You can enable the DNS feature of WUYING Workspace to control the access from cloud computers to domain names. This ensures the security and regulatory compliance of data transfer between cloud computers and domain names. This topic describes how to enable the DNS feature in a policy to control access from cloud computers to domain names.
Feature overview
By default, the DNS feature is disabled. Cloud computers that are associated with policies in which the DNS feature is disabled can access all domain names. You can enable the DNS feature based on your business requirements. When you enable this feature, you must specify the domain names that you allow or forbid cloud computers to access. WUYING Workspace also supports fine-grained access control from cloud computers to multi-level domain names.
This topic provides examples to help you understand and use the DNS feature. The domain names that are used in the examples are provided only for reference. You must specify the domain names that you allow or forbid cloud computers to access based on your business requirements.
The following table provides sample domain names to describe how to implement fine-grained access control.
Domain name | Example | Access policy | Description |
Primary domain name |
| Allow | Cloud computers can access the |
First-level domain name |
| Forbid | When cloud computers attempt to access the |
| Allow | Cloud computers can access the | |
Second-level domain name |
| Forbid | When cloud computers attempt to access the |
| Allow | Cloud computers can access the | |
| Allow |
Limits
Before you configure access control rules for domain names, take note of the following items:
Limits on domain names
To ensure that WUYING Workspace can be used as expected, specific domain names are reserved by WUYING Workspace and can be always accessed from cloud computers. Even if you forbid cloud computers to access these domain names in access control rules, the rules do not take effect on the domain names in actual business scenarios. The following items describe the reserved domain names:
*.gws.aliyun
*.aliyun.com
*.alicdn.com
*.aliyunpds.com
*.aliyuncds.com
*.aliyuncs.com
Limits on operating systems
The DNS feature takes effect only on cloud computers that run the Windows operating system.
Configure access control rules
You can configure access control rules. For example, you can allow access from cloud computers to Domain Name A and forbid access from cloud computers to Domain Name B. To configure access control rules, perform the following operations:
Log on to the WUYING Workspace console.
In the left-side navigation pane, choose .
In the upper-left corner of the top navigation bar, select a region.
On the Policies page, click Create Policy.
In the Create Policy panel, enter the name of the policy that you want to create as prompted.
Click the DNS tab and select Enable.
Configure access control rules based on your business requirements.
NoteIf you enable the DNS feature but do not configure an access control rule, cloud computers can access all domain names.
You can configure one access control rule in each row.
Asterisks (*)
are supported in domain names.Example:
*.example.com
.You can configure up to 300 access control rules.
Click Add More. Then, configure the Domain Name, Description, and Access Policy columns based on your business requirements.
NoteIf you want to configure multiple rules that allow access, you must configure one rule that denies access.
If you configure multiple access control rules, the access control rules are prioritized based on their positions in the list. The first value in the list has the highest priority. You can drag an access control rule to different positions in the list to change the priority of the access control rule.
Confirm your settings and click Save in the Actions column.
(Optional) Repeat the preceding steps to configure more access control rules.
Click Create.
After the policy is created, you can view the policy on the Policies page.
Other supported operations
Modify access control rules
Find the domain name that you want to modify and click Edit in the Actions column. In the row of the domain name, modify the access policy and click Save.
NoteAfter you modify an access control rule, the modification immediately takes effect.
Delete access control rules
Find the domain name that you want to delete and click Delete in the Actions column.
Change the priorities of access control rules
Find the domain name whose priority you want to manage, click Move in the Actions column, and then drag the row of the domain name to another position in the access control rule list. This way, the priority of the access control rule is changed.