All Products
Search

This Product

    Alibaba Cloud DNS:Do intranet DNS records override Internet DNS records?

    Document Center

    Alibaba Cloud DNS:Do intranet DNS records override Internet DNS records?

    Last Updated:Nov 30, 2023

    After you add a built-in authoritative zone and add intranet Domain Name System (DNS) records for the zone, the intranet DNS records do not immediately override the Internet DNS records for the zone. The intranet DNS records override the Internet DNS records only when visitors access the domain names in the built-in authoritative zone from the virtual private clouds (VPCs) that are associated with the built-in authoritative zone. These VPCs are the effective scope of the built-in authoritative zone.

    If you want to resolve both the private domain names that are configured with intranet DNS records in the built-in authoritative zone and the public domain names that are not added in the built-in authoritative zone, enable the subdomain recursive resolution proxy.

    Procedure

    Add the built-in authoritative zone aliyun.com

    After you add the built-in authoritative zone aliyun.com and configure intranet DNS records for the zone, but do not specify an effective scope for the zone, the intranet DNS records for the zone do not take effect. When the domain name www.aliyun.com is resolved, the Internet DNS record configured for www.aliyun.com is returned.

    Add an intranet DNS record

    Before you specify an effective scope for the zone aliyun.com, you must add at least an intranet DNS record for the zone. This prevents no DNS resolution result from being returned for the DNS requests initiated in the associated VPCs when intranet DNS records override Internet DNS records.

    Therefore, before you specify an effective scope for a built-in authoritative zone, you must add intranet DNS records for the domain names that are being accessed in the zone.

    Configure an effective scope for the built-in authoritative zone

    Specify the VPCs where Elastic Compute Service (ECS) instances are deployed as the effective scope of the built-in authoritative zone. These ECS instances require access to the built-in authoritative zone. After you configure the effective scope, the intranet DNS records for the built-in authoritative zone override the Internet DNS records for the zone.

    The following section shows the intranet DNS record configured for www.aliyun.com in the built-in authoritative zone.

    Note

    www.aliyun.comA60192.168.1.1

    When you ping www.aliyun.com on an ECS instance in a VPC within the effective scope of the zone, 192.168.1.1 is returned. The Internet DNS record for www.aliyun.com is overridden.