Bind a public egress IP address

Why Bind Enterprise Public Egress IP Address

Unencrypted DNS access uses UDP/TCP to send recursive requests, typically with addresses like 223.5.5.5, 223.6.6.6, 2400:3200::1, and 2400:3200:baba::1 configured in system DNS settings on PCs and IoT devices. This traffic carries no user identifiers, so the service cannot identify its source. Binding your public egress IP address tags your DNS traffic for monitoring. When attacks or query surges trigger public DNS rate limiting, the system prioritizes requests from bound source IPs to prevent throttling.

Procedure

After you bind an IP address, all UDP/TCP requests from it are linked to your account. In extreme cases where the intelligent rate-limiting policy activates, bound source IPs are prioritized to avoid throttling. DNS traffic from bound source IPs is billable, with a free monthly quota of 20 million UDP/TCP requests (equivalent to 10 million HTTP requests). For details, see Product Billing.

1. Go to the Alibaba Cloud DNS - Enterprise Recursive Gateway console.

2. Navigate to the Recursive QPS Protection tab and click Add.

   On the Recursive QPS Protection page, in the Bind public egress IP section, click Add.

3. In the dialog box that appears, enter the Source IPv4 Address.

   Note

   If your IP address changes dynamically, open the "Auto-update bound IP" link provided in the console in a browser to update the IP address.

   The CIDR mask to the right of the Source IPv4 Address field defaults to 32. Optionally, enter a description, then click OK.