This topic describes the major advantages of HTTPDNS over traditional DNS.
Risks of traditional DNS
In the traditional DNS process, a client sends a query request to a local DNS server based on the UDP protocol. This approach carries the following risks:
Security risks
The UDP protocol does not have encryption capabilities, making DNS queries vulnerable to hijacking.
The cache records of local DNS servers can be maliciously tampered with, potentially redirecting users to phishing sites or unwanted advertisement pages.
Uncontrollable cache refresh
Local DNS servers are managed by different Internet service providers (ISPs). Due to variations in management methods and maintenance capabilities, the cache update time is uncontrollable. For example, when an A record on an authoritative DNS server is updated, local DNS servers of different ISPs may not be updated at the same time. As a result, some users may be directed to the new IP address, while other users still access the previous IP address.
Cross-network resolution results and increased latency
If the IP address of a client and that returned by a local DNS server do not belong to the same ISP, the quality of the network connection may degrade. This can occur in the following scenarios:
Forwarding of DNS query request: During recursive resolution, the local DNS server of the ISP A may forward the query request to the ISP B. When the ISP B initiates a recursive query request, the authoritative DNS server returns an IP address that belongs to the ISP B.
Multiple egress IP addresses: The local DNS server converts the internal IP address to the Internet egress IP address over NAT. Usually there are multiple egress IP addresses. If the IP address of the client belongs to the ISP A and the Internet egress IP address of the local DNS server belongs to the ISP B, the IP address returned by the authoritative DNS server also belongs to the ISP B.
HTTPDNS Benefits
Protection against domain hijacking
HTTPDNS resolves domain names over HTTP or HTTPS. DNS resolution requests are sent directly to the HTTPDNS server, bypassing the local DNS servers of ISPs, preventing domain hijacking.
Precise scheduling
Due to the diverse policies of ISPs, clients may be unable to access the nearest or optimal points of presence (POPs) based on the resolution results of local DNS servers. In contrast, HTTPDNS can access the IP address of a client and then provide the most accurate resolution result based on the IP address. This allows the client to access the nearest POP.
Low latency
HTTPDNS makes use of client-specific policies such as pre-resolution of hotspot domain names, caching of DNS resolution results, and lazy updates of resolution results to implement domain name resolution at low latencies (down to milliseconds).
Quick resolution updates
After you modify the authoritative configuration of a domain name, manually refresh the HTTPDNS server caches. Domain resolution results are updated in seconds.
High scalability
Software-defined DNS (SDNS) is supported, which provides highly controllable traffic scheduling capabilities by ISP and region dimensions.
Global availability
HTTPDNS interfaces with authoritative DNS services available from companies such as Akamai and Cloudflare to achieve precise resolution on a global scale.
Stability and reliability
Guarantees 99.99% service availability, ensuring stability and reliability.
High availability
Adopts a disaster recovery strategy that includes multiple data centers within the same city and the active geo-redundancy architecture. This ensures high availability by enabling seamless failover to other nodes in the event of a single point of failure.