Add DNS records to map domain names to IP addresses, website servers, or email services. Public Zone uses these records to route internet traffic to the correct resources.
Use cases
Use case 1
You have a domain name example.com. To let users access your website at www.example.com and a demo service at playground.example.com, create DNS records with the hostnames www and playground.
Use case 2
You have a domain name example.com and want www.example.com to be the only entry point. You want all other subdomains, such as a.example.com and b.example.com, to redirect to www.example.com. To do this, first create a DNS record with the hostname www. Then, create a Explicit URL Forwarding for the hostname * with the record type set to Explicit URL Forwarding. This creates a catch-all redirection for any unconfigured hostname.
Use case 3
To use Alibaba Cloud Enterprise Email and let users log in with <userId>@example.com, you must configure the DNS records for the email service.
Use case 4
When you configure a custom domain name for an OSS bucket, add an accelerated domain name to CDN, add a website to WAF, or configure an ingest domain name for live streaming, you must first add a domain name (such as demo.example.com) to the corresponding service. The service then generates a CNAME record, for example, on-premises-dns.aliyun.com. To complete the setup, create a DNS record with the hostname demo and the record type CNAME. This record points the domain name to the corresponding service, which in turn provides the service endpoint.
Select a record type
Alibaba Cloud DNS supports the following record types and their common use cases:
Record type | Description | Commonality |
A record | Resolves a domain name to a specified IPv4 address. Commonly used for website domain resolution. | 5/5. A fundamental record type, required for nearly every domain name. |
CNAME record | Resolves a domain name to another domain name. Commonly used for website resolution, CDN acceleration, enterprise email, and integrating with Global Traffic Manager. | 5/5. Widely used for creating aliases. Its versatility makes it a common choice for CDNs and cloud services. |
MX record | Specifies the mail servers for a domain and ranks them by priority. | 4/5. Required for any email service. This record is not needed for domains without an email service. |
AAAA record | Resolves a domain name to a specified IPv6 address. Used for websites accessible over IPv6. | 4/5. As IPv6 adoption accelerates, most cloud services now support it by default. |
TXT record | Stores text information about a domain that external services can read. It is often used for domain ownership verification, issuing digital certificates, creating an SPF record for anti-spam policies, and domain recovery. | 5/5. Essential for various verification tasks, such as for SSL certificates, SPF, email services, and DNS ownership checks. |
ALIAS record | Functions like a CNAME record but can coexist with other records on a root domain. It resolves the conflict of configuring both a CNAME record and other record types, such as an MX record, on the same root domain. | 2/5. Used to resolve conflicts between CNAME records and other records, such as MX or TXT, on the same domain. |
Explicit URL forwarding and implicit URL forwarding | Points a domain name to an existing website. | 2/5. Supported by select DNS providers and primarily used for domain redirection. |
NS record | Delegates management of a DNS zone to specific authoritative name servers. This is often used to delegate a subdomain to another DNS provider for resolution. | 3/5. Common for subdomain delegation. Changes are infrequent. |
SRV record | Specifies the location (hostname and port) of servers for specific services. It is often used for Microsoft directory services. | 2/5. Required for certain protocols used in instant messaging and enterprise services. Rarely used for standard websites. |
CAA record | Specifies which Certificate Authorities (CAs) are authorized to issue certificates for a domain. This helps prevent the mis-issuance of certificates and enhances website security. | 2/5. Enhances security for SSL/TLS certificate management. Used in specific security-conscious scenarios. |
PTR record | Maps an IP address to a domain name for a reverse DNS lookup, which verifies that an IP address corresponds to a specific domain. | 1/5. Primarily used for reverse DNS lookup, such as for email servers. Rarely needed for standard websites. |
SVCB record | Improves service discovery by providing protocol and endpoint information. This helps clients make better connection decisions to enhance performance and security. | 1/5. An emerging record type used with newer protocols like HTTP/3 and QUIC. Currently not in wide use. |
HTTPS record | A specialized version of the SVCB record that describes HTTPS services. | 1/5. A new standard for HTTPS optimization. Browser support is gradually increasing, but it is not yet commonly used for standard websites. |
Add a DNS record
A record
An A record maps a domain name to a fixed IPv4 address for website resolution. If your website has a public IP and you own a domain, create an A record to let users access the site by domain name.
Limitations
You must have the public IPv4 address of the target server, for example,
192.0.2.1.If you use an Alibaba Cloud ECS instance, you can find your public IP address in the Alibaba Cloud ECS console.
If you use a non-Alibaba Cloud server, contact your service provider to obtain its public IP address.
When the hostname is not
@, an A record conflicts with NS, CNAME, ALIAS, and URL records that share the same hostname and resolution line. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.Multiple IPs: You can add multiple A record values for the same hostname to enable DNS round-robin load balancing. Each record value counts as a separate DNS record.
Private IP limitation: Public zone is designed for public DNS resolution. Configuring private IP addresses (such as
192.168.x.xor10.x.x.x) as record values is not recommended because public users cannot access private IP addresses.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the fields.
Field
Description
Recommended value
Record Type
Different record types require corresponding record values.
Select A from the drop-down list. This maps the domain name to a specific IPv4 address.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin:
For A/AAAA/NS/MX/TXT records: Alibaba Cloud DNS returns all records for the specified line, and the local DNS selects the result to return. (If the local DNS returns all addresses, the client randomly selects one.)
Ratio:
Returns records from the Record Values set based on their configured weights. For more information, see Configure weights.
Round Robin
Record Values
The public IPv4 address of your web server. You can add multiple record values.
If you select Ratio for the Record Values Load Strategy, you can set a Ratio for each record value. When responding to queries, Alibaba Cloud DNS returns record values based on the probability determined by their configured weights.
If you use an Alibaba Cloud ECS instance, you can find your public IP address in the Alibaba Cloud ECS console.
If you use a non-Alibaba Cloud server, contact your service provider to obtain its public IP address.
Example
Enter an IPv4 address (for example,
223.5.5.x) in the Record Value field and set the Record Values Load Strategy to Round Robin. You can add or remove multiple addresses in the Record Values section.
FAQ
CNAME record
A CNAME (Canonical Name) record maps a domain name to another domain name, which then resolves to an IP address. Common uses include CDN, enterprise email, and Global Traffic Manager.
Resolution process
For example, the CNAME record for www.example.com points to app.cloud-example.net. When a user accesses www.example.com, the CNAME resolution process is as follows:
A user enters
www.example.comin a browser or an application attempts to connect to this domain name.The user's computer checks its local cache. If the record is not found, it queries a recursive DNS server, such as 114.114.114.114 or 8.8.8.8.
If the recursive DNS server does not have the record in its cache, it starts a standard DNS resolution process:
It asks a root DNS server: "Who manages the .com top-level domain?"
The root server returns the address of the .com top-level domain (TLD) DNS server.
The recursive DNS server asks the TLD server: "Who is responsible for example.com?"
The TLD server returns the authoritative DNS for example.com.
The recursive DNS server asks the authoritative DNS: "What is the DNS record for www.example.com?"
The authoritative DNS finds that
www.example.comis configured with a CNAME record with a value ofapp.cloud-example.net. It then replies to the recursive DNS server: "www.example.comis an alias forapp.cloud-example.net. You should look up that name instead."
The recursive DNS server receives
app.cloud-example.netand starts a new resolution process, unless it has a cached result. It usually finds an A record (IP address) forapp.cloud-example.netor another CNAME record. In theory, multiple CNAME records can be chained, but chaining more than two records is not recommended.The recursive DNS server continues this process until it obtains the final IP address.
Limitations
If you add a CNAME record for the default resolution line and also have A and AAAA records for smart resolution lines, the smart resolution may not direct traffic as expected.
If the hostname is not
@, a CNAME record conflicts with any other record type for the same hostname and resolution line. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules. To implement CNAME-like domain mapping for the same hostname while simultaneously using other record types, you can use the ALIAS record instead (requires the Enterprise Ultimate or Premium Edition).
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
Different record types require corresponding record values.
Select CNAME from the drop-down list. This maps the domain name to another domain name, which then resolves to an IP address.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Ratio method is supported for returning record values. To configure weights, see Weight configuration.
Ratio
Record Values
One or more domain names to which this record points.
If you select Ratio for the Record Values Load Strategy, you can set a Ratio for each record value. When responding to queries, Alibaba Cloud DNS returns record values based on the probability determined by their configured weights.
Example:
aliyundoc.com.Example
In the record values field, enter the target domain name for the CNAME record, such as
aliyundoc.com. For record values load strategy, select weight. You can then set a weight for each record in the record values list.
FAQ
MX record
Add an MX (mail exchanger) record to receive emails. Email systems use MX records to locate mail servers by domain. When someone sends email to vincen@example.com, the system resolves the MX record for example.com and forwards the message to the specified mail server based on priority. For quick setup, add email resolution.
Limitations
You must have deployed a mail server and obtained its address from your email service provider.
If the hostname is not
@, an MX record conflicts with an NS or CNAME record that shares the same hostname and resolution line. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.
Procedure
This section uses Alibaba Cloud Enterprise Mailbox as an example to demonstrate how to configure the required MX records:
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
Different record types require corresponding record values.
Select MX from the drop-down list. MX stands for mail exchanger and is used by email systems to locate mail servers based on the recipient's domain name.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only Round Robin is supported.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS provides all matching records for the resolution line. The client's local DNS server then determines which record to use. If the local server passes all records to the client, the client selects one at random.
Round Robin
Record Values
Record Value:
Obtain this from your email service provider. You can add multiple values. Example: For Alibaba Cloud Enterprise Mailbox, the required record value is
mx1.qiye.aliyun.com.Priority:
A lower priority number indicates a higher priority. For example, an email is first sent to the server with a priority of
5(mx1.qiye.aliyun.com). If that attempt fails, the email is sent to the server with a priority of10(mx2.qiye.aliyun.com).Example:
mx1.qiye.aliyun.com 5.ImportantThe preceding steps explain how to configure an MX record. To fully set up an email service, you may also need to configure CNAME and TXT records. Contact your email provider for the specific records that you need to configure. If you use Alibaba Cloud Enterprise Mailbox, see add email resolution.
Example
In the record value field, enter the mail server address, for example,
mx1.qiye.aliyun.com. Set the priority to5, and for record value load strategy, select round robin.
FAQ
AAAA record
An AAAA record maps a domain name to a static IPv6 address. It is typically used to configure DNS for websites that support IPv6.
Limitations
You must have the IPv6 address of the server to which the domain name will point. Example: ff03:0:0:0:0:0:0:c1.
If the hostname is not
@, an AAAA record conflicts with an NS, CNAME, ALIAS, or URL record that shares the same hostname and query source. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
Different record types require corresponding record values.
Select AAAA from the drop-down list. This maps the domain name to an IPv6 address, typically the IPv6 address of the web server. For example, ff03:0:0:0:0:0:0:c1.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Round Robin:
For A/AAAA/NS/MX/TXT records: Alibaba Cloud DNS returns all records for the specified line, and the local DNS selects the result to return. (If the local DNS returns all addresses, the client randomly selects one.)
Ratio:
Returns records from the Record Values set based on their configured weights. For more information, see Configure weights.
Round Robin
Record Values
Typically, this is the IPv6 address of the web server. You can enter multiple record values.
If you select Ratio for the Record Values Load Strategy, you can set a Ratio for each record value. When responding to queries, Alibaba Cloud DNS returns record values based on the probability determined by their configured weights.
Example: ff03:0:0:0:0:0:0:c1.
Example
Set Hostname to www, Record type to AAAA, Query source to Default, Record values to ff03:0:0:0:0:0:0:c1, TTL to 600 (10 minutes), and Record value load strategy to Round robin.
FAQ
TXT record
Use a TXT record to add identifying or descriptive text to your domain name. TXT records are commonly used for verifying domain ownership for digital