HTTPDNS is a stable, secure, accurate, and fast recursive DNS service for mobile apps, IoT devices, and other terminal devices. It supports HTTP, HTTPS, DoH, and DoT protocols. By replacing traditional Local DNS, HTTPDNS prevents domain hijacking, slow resolution, and delayed DNS record updates.
Resolution path
Limitations of Local DNS
DNS hijacking
Local DNS uses UDP, which allows attackers to tamper with responses and redirect requests to malicious or ad-serving sites.
DNS cache poisoning
Attackers can forge identities or exploit vulnerabilities to poison the Local DNS cache, compromising the integrity of DNS resolution.
Slow resolution
Local DNS may require multiple recursive queries to resolve a domain name. Without cached records, resolution slows significantly. Limited global coverage of some authoritative DNS servers can cause timeouts and failures, especially in weak network environments.
Poor extensibility
Modern protocols such as DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) encrypt DNS traffic with TLS for better privacy, but traditional Local DNS often lacks native support for them.
Long TTL cache period
Some Local DNS servers cache records with excessively long TTL values. When authoritative DNS records change, stale caches direct users to outdated addresses and can prolong outages.
Inaccurate scheduling
Some Local DNS servers lack EDNS Client Subnet (ECS) support and cannot forward client source IPs to authoritative DNS, causing inaccurate location-based scheduling. Network proxies used by some public DNS services worsen this issue.
Advantages of HTTPDNS
App anti-hijacking for better security
HTTPDNS supports encrypted protocols (DoH, DoT, DoQ) instead of UDP. HTTPDNS bypasses Local DNS, preventing domain hijacking and cache poisoning.
Global nodes for accelerated resolution
Client-side caching reduces resolution latency to 0 ms and improves success rates. HTTPDNS uses globally distributed clusters to accelerate resolution worldwide.
Fast propagation of DNS record changes
For domains hosted on Alibaba Cloud DNS (Paid Edition), record changes trigger an automatic refresh on HTTPDNS and take effect in seconds. This HTTPDNS feature is critical during outages when urgent DNS changes must reach terminal devices quickly.
Accurate scheduling based on source IP
HTTPDNS supports ECS and includes the device's source IP in resolution requests, enabling accurate location-based scheduling by authoritative DNS.
Network traffic analysis and detailed logs
Analyze resolution traffic to HTTPDNS, including request volume trends and top requested domains. Detailed per-request logs support O&M troubleshooting.
Stability, reliability, and SLA guarantee
SDK integration with HTTPDNS provides a 99.99% SLA for resolution availability. HTTPDNS uses globally redundant nodes for disaster recovery.
Core features
Feature set | Feature | Description | References |
Connection configuration | Key management | Create AccessKeys to connect to HTTPDNS through the SDK or JSON API. You can pause, enable, or delete AccessKeys as needed. | |
Blacklists and whitelists | Whitelist | When the whitelist is empty, all domain names are resolved. Add domain names to restrict resolution to listed domains only. | |
Blacklist | Block resolution requests for specific domain names. | ||
Built-in authoritative zone | Built-in authoritative zone | Define private authoritative zones and DNS records in HTTPDNS. These records apply only to requests using a specific configuration ID (Account ID) through the SDK, JSON API, DoT, or DoH. |
Typical scenarios
Leading global apps for games, social media, video, and payments, along with IoT devices such as smart speakers and in-vehicle systems, use HTTPDNS.
DNS anti-hijacking
Applicable users: Mobile apps, smart speakers, in-vehicle systems, and IoT devices that need DNS hijacking protection. Especially relevant for apps with high user experience requirements, such as games, video, social media, and e-commerce, and for global businesses facing regional Local DNS hijacking.
Connect using the JSON RPC API or the iOS and Android SDKs.
Customer value:
Secure anti-hijacking: Bypasses Local DNS to prevent domain hijacking and provides DDoS attack mitigation.
User privacy protection: Supports DoT and DoH with TLS encryption to prevent data leaks.
Accelerated access: HTTPDNS syncs with public authoritative DNS in real time, reducing recursive lookups and accelerating access.
Nearest access: Global cluster nodes route users to the nearest available node.
Basic resolution: Resolves domain names over HTTP, HTTPS, DoH, DoT, and DoQ protocols.
Coordinated resolution
Use HTTPDNS with Alibaba Cloud DNS and Global Traffic Manager for a full-stack DNS solution.
Coordinated resolution: HTTPDNS and Alibaba Cloud DNS detect domain changes in seconds for faster propagation.
Terminal acceleration: Client-side DNS caching reduces recursive lookups and routes to the nearest node by access source.
Disaster recovery and backup: With Global Traffic Manager, health checks automatically reroute traffic to the optimal node.
Accurate scheduling: HTTPDNS and Alibaba Cloud DNS share the same address database for precise IP-based scheduling.
Global cluster distribution
Tier-1 DNS cluster nodes:
China (Hangzhou), China (Shanghai), China (Chengdu), China (Shenzhen), China (Beijing), China (Qingdao), China East 5 (Nanjing - local region - decommissioning), China (Dalian - Local Region), China (Xi'an - Local Region), China (Wuhan - Local Region), China (Taiyuan - Local Region), China (Zhengzhou - Local Region), China (Tianjin - Local Region), China (Jinan - Local Region), China (Shijiazhuang - Local Region), China (Hong Kong), US (Silicon Valley), US (Virginia), US (Atlanta), Mexico, Singapore, Germany (Frankfurt), Japan (Tokyo), UK (London), France (Paris), Indonesia (Jakarta), Philippines (Manila), Malaysia (Kuala Lumpur), South Korea (Seoul), Thailand (Bangkok), UAE (Dubai), and SAU (Riyadh - Partner Region).
Over 160 tier-2 DNS recursive nodes cover major tier-1 and tier-2 cities and the three major carriers in the Chinese mainland, delivering faster and more accurate resolution.
Global multi-cluster deployment provides low-latency, highly reliable resolution regardless of location.
Cluster node information is for reference only, does not constitute a service commitment, and is subject to change as infrastructure evolves.
System architecture
HTTPDNS consists of a control layer and a resolution layer:
Control layer: Manages DNS data, configuration, and logs through the console and OpenAPI. Located in China (Zhangjiakou) and China (Hangzhou) regions.
Resolution layer: Retrieves DNS records from the control layer and responds to queries through globally deployed server clusters across major continents and regions.