an NS Record to the primary domain name. For more information about subdomain hosting scenarios, see Subdomain Management.
Limits
You cannot delegate a primary domain name by setting the hostname to @. To delegate a primary domain name to another DNS provider, you must change the DNS server addresses at your domain name registrar. For more information, see Change the DNS servers for a domain name.
If the host record is not
@, an NS record conflicts with other DNS records if they have the same host record and resolution line. If a conflict is reported when you add an NS record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS record conflict rules.
Configuration
Add the subdomain to Alibaba Cloud DNS and obtain the DNS server addresses assigned to the Subdomain. For more information, see Subdomain Management.
Go to the authoritative DNS server for the primary domain name to modify the DNS records for the subdomain. For example, in Alibaba Cloud DNS, go to the Alibaba Cloud DNS - Public Zone page and click the target domain name to open the DNS Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
To delegate a subdomain to another DNS service provider, you can add an NS record.
Select NS from the drop-down list.
Hostname
The prefix of the subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
You can use only the Polling method to retrieve record values.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all record values that match the specified line. The local DNS server then selects a result to return. If the local DNS server returns all available addresses, the client randomly selects one.
Polling
Record Values
Specifies the domain name of the DNS server to which you are delegating authority.
NoteDNS service providers typically provide multiple DNS server addresses. You can add multiple NS records with the same hostname (subdomain) but different record values.
For example,
ns3.dnspod.netis a DNS server domain name provided by Tencent Cloud DNS.Example
SRV
An SRV record specifies the host and port for specific services. It is common in Microsoft directory services.
Limits
If the host record is not
@, an SRV record conflicts with an NS or CNAME record if they have the same host record and resolution line. If a conflict is reported when you add an SRV record, you can resolve the issue by deleting the conflicting record or modifying the host record. For more information, see DNS Record Conflict Rules.
Configuration
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
An SRV record specifies which server provides a service and includes information such as the address, port, priority, and weight of the service.
Select SRV from the drop-down list. This record type is used to specify the location of servers for a specific service.
Hostname
The format of the host record is `_service._protocol`.
Example: _sip._tcp
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Polling method is supported to return DNS records.
Polling
Record Values
The format of the record value is
PriorityWeightPortTarget hostExample: 0 5 5060 www.cloud-example.com.
Example
CAA
A CAA (Certificate Authority Authorization) record is an additional field that can be added to a DNS record. It uses the DNS mechanism to create a CAA resource record that restricts which CAs can issue certificates for a domain name. Attempts by unauthorized third parties to obtain an SSL/TLS certificate for the domain name from other CAs are rejected.
By adding a CAA record for a domain name, a website owner can authorize specific CAs to issue certificates for their domain name. This helps prevent the mis-issuance of HTTPS certificates and improves website security.
Limits
If the host record is not
@, a CAA record conflicts with an NS or CNAME record if they have the same host record and DNS resolution line. If a conflict is reported when you add a CAA record, you can resolve the issue by deleting the conflicting records or modifying the host record. For more information, see DNS Record Conflict Rules.
Configuration method
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
A CAA record allows a website owner to specify which Certificate Authorities (CAs) are authorized to issue certificates for their domain name. This helps prevent unauthorized third parties from obtaining an SSL/TLS certificate for the domain name from other CAs, which prevents the misissuance of HTTPS certificates and improves website security.
Select CAA from the drop-down list.
Hostname
Specifies the prefix of a subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Polling method is supported.
Polling
Record Values
flag: The default value is 0. This value indicates that an issuing CA that does not recognize the tag can ignore the record.
tag: The supported values are issue, issuewild, and iodef.
issue: Authorizes a specified CA to issue any type of certificate for the domain name.
issuewild: Authorizes a specified CA to issue wildcard certificates for the hostname.
iodef: Specifies a URL to which a CA can send reports about policy violations.
value: The domain name of the CA or the URL for violation notifications. Example: "ca.cloud-example.com". Note: The value must be enclosed in double quotation marks.
