DocsICP FilingConsole
官方文档
首页

Authoritative Zone

更新时间:
复制 MD 格式
产品详情
我的收藏

Customize DNS resolution for any domain and reduce resolution latency with the Authoritative Zone feature.

What is authoritative zoneAuthoritative Zone

Define private authoritative zones and DNS records directly in HTTPDNS. These records apply only to queries carrying your Account ID—via SDK, API, DoT, or DoH.

Note

  • Unencrypted connections do not support Authoritative Zone. For example, clients directly using 223.5.5.5, 223.6.6.6, 2400:3200::1, or 2400:3200:baba::1.

  • The Authoritative Zone feature is not supported when accessing an Enterprise Recursive Gateway by attaching public egress IP addresses.

  • DNS query matching priority: Blacklist/Whitelist > Authoritative Zone > Cache > recursion.

Why use authoritative zoneAuthoritative Zone

  • Faster resolution: When an app or IoT device resolves a domain defined in the Authoritative Zone, HTTPDNS returns the result directly—no recursive queries to root or TLD servers.

  • Anti-hijacking: Domains in the Authoritative Zone resolve without recursion. The shorter path through the Authoritative Zone reduces hijacking risk.

  • Enhanced security: Use private domains in an Authoritative Zone as service endpoints for apps or IoT devices. These domains are not resolvable from the public internet, preventing DNS-based attacks.

Procedure

image

Step 1: Add a zone

  1. Go to the Alibaba Cloud DNS console.

  2. Click the Authoritative Zone tab.

  3. Click Add Zone. In the dialog box, enter the domain (zone), choose whether to enable Recursive Resolution Proxy for Subdomain Names, and submit.

    Important

    • If recursive resolution proxy is disabled, DNS queries for non-existent subdomains in the authoritative zone fail immediately—HTTPDNS performs no further recursive queries.

    After creation, the zone domain cannot be changed. This feature is in public beta with a maximum of five zones per account.

Step 2: Add DNS records

  1. On the Authoritative Zone tab, click Settings next to the target domain (zone).

  2. On the Settings tab, click Add Record. In the dialog box, configure the record parameters and submit.

    Note

    Record Type: Authoritative Zone supports A, CNAME, AAAA, TXT, MX, and SRV record types. Add a DNS record explains the differences.

    Hostname: The prefix of a domain. Common examples include www, @, *, and mail.

    Query Source: Smart DNS resolution is supported. Supported line codes are listed in Line codes. You can also configure Custom ACLs.

    Record Values Load Strategy: By default, multiple IP addresses for a record are returned in round-robin order. Enable weighted round-robin to control traffic distribution among record values. Weight range: 0–100.

Step 3: Set effective scope

  1. On the Authoritative Zone tab, click Effective Scope next to the target domain (zone).

  2. On the Zone Settings tab, under Effective Scope, select your account's Unique configuration ID, then click OK.

    Important

    • The effective scope applies immediately. Configure it only after adding all required DNS records to avoid resolution failures.

    • Cross-account effective scope settings are not supported.

Previous:Blacklist/WhitelistNext:Developer reference