All Products
Search
Document Center

Alibaba Cloud DNS:What is Alibaba Cloud Public DNS?

Last Updated:Jul 10, 2024

This topic describes the overview, development history, and advantages of Alibaba Cloud Public DNS Commercial Edition. Public DNS resolves domain names in a fast, secure, and stable way for a variety of clients. You can get 10 million HTTP-based Domain Name System (DNS) requests resolved free of charge each month after you activate Public DNS.

Overview

Public DNS provides stable, secure, precise, and fast public recursive resolution services for clients such as apps and IoT devices. It supports protocols such as HTTP, HTTPS, DNS over HTTPs (DoH), and DNS over TLS (DoT). Apps and IoT devices can use Public DNS to resolve domain names without the need to use traditional local DNS servers. Public DNS prevents issues such as domain hijacking, slow resolution, and invalid DNS record changes, which provides faster and more secure resolution services for your mobile devices.

image.png

IPv4 addresses: 223.5.5.5 and 223.6.6.6 IPv6 addresses: 2400:3200::1 and 2400:3200:baba::1

Common issues about using traditional local DNS servers

  1. DNS hijacking: Local DNS servers perform DNS resolution based on the UDP protocol, which may be prone to security vulnerabilities. Internet service providers (ISPs) or intermediaries may tamper with DNS responses to redirect requests from users to malicious websites or advertising pages. This leads to poor user experience and even security risks.

  2. DNS cache pollution: Similar to DNS hijacking, attackers can use forged identities or system vulnerabilities to easily obtain the cached DNS records and modify the DNS records of local DNS servers. This poses threats to the integrity and reliability of network services.

  3. Slow resolution: The local DNS servers of ISPs used by clients may require multiple recursive queries to obtain the final DNS results. If no DNS records are cached in the local DNS servers, the resolution process will be prolonged. A small number of authoritative DNS servers that host some domain names are deployed in the world. This way, the queries initiated from local DNS servers to the authoritative DNS servers may time out, which leads to failures to resolve DNS requests from clients. This issue becomes more prominent in poor network environments.

  4. Low scalability: New standard protocols such as DoH and DoT are gaining increasing popularity. These protocols encrypt and transmit data by using the TLS protocol, which improves privacy security and performance. However, traditional local DNS servers often do not natively support DoH and DoT, and cannot leverage these new technologies.

  5. Long TTL period: Local DNS servers may have different cache management policies, and the time to live (TTL) of DNS records cached in some local DNS servers may be long. In this case, the cached DNS records in the local DNS servers are always valid until the TTL periods expire even if authoritative DNS servers have updated DNS records. As a result, users still access the original destination addresses. If exceptions occur on the addresses, the corresponding services are unavailable for a long time.

  6. Imprecise scheduling: Some local DNS servers cannot carry the source IP addresses of clients to authoritative DNS servers because they do not support EDNS Client-Subnet (ECS). As a result, the authoritative DNS servers cannot perform precise scheduling based on geographical locations. In addition, some public DNS servers act as proxy servers that forward network requests to authoritative DNS servers. This also leads to imprecise scheduling of the authoritative DNS servers.

Benefits of Public DNS (including HTTPDNS)

  1. App anti-hijacking and higher security: Public DNS supports protocols such as HTTP, HTTPS, DoH, and DoT, which ensure higher security than the UDP protocol. If you use Public DNS to perform recursive DNS resolution, DNS requests will bypass the local DNS servers of ISPs to prevent domain hijacking and cache pollution.

  2. Globally deployed nodes and accelerated resolution: DNS results can be cached on SDK clients to achieve zero resolution latency. Public DNS greatly improves client experience in accessing domain names and increases resolution success rates. Public DNS allows users around the world to access nearby nodes. This accelerates DNS resolution. Public DNS provides 28 DNS cluster nodes and over 150 recursive nodes in the globe. Among these DNS cluster nodes, 16 cluster nodes are deployed outside the Chinese mainland.

  3. Quick updates of DNS record changes: The changes in the DNS record of public authoritative domain names that are hosted by Alibaba Cloud DNS trigger the updates of data in Public DNS within seconds. When a quick change is required in a fault scenario, the concurrent update feature of Public DNS helps the DNS record change quickly take effect on clients.

  4. Precise scheduling based on source IP addresses: Public DNS supports ECS and sends DNS requests that carry the source IP addresses of clients to authoritative DNS servers. This achieves the precise scheduling of the authoritative DNS servers.

  5. SLA-guaranteed stability and reliability: Public DNS guarantees a 99.99% availability for resolution services in the Service Level Agreement (SLA), which ensures security and reliability. Public DNS provides over 150 nodes around the world for disaster recovery. This ensures stability and reliability.

Typical apps

Public DNS is used by a wide variety of clients around the world, including apps such as game, social media, video, and payment apps, and IoT devices such as smart speakers and on-board devices.

  • Game and news apps

    Public DNS effectively reduces latencies and helps apps load content and respond in a faster way.

  • Audio and video apps

    Public DNS makes video playback smoother and improves user satisfaction.

  • Financial and payment apps

    The app anti-hijacking feature improves the security of financial apps and ensures network stability during transactions.

Contact us

If you encounter any issues when you use Public DNS, join the DingTalk group (ID: 36335002029) for technical support.