Example: 0 issue "ca.cloud-example.com"
Example
PTR
Reverse DNS lookup: This maps an IP address to a domain name, which is the opposite of a forward DNS lookup (where an A or AAAA record maps a domain name to an IP address). A PTR record can be used to verify whether an IP address corresponds to a specific domain name.
Procedure: Contact your data center or hosting provider to add a PTR record. If your server provider is Alibaba Cloud, you can submit a ticket. The Alibaba Cloud server support team will assist you in adding the reverse DNS lookup record.
SVCB
An SVCB (Service Binding) record enhances service discovery by providing clients with detailed connection information, such as supported protocols and details about the service endpoint. It can be used for different transport protocols and is closely related to HTTPS records.
SVCB records allow DNS to provide more flexible and detailed configuration information. This enables clients to make more informed decisions about service requests before they establish a connection, improving performance, security, and user experience.
Limits
If the hostname is not @, and the hostname and request source are the same, an SVCB record conflicts with an NS or CNAME record. The alias mode and service mode of an SVCB record also conflict with each other. If a conflict is reported when you add an SVCB record, you can resolve the conflict by deleting the conflicting record or changing the hostname. For more information, see DNS record conflict rules.
Configuration
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
An SVCB record is a service binding record used for service discovery. It provides information about supported protocols and service parameters as a DNS record.
Select SVCB from the drop-down list.
Hostname
The prefix of the domain name.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Query Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values
Priority: A non-negative integer from 0 to 65535 that specifies the order in which multiple SVCB records are used. A lower value indicates a higher priority. If a service has multiple SVCB records, a client sorts them by priority and attempts to use the record with the highest priority (the smallest value) first. This parameter is similar to the priority parameter of MX records.
NoteA priority of 0 indicates alias mode, in which service parameters cannot be set. This mode is similar to a CNAME record and can redirect to another service name.
A non-zero priority indicates service mode, in which you can define service parameters.
Target Domain Name: The domain name of the server to which the client connects.
In alias mode (priority 0), the target domain name is another service name for the client to resolve.
In service mode, the target domain is typically the hostname that provides the service. The client then resolves this target domain to obtain the IP address of the service. For example,
www.example.com.
Service Parameters are a set of key-value pairs that define service configuration and required features. These parameters can provide various types of information, such as expected protocol versions, a list of application-layer protocols (such as Application-Layer Protocol Negotiation or ALPN), transport layer security requirements (such as required TLS versions), transport parameters, and IP address hints.
Service parameters allow service providers to provide clients with detailed guidelines for accessing services and pre-connection information to optimize connection performance and security. For example:
alpn="h2" ipv4hint="223.5.5.5" port="443" ech="MTIzNDU2Nzg="NoteCommon service parameters:
alpn="h3,h2": Indicates support for HTTP/2 and HTTP/3.
ipv4hint="223.5.XX.XX": The IPv4 address of the target domain name.
ipv6hint="2400:3200::XX": The IPv6 address of the target domain name.
port="443": The port number.
ech="MTIzNDU2Nzg=": A Base64-encoded string of the Encrypted Client Hello (ECH) configuration information.
mandatory="alpn,port": A list of mandatory parameters.
no-default-alpn: Indicates that no default application-layer protocol exists. If this parameter is present, the alpn parameter must also be specified.
dohpath="/dns-query{?dns}": The URI template for DNS-over-HTTPS (DoH) access.
Separate multiple key-value pairs with spaces. The maximum length is 1,024 characters.
Example
HTTPS
An HTTPS record is a specialized version of the SVCB record that is used exclusively for describing HTTPS services. HTTPS records typically contain the same types of key-value parameters as SVCB records, but they are interpreted and processed with the assumption that the service protocol is HTTPS.
HTTPS records allow website operators to provide more detailed information about their HTTPS services, including which IP addresses are available and which protocols or service parameters are supported. This ensures that the most appropriate configuration is used when a client connects to the server for the first time, which reduces handshake latency, lowers the probability of connection failures, and enhances user privacy.
