Subdomain Recursive Resolution Proxy for Internal DNS Overview - Alibaba Cloud DNS - Alibaba Cloud - Alibaba Cloud DNS

This topic describes the resolution flow for private zones and how to enable the subdomain recursive proxy.

Private zone resolution flow

Note

If the record value of a CNAME record is the same as the domain name being queried, a CNAME resolution loop occurs. The system immediately stops the process and returns the result.

When a client in your VPC initiates a DNS query, the resolver first queries the associated Authoritative Zone for a matching record. If the result contains a CNAME record value, the resolver initiates a new query for the CNAME domain. Otherwise, the resolver returns the result to the client.
If no matching record is found in the Authoritative Zone, the resolver checks if the query matches a forwarding rule. If a match is found, the resolver forwards the query to an external DNS resolver. If the result contains a CNAME record value, the resolver initiates a new query for the CNAME domain. Otherwise, the resolver returns the result to the client.
If the query does not match a forwarding rule, the resolver performs a public recursive resolution and retrieves the result. If the result contains a CNAME record value, the resolver initiates a new query for the CNAME domain. Otherwise, the resolver returns the result to the client.

Subdomain recursive proxy

If a query is made for a subdomain that is not configured in your zone after you enable this feature, the resolver acts as a proxy to perform a public recursive resolution. The resolver then returns the public resolution result to the VPC as the DNS response.

For example, assume a zone is named aliyun.com and you have configured three private records within aliyun.com, as shown in the following table.

Host record	Type	TTL	Value
host01	A	60	10.0.0.1
host02	A	60	10.0.0.2
host03	A	60	10.0.0.3

When you query host01.aliyun.com, host02.aliyun.com, or host03.aliyun.com from within the associated VPC, the resolver returns the private record values 10.0.0.1, 10.0.0.2, and 10.0.0.3, respectively.
When you query public domain names such as www.aliyun.com, api.aliyun.com, or rds.aliyun.com from within the associated VPC, the resolver performs a public recursive resolution. The public resolution result is returned as the final DNS response.

Enable or disable subdomain recursive proxy

When you add a Private Zone domain for the first time, you can enable or disable the subdomain recursive proxy. For information about the parameters, see Add a Private Zone.

Procedure

Log on to the Alibaba Cloud DNS console.
Click User Defined Zones > target domain name to go to the domain details page.
Click Zone Settings > Recursive Resolution Proxy for Subdomain Names to enable or disable the feature.

Note

Enabling the subdomain recursive proxy feature does not affect the resolution of existing records.