New version console, fully functionality upgrade for Private DNSLearn more >
Resource Records configuration supports graphical orchestration to optimize the operation experienceLearn more >
Built-In Authoritative Module: DNS resolution based on weights or user-defined lines is supportedLearn more >
Cache Retention: 100% cache hit for presetting public domain name, and the cache data is not cleared to optimize its resolution qualityLearn more >
Forward Module: Forward DNS requests from VPCs to the external DNS for hybrid cloud scenariosLearn more >
Traffic Analysis: DNSLog analysis for tracing end-to-end DNS resolution path, and DNSLog can be transferred to SLS LogstoreLearn more >
A Private DNS Platform for Integrated Scenarios of Multi-Cloud and Traditional IDC
Alibaba Cloud DNS PrivateZone is an easy-to-use DNS resolution service in corporate intranets. It can resolve internal and external domain names in corporate intranets, such as Alibaba Cloud VPCs and on-premises data centers. It allows you to define private authoritative domain names in corporate intranets and helps retain caches, clear caches, forward DNS requests, send recursive queries to the Internet, and analyze traffic for DNS requests. This ensures faster and safer internal DNS resolution.
Meet the DNS resolution requirements in the fully integrated scenario of devices, IDCs and cloud platforms, and achieve all products coverage for end-to-end DNS resolution path.
The deployment of the resolution components uses a fully heterogeneous architecture, providing up to 99.99% and 99.9% level agreement (SLA) commitments in the central regions and local regions, respectively.
Resource Records configuration supports graphical orchestration, providing a one-click batch configuration experience for all record types simultaneously. At the same time, it provides DNS resolution logs to analyze end-to-end DNS resolution path and behavior.
Built-In Authoritative Module, Cache Module, Forward Module, Recursion Module, and Traffic Analysis Module
Built-In Authoritative Module
Define private authoritative zones within your internal networks (such as VPCs). Built-in authoritative zones are classified into regular zones and acceleration zones. For regular zones, the DNS requests from clients are not directly routed to the Built-In Authoritative Module. The DNS requests are firstly routed to the Cache Module and then routed to the regular zone Module if the cache is missed. Resource Records updates take effect with the TTL limit. For acceleration zones, the DNS requests from clients are directly responded to with the lowest latency. Resource Records real-time updates take effect with no TTL limit. Acceleration zones are an upgraded version of regular zones, and newly added features include DNS resolution based on weights and user-defined lines.
VPC Security Isolation
Private domain names can only be resolved in VPCs associated.
Unified DNS Management across Multiple Alibaba Cloud Accounts
Associate DNS Setting Data with VPCs of multiple Alibaba Cloud accounts and perform centralized DNS management in the same corporate intranet.
User-Defined Authoritative Zones
Define private authoritative zones, and support hosting zones and sub-zones.
Intelligent DNS Resolution
Support private intelligent DNS resolution based on request lines or weights in corporate intranets.
User-Defined Request Lines
Support defining inner request lines based on IP addresses and then define private DNS resource records for those lines.
Synchronization for ECS Hostnames
Support synchronization for ECS hostnames in presetting regions, and support manual synchronization and automatic synchronization (once every minute).
Recursive Resolution Proxy for Subdomain Names
Queries for non-existent sub domain names under the private zones are routed to the Forward Module and Recursive Module, which can achieve separation of private and public DNS resolutions.
IP Reverse Resolution
Support IP reverse resolution for translating IP addresses to domain names.
Support synchronizing built-in authoritative zone data from on-premises IDCs with AXFR or IXFR zone transfer protocols.
The results of DNS resolution response in corporate intranets are temporarily stored in the Cache Module if it is from the Built-In Authoritative Module for Regular Zones, Forward Module, or Recursion Module. It can accelerate the DNS resolution for the same domain names. We recommend enabling the cache retention feature for hotspots and important domain names to permanently store the DNS resolution results in the caches. This can accelerate the DNS resolution speed in intranet networks, and prevent DNS resolution failures for public domain names in intranet networks when DNS resolution services are down, which are provided by other authoritative DNS vendors.