Limits
If the hostname is not @, and the hostname and request source are the same, an HTTPS record conflicts with an NS or CNAME record. The alias mode and service mode of an HTTPS record also conflict with each other. If a conflict is reported when you add an HTTPS record, you can resolve the conflict by deleting the conflicting record or changing the hostname.
Configuration method
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to navigate to the Settings page.
On the Settings page, click the Add Record button.
Fill in the fields.
Field
Description
Recommended value
Record Type
An HTTPS record is a type of DNS record for HTTPS services. It specifies a secure connection protocol and the optimal service site address to improve the security and reliability of HTTPS access.
Select HTTPS from the drop-down list.
Host Record
The prefix of a subdomain.
For a top-level domain like
www.example.com, enterwww.For a subdomain like
example.com, enter@.For third-level domain like
demo.example.com, enterdemo.For
test.blog.example.com, entertest.blog.
Parsed Request Source
Specifies the source of the DNS query to enable geo-routing. The Default line serves as the primary configuration for all regions.
For advanced traffic management, configure lines by ISP or region to return different IP addresses based on the location. See Smart resolution and Custom lines for details.
ImportantA Default line is mandatory to ensure resolution for queries that do not match any specific line, preventing resolution failures.
General Use: Keep the
Defaultvalue.Regional Targeting: To target queries from Beijing and surrounding regions, select
China Region_North China.ISP Targeting: To target queries from a specific ISP like China Telecom, select
China Telecom.
Record Collection
Priority: A non-negative integer from 0 to 65535 that specifies the priority of an HTTPS Record. A lower value indicates a higher priority. If a service has multiple HTTPS Records, a client sorts the records by priority and attempts to connect to the record with the highest priority (lowest value) first. This is similar to the priority parameter of an MX record for email services.
NoteA priority of 0 indicates alias mode. In this mode, service parameters cannot be set. This mode is similar to a CNAME record and directs traffic to another service name.
A non-zero priority indicates service mode, in which you can define service parameters.
Target Domain Name: The domain name of the server that the client connects to.
In an HTTPS Record that uses the Alias pattern (priority 0), the target domain specifies another service name for the client to resolve.
In service mode, the target domain name is typically the hostname that provides the service. The client resolves this domain name to obtain the service's IP address. For example,
www.example.com.Service Parameters: A set of key-value pairs that define the service configuration and required features. The parameters include information such as the expected protocol version, a list of application-layer protocols (such as ALPN), transport layer security requirements (such as the required TLS version), transport parameters, and IP address hints.
Service parameters allow a service provider (SP) to provide clients with detailed guidelines and pre-connection information for accessing the service. This optimizes the connection's performance and security. For example:
alpn="h2,h3" ipv4hint="223.5.XX.XX" ipv6hint="2400:3200::XX" port="443"NoteExamples of service parameters:
alpn="h3,h2": Indicates support for HTTP/2 and HTTP/3.
ipv4hint="223.5.XX.XX": The IPv4 address of the target domain name.
ipv6hint="2400:3200::XX": The IPv6 address of the target domain name.
port="443": The port number.
mandatory="alpn,port": A list of mandatory parameters.
no-default-alpn: Indicates that there is no default application-layer protocol. If this parameter is present, the `alpn` parameter is required.
dohpath="/dns-query{?dns}": The URI template for DNS-over-HTTPS (DoH) access.
Separate multiple key-value pairs with spaces. The maximum length is 1,024 characters.
Example:
aliyundoc.com.TTL
The duration that the record is cached by recursive DNS servers. A lower TTL allows DNS changes to propagate faster. The standard recommendation is 600 seconds (10 minutes). For more, see Configure TTL.
Version
Free Version
Personal Version
Enterprise Ultimate Version
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Example
Verify the configuration
Refer to TTL mechanisms and ensure that you verify the configuration after the DNS record has taken effect.
In addition to accessing the URL, you can test resolution effectiveness. If the record has not taken effect, see Troubleshooting.
References
If a DNS record conflict is reported when adding a record, see record conflict rules.
To add a wildcard record with the hostname set to *, see wildcard resolution.
If you encounter issues during the configuration, see the following: