After you add a domain name-based authorization rule, you must also add a DNS authorization rule to sync the domain name's DNS endpoint with Alibaba Cloud. You can also use this rule to redirect the DNS endpoint.
Background information
Cloud Connector provides a comprehensive service for IoT devices to connect to the cloud over a private Access Point Name (APN) network. IoT SIM cards that use the private APN network require authorization rules. The IoT SIM cards can access only the addresses specified in the authorization rules. Cloud Connector authorization rules support both IP addresses and domain names. If you configure an authorization rule based on a domain name, you must also configure a DNS authorization rule. Cloud Connector also supports the redirection of DNS endpoints. If the IP address that a domain name resolves to changes and an IoT device has not updated the DNS endpoint, you can use Cloud Connector to redirect traffic to the correct destination address.
Tasks
Prerequisites
You have created a Cloud Connector instance. For more information, see Create a Cloud Connector instance.
Add a DNS authorization rule
Each source DNS IP address can be added only once.
- Log on to the Cloud Connector Management Console.
In the top menu bar, select the region where the Cloud Connector instance is located.
On the Instance List page, find the target Cloud Connector instance, and click Configure Authorization Rule in the Actions column.
On the tab, click Add Rule.
In the Add DNS Rule dialog box, set the required parameters and click OK.
Configuration
Description
Rule Name
Enter a name for the DNS authorization rule.
The name must be 2 to 128 characters in length. It must start with a letter and can contain digits, periods (.), underscores (_), and hyphens (-).
Source DNS
Enter the IP address for the source DNS authorization rule. The IP address can be, but is not limited to, one of the following:
100.100.2.136, 100.100.2.137, 100.100.2.138, 114.114.114.114, 8.8.8.8, 8.8.4.4, 223.5.5.5, 223.6.6.6, 221.5.88.88, 116.116.116.116, 221.228.15.26, 61.139.2.69, 218.6.200.139, 119.29.29.29, 218.2.2.2, 208.67.220.220, 208.67.222.222, 218.4.4.4.
If the
IllegalParam.SourceNotDNSIPerror code is returned when you enter the source DNS IP address, submit a ticket, and include the requested DNS IP address in the ticket.Destination DNS
The redirection address for the source DNS.
If the DNS address for a domain name that your IoT device accesses changes, enter the destination DNS IP address to redirect the legacy DNS address to the new one.
Modify a DNS authorization rule
You can modify the name, source DNS IP address, and destination DNS IP address of a DNS authorization rule.
You cannot modify the destination DNS IP address if it was not configured when the rule was created.
- Log on to the Cloud Connector Management Console.
In the top menu bar, select the region where the Cloud Connector instance is located.
On the Instance List page, find the target Cloud Connector instance, and click Configure Authorization Rule in the Actions column.
On the tab, find the target DNS rule, and click Edit in the Actions column.
In the Edit DNS Rule dialog box, modify the rule as needed, and then click OK.
Delete a DNS authorization rule
- Log on to the Cloud Connector Management Console.
In the top menu bar, select the region where the Cloud Connector instance is located.
On the Instance List page, find the target Cloud Connector instance, and click Configure Authorization Rule in the Actions column.
On the tab, find the target DNS rule, and click Delete in the Actions column.
In the dialog box that appears, click OK.
References
CreateDNSServiceRule: Creates a DNS authorization rule.
UpdateDNSServiceRuleAttribute: Modifies a DNS authorization rule.
DeleteDNSServiceRule: Deletes a DNS authorization rule.