Cache Retention for 100% Cache Hit
It supports enabling the cache retention feature for hotspots and important domain names to permanently store the DNS resolution results in the caches. This can accelerate the DNS resolution speed in intranet networks, and prevent DNS resolution failures for public domain name in intranet networks when DNS resolution services are down which are provided by other authoritative DNS vendors.
In an emergency, clear DNS cache results from the Cache Module rapidly without TTL limitation.
You can create forward zone rules and outbound endpoints, which can forward DNS requests for the zone in VPCs to the external DNS. This is suitable for DNS resolution in hybrid cloud scenarios and DNS resolution between cloud and on-premises scenarios.
These are DNS forwarders in VPC networks, which can forward DNS requests for the zone in VPCs to the external DNS, to meet Cloud ECS or Containers' DNS resolution requirements to private domain names hosted in on-premises IDC DNS.
User-Defined Forward Zones
Support defining forward rules based on zones, and only permit DNS forward queries for those zones.
If the query domain name is NOT hit in the Built-In Authoritative Module, Cache Module, and Forward Module, it will be routed to the Recursion Module to get responses from the Internet and then notify the Cache Module to update cached results.
We provide the Recursion Module for free by default. It can serve all ECS instances, containers, and other clients hosted in Alibaba Cloud VPCs or your IDC intranet network. For the Recursion Module, we can't guarantee to give you a Service Level Agreement (SLA) but provide best-effort service because of external network instability.
Traffic Analysis Module
We provide end-to-end, full-resolution path and visualized DNS traffic analysis service to profile entire processes, including receiving DNS requests, processing DNS resolution, and returning resolution results. We provide graphical charts for various statistical metrics to help users to view and make decisions to optimize their business.
We provide data analysis in various dimensions (such as resolution delay, resolution volume, cache hit rate, hot domain names, and hot request sources), which can offer data references for business optimization.
DNSLog Transferred to SLS Logstore
DNSLog can be transferred to SLS Logstore. You must firstly open the traffic analysis service to gather DNS resolution logs to use this function.
Intelligent DNS resolution based on request lines or weights, public domain name resolution optimization, hybrid interconnection in and out of the cloud, and full resolution path visualized DNS traffic analysis
Intelligent DNS Resolution Based on Request Lines
Identify visitors based on the request source IP address, and intelligently return different application IP addresses for different visitors, and improve website access speed.
Intelligent DNS Resolution Based on Weights
When responding to DNS queries, all addresses are returned according to weight calculation proportions, and application traffic is distributed to different servers to achieve load balancing.
Public Domain Name Resolution Acceleration and Disaster Recovery Protection
Using the cache retention function can significantly improve the resolution speed of public domain names and ensure that the domain name can still be resolved normally, even if the DNS service provider for the domain name fails.
Traffic Visualization Based on DNSLog
We provide traffic analysis services based on DNS resolution logs, completely restoring the entire process path from receiving resolution requests to intermediate processing and returning resolution results.
Application Interconnection between In-Cloud and Out-Cloud
Applications in Alibaba Cloud VPC and on-premises IDC need to make inter-business calls through DNS queries.
Smooth Migration to the Cloud for Enterprises
Avoid modifying application codes, reduce application modifications, and reduce cloud migration risks.
ECS Access Cloud Product Instances
DNS queries within the private network are responded to in real time without the need for public network access.
Intranet Security Audit
We gather the DNS resolution logs deployed in the enterprise's private network (such as Alibaba Cloud VPC) to help enterprises understand the usage of intranet domain names.
VPC Intranet Private DNS Resolution
We provide private domain name resolution services for terminals and servers within the VPC network.
Unified Domain Name Access Both in Production and Testing Environments
Services in the production environment and testing environment use the same domain name to provide external services. Clients in different environments use the same domain name connection string for service access, avoiding modification of clients' codes to adapt to different environments.
ECS Hostname Management
You can plan the hostname based on the location, purpose, owner and other information of the cloud server, and use the hostname to add intranet private resolution records to the cloud server.
Access the Cloud Server through the Domain Name
Create an intranet domain name for each cloud server in the VPC and add it to the resolution of the corresponding private network IP to enable mutual access between cloud servers using the intranet domain name.