Alibaba Cloud DNS:Introduction to Alibaba Cloud Public DNS (Including HTTPDNS)

Overview

Public DNS provides stable, secure, precise, and fast public recursive resolution services for clients such as apps and IoT devices. It supports protocols such as HTTP, HTTPS, DNS over HTTPs (DoH), and DNS over TLS (DoT). Apps and IoT devices can use Public DNS to resolve domain names without the need to use traditional local DNS servers. Public DNS prevents issues such as domain hijacking, slow resolution, and invalid DNS record changes, which provides faster and more secure resolution services for your mobile devices.

IPv4 addresses: 223.5.5.5 and 223.6.6.6 IPv6 addresses: 2400:3200::1 and 2400:3200:baba::1

Common issues about using traditional local DNS servers

DNS hijacking

Local DNS servers perform DNS resolution based on the UDP protocol, which may be prone to security vulnerabilities. Internet service providers (ISPs) or intermediaries may tamper with DNS responses to redirect requests from users to malicious websites or advertising pages. This leads to poor user experience and even security risks.

DNS cache pollution

Similar to DNS hijacking, attackers can use forged identities or system vulnerabilities to easily obtain cached DNS records and modify the DNS records in local DNS servers. This poses threats to the integrity and reliability of network services.

Slow resolution

The local DNS servers of ISPs used by clients may require multiple recursive queries to obtain final DNS results. If no DNS records are cached in the local DNS servers, the resolution process will be prolonged. A small number of authoritative DNS servers that host some domain names are deployed in the world. This way, the queries initiated from local DNS servers to the authoritative DNS servers may time out, which leads to failures to resolve DNS requests from clients. This issue becomes more prominent in poor network environments.

Poor scalability

New standard protocols such as DoH and DoT are gaining increasing popularity. These protocols encrypt and transmit data by using the TLS protocol, which improves privacy security and service performance. However, traditional local DNS servers often do not natively support DoH and DoT, and cannot leverage these new technologies.

Long time to live (TTL)

Local DNS servers may have different cache management policies, and the TTL of DNS records cached in some local DNS servers may be long. In this case, the cached DNS records are always valid until the TTL periods expire even if authoritative DNS servers have updated DNS records. As a result, users still access the original destination addresses. If exceptions occur on the addresses, the corresponding services are unavailable for a long time.

Imprecise scheduling

Some local DNS servers cannot carry the source IP addresses of clients to authoritative DNS servers because these local DNS servers do not support EDNS Client-Subnet (ECS). As a result, the authoritative DNS servers cannot perform precise scheduling based on geographical locations. In addition, some public DNS servers act as proxy servers that forward network requests to authoritative DNS servers. This also leads to imprecise scheduling of the authoritative DNS servers.

Benefits of Public DNS (including HTTPDNS)

App anti-hijacking and higher security

Public DNS supports protocols such as HTTP, HTTPS, DoH, and DoT, which ensure higher security than the UDP protocol. If you use Public DNS to perform recursive DNS resolution, DNS requests will bypass the local DNS servers of ISPs to prevent domain hijacking and cache pollution.

Globally deployed nodes and accelerated resolution

DNS results can be cached on SDK clients to achieve zero resolution latency. Public DNS greatly improves client experience in accessing domain names and increases resolution success rates. Public DNS allows users around the world to access nearby nodes. This accelerates DNS resolution. Public DNS provides 29 DNS clusters and over 150 recursive nodes in the globe. Among these DNS clusters, 16 clusters are deployed outside the Chinese mainland.

Quick updates of DNS record changes

The changes in the DNS record of public authoritative domain names that are hosted by Alibaba Cloud DNS trigger the updates of data in Public DNS within seconds. When a quick change is required in a fault scenario, the concurrent update feature of Public DNS helps the DNS record change quickly take effect on clients.

Precise scheduling based on source IP addresses

Public DNS supports ECS and sends DNS requests that carry the source IP addresses of clients to authoritative DNS servers. This achieves precise scheduling for authoritative DNS servers.

Traffic analysis and detailed logs

Public DNS supports statistics on DNS requests and allows you to view the trend of DNS requests and top domain names with the largest number of DNS requests. Public DNS provides a DNS response detailed log for each DNS request to help troubleshoot during O&M.

SLA-guaranteed stability and reliability

Public DNS guarantees a 99.99% availability for resolution services in the Service Level Agreement (SLA) and provides over 150 nodes around the world for disaster recovery. This ensures high security, stability, and reliability.

Typical apps

Public DNS is used by a wide variety of clients around the world, including apps such as game, social media, video, and payment apps, and IoT devices such as smart speakers and on-board devices.

Contact us

If you encounter any issues when you use Public DNS, join the DingTalk group (ID: 36335002029) for technical support.