All Products
Search

This Product

    Edge Security Acceleration:Add your website to ESA by NS setup

    Document Center

    Edge Security Acceleration:Add your website to ESA by NS setup

    Last Updated:May 07, 2025

    Adding your website to Edge Security Acceleration (ESA) by NS setup allows ESA to manage your DNS resolution. ESA offers comprehensive and user-friendly security protection and performance optimization.

    Select an appropriate DNS setup

    ESA provides two DNS setups: CNAME and NS. Before you add your domain name to ESA, you can select a setup based on your needs.

    • NS Setup: ESA manages DNS for your domain name. NS is suitable if you have not used traditional Content Delivery Network (CDN) products or need one-stop website management.

      image

    • CNAME setup: the setup used by traditional CDN products. You can choose CNAME if you are familiar with traditional CDN products or do not want to change your DNS service provider.

    Learn NS setup in six minutes

    Before you begin

    1. You have an Alibaba Cloud account. For information about creating accounts, see Create an Alibaba Cloud account.

    2. You have a domain name and its origin. You can register a domain name on Alibaba Cloud, and create an ECS instance as your origin.

    Step 1: Add a website

    Add the root domain of your website to ESA. This allows ESA to manage DNS resolution for your entire domain.

    1. In the ESA console, click Websites. On the Websites page, click Add Website.

    2. In the Enter Website step, enter the domain name you want to add to ESA, such as example.com, and click Next.image

    3. In the Select Location and DNS Setup step, select the region where you want to have ESA service in the Location section. Select NS the DNS Setup section, and then click Next. For more information on service location, see What are the differences between service locations?.image

    4. On the Select Plan page, you can select New Plans or Purchased Plans to choose a plan for your website. Then, follow the instructions in the console to make the purchase.

    Step 2: Add DNS records

    To prevent service interruptions caused by invalid DNS records, you must migrate the DNS records from your current DNS service provider to ESA before you modify the DNS server. For the supported record types, see Parameters for adding records.

    1. In the left-side navigation pane, choose DNS .

    2. You can import multiple records at a time or manually add records one by one.

      (Recommended) Import DNS records at a time

      1. Click Import. On the page that appears, click Download File Template.

      2. Fill and save the DNS records from your current DNS service provider in the template file, and click Upload File.

        Import Template

        ;Hostname TTL IN Record Type Record Value

$ORIGIN example.com.

; A record
1.example.com.   600 IN  A   8.8.8.8

; AAAA record
2.example.com.   600 IN  AAAA		2400:cb00:2049:1::a29f:f9

; CNAME record
3.example.com.   600 IN  CNAME     example.com.

; MX record
4.example.com.    600 IN  MX	15 mailhost.example.com.

; TXT record
5.example.com.   600 IN  TXT	xxxxxxxxxxxxxxxxxxx

; NS record
6.example.com.    600 IN  NS	ns.example.com.

; SRV record
_sip._tcp.example.com.   600 IN  SRV	1 5 7001 srvhostname.example.com.

; CAA record
hostname.example.com.    600 IN  CAA	0 issue example.com

; CERT record
cert.example.com.	1	IN	CERT	0 0 0 VEVwQk5GWXlUR3RXVVZwc1RIcGFhMGh0UVhWUGQweFJFZENNM0JSVFROV2JVd3lWbFJOTkVSS1dnPT0=

; SMIMEA record
smimea.example.com.	1	IN	SMIMEA	12 12 12 436c6f7564666c61726520444e53

; SSHFP record
sshfp.example.com.	1	IN	SSHFP	12 12 436C6F7564666C61726520444E53

; TLSA record
tlsa.example.com.	1	IN	TLSA	12 12 12 436c6f7564666c61726520444e53

; URI record
uri.example.com.	1	IN	URI	12 12 "http://www.example.com/service"

      3. On the Import page, check and adjust the record configurations. By default, ESA provides DNS resolution. You can turn on ESA Proxy Status for the records to enable acceleration and protection.image

      4. After you adjust the DNS records, click Import.

      Manually add a single record

      1. Click Add Record. In the dialog box that appears, add a DNS record.

        Add DNS records

        Example: the domain name of your website is example.cn, and you want to accelerate the web pages of its subdomain www.example.cn. The IP address of the source server is 1.2.3.4. You can configure the website as the following figure:image

      2. Click Next and select a business type. image

    (Optional) Configure the SSL certificate

    If you want to allow HTTPS access to your proxied domains, configure edge certificates for the domains. This prevents service interruptions if users access your website over HTTPS.

    Step 3: Modify NS server and enable website

    When you have migrated the DNS records, you need to update your DNS server to the one assigned by ESA.

    1. In the left-side navigation pane, click Overview and copy imagethe nameserver provided by ESA. image

    2. Follow the instructions in the console to go to your DNS service provider and modify the DNS servers. image

    3. Optional. After you update the nameserver, go back to the ESA console and click Verify Nameserver on the Overview page.

      It may take several minutes to 48 hours to process nameserver updates. If the verification fails, try again later. You will receive an email and internal message when your website is onboarded to ESA and turns into the Active state.

    (Optional) Verify whether a website is accelerated

    When your website is active on ESA, client requests to your website are automatically directed to the nearest POPs. You can check the IP address to verify whether the acceleration takes effect.

    Method 1: Use the browser developer tools

    Test a proxied DNS record. Traffic to unproxied DNS records does not pass through POPs.

    1. Access a resource on your website by using a web browser, such as https://api.example.com/test.txt. Use developer tools to query the IP address to which the request is directed.

    2. Go to the IP Geolocation page to check whether the IP address belongs to ESA POPs. If Yes, the website is being accelerated by ESA.

    Method 2: Use the CLI

    Test a proxied DNS record. Traffic to unproxied DNS records does not pass through POPs.

    For Windows

    1. Start Command Prompt.

    2. Run the nslookup -type=A hostName command, such as nslookup -type=A test.example.com, to obtain the resolved IP address.image

    3. Go to the IP Geolocation page to check whether the IP address belongs to ESA POPs. If yes, the website is being accelerated by ESA.

    For Linux or macOS

    1. Open the terminal.

    2. Run the dig hostName command, such as dig test.example.com, to obtain the resolved IP address.image

    3. Go to the IP Geolocation page to check whether the IP address belongs to ESA POPs. If yes, the website is being accelerated by ESA.

    Method 3: Check the instant logs

    Note

    The Entrance plan does not support instant logs. You can upgrade a plan.

    1. In the ESA console, select Websites. On the Websites page, find the website that you want to manage, and click the website name.

    2. In the left-side navigation pane, choose Analytics and Logs > Instant Logs. Then, click Start Monitoring to collect logs.

    3. If the access log can be queried on the Instant Logs page, the website is being accelerated by ESA.

      image

    Enable security protection

    After your website is connected to the ESA, you can customize security settings for data encryption and request filtering.

    Data transmission encryption

    ESA being between the client and your server helps you manage data transmission security from end to end.

    image

    By default, the ESA enables the SSL/TLS feature. You can apply for a free edge certificate to use HTTPS to access ESA POPs. To enhance security between clients and ESA POPs, you can enable TLS mutual authentication. This way, clients are verified before requests are accepted.

    Abnormal requests mitigation

    ESA with native Web Application Firewall (WAF) protection rules can filter requests from clients to ensure that only clean traffic reaches the servers. image

    While your business is running, ESA collects data from multiple dimensions for security analytics and event analytics. This helps you quickly identify abnormal requests and use WAF custom rules to block or challenge requests. By default, the ESA enables Basic DDoS Protection to protect your website against DDoS and HTTP flood attacks.

    Optimize website performance

    Maximize your website's overall performance by enhancing access and network speed through ESA features.

    Access speed

    You can enhance your website's access speed by setting up ESA features such as image transformations, content compression, and protocol optimization.

    Network speed

    ESA helps you improve network speed with IPv6 support, WebSocket and gRPC connections, as well as settings for a maximum upload size.

    Learn more about ESA

    ESA also supports features related to cache, Edge computing, rules, analytics and logs, and traffic.

    Cache

    You can store resource files at ESA POP by configuring cache policies or cache rules for your website. When you request a file, the POP will respond directly, reducing time-consuming origin fetches and speeding up access to the latest files.

    Edge computing

    ESA offers an efficient, flexible, and low-latency edge computing solution through three products: Edge Routine, Edge Containers, and Edge KV.

    • Edge Routine: This serverless service allows you to deploy JavaScript code directly on POPs. Your requests are processed at the nearest POP, significantly reducing computing latency.

    • Edge Containers: These are container-based computing resources deployed on POPs. They offer high elasticity and easy maintenance. With global deployment and localized scheduling, they simplify protocol handling and greatly reduce response time.

    • Edge KV: This key-value edge storage service works with Edge Routine to help you quickly access data from the same POP, enabling lightweight BaaS services and API gateways.

    Rules

    Leverage a unified tool to create and deploy conditional rules across various features such as caching, redirection, compression, origin fetch, and WAF. This allows you to flexibly and precisely implement various strategies, leading to more efficient management and optimization.

    Analytics and logs

    ESA generates real-time and detailed analytics and logs when processing requests. You can use this information to optimize resource allocation, identify and fix service issues, create monitoring solutions, and assess network connection quality for performance testing. These features help you ensure stable and efficient website operations.

    Traffic

    ESA POPs monitor data flow in real time and adjust it intelligently. Use these features to optimize traffic distribution strategies and balance the load across multiple origins. You can significantly reduce latency while enhance the availability and stability of your services.