All Products
Search

This Product

    WUYING Workspace:Enable the DNS feature

    Document Center

    WUYING Workspace:Enable the DNS feature

    Last Updated:Jan 22, 2024

    You can enable the DNS feature of WUYING Workspace to control the access from cloud computers to domain names. This ensures the security and regulatory compliance of data transfer between cloud computers and domain names. This topic describes how to enable the DNS feature in a policy to control access from cloud computers to domain names.

    Feature overview

    By default, the DNS feature is disabled. Cloud computers that are associated with policies in which the DNS feature is disabled can access all domain names. You can enable the DNS feature based on your business requirements. When you enable this feature, you must specify the domain names that you allow or forbid cloud computers to access. WUYING Workspace also supports fine-grained access control from cloud computers to multi-level domain names.

    This topic provides examples to help you understand and use the DNS feature. The domain names that are used in the examples are provided only for reference. You must specify the domain names that you allow or forbid cloud computers to access based on your business requirements.

    The following table provides sample domain names to describe how to implement fine-grained access control.

    Domain name

    Example

    Access policy

    Description

    Primary domain name

    example.com

    Allow

    Cloud computers can access the example.com domain name and end users can open the web page on the cloud computers as expected.

    First-level domain name

    writer.examplec.com

    Forbid

    When cloud computers attempt to access the writer.example.com domain name, the 404 error code is returned.

    developer.example.com

    Allow

    Cloud computers can access the developer.example.com domain name and end users can open the web page on the cloud computers as expected.

    Second-level domain name

    image.developer.example.com

    Forbid

    When cloud computers attempt to access the image.developer.example.com domain name, the 404 error code is returned.

    video.developer.example.com

    Allow

    Cloud computers can access the video.developer.example.com and guide.developer.example.com domain names and end users can open the web pages on the cloud computers as expected.

    guide.developer.example.com

    Allow

    Limits

    Before you configure access control rules for domain names, take note of the following items:

    • Limits on domain names

      To ensure that WUYING Workspace can be used as expected, specific domain names are reserved by WUYING Workspace and can be always accessed from cloud computers. Even if you forbid cloud computers to access these domain names in access control rules, the rules do not take effect on the domain names in actual business scenarios. The following items describe the reserved domain names:

      • *.gws.aliyun

      • *.aliyun.com

      • *.alicdn.com

      • *.aliyunpds.com

      • *.aliyuncds.com

      • *.aliyuncs.com

    • Limits on operating systems

      The DNS feature takes effect only on cloud computers that run the Windows operating system.

    Configure access control rules

    You can configure access control rules. For example, you can allow access from cloud computers to Domain Name A and forbid access from cloud computers to Domain Name B. To configure access control rules, perform the following operations:

    1. Log on to the WUYING Workspace console.

    2. In the left-side navigation pane, choose Operations > Policies.

    3. In the upper-left corner of the top navigation bar, select a region.

    4. On the Policies page, click Create Policy.

    5. In the Create Policy panel, enter the name of the policy that you want to create as prompted.

    1. Click the DNS tab and select Enable.

    2. Configure access control rules based on your business requirements.

      Note

      • If you enable the DNS feature but do not configure an access control rule, cloud computers can access all domain names.

      • You can configure one access control rule in each row. Asterisks (*) are supported in domain names.

      • Example: *.example.com.

      • You can configure up to 300 access control rules.

      1. Click Add More. Then, configure the Domain Name, Description, and Access Policy columns based on your business requirements.

        Note

        • If you want to configure multiple rules that allow access, you must configure one rule that denies access.

        • If you configure multiple access control rules, the access control rules are prioritized based on their positions in the list. The first value in the list has the highest priority. You can drag an access control rule to different positions in the list to change the priority of the access control rule.

      2. Confirm your settings and click Save in the Actions column.

      3. (Optional) Repeat the preceding steps to configure more access control rules.

    3. Click Create.

      After the policy is created, you can view the policy on the Policies page.

    Other supported operations

    • Modify access control rules

      Find the domain name that you want to modify and click Edit in the Actions column. In the row of the domain name, modify the access policy and click Save.

      Note

      After you modify an access control rule, the modification immediately takes effect.

    • Delete access control rules

      Find the domain name that you want to delete and click Delete in the Actions column.

    • Change the priorities of access control rules

      Find the domain name whose priority you want to manage, click Move in the Actions column, and then drag the row of the domain name to another position in the access control rule list. This way, the priority of the access control rule is changed.

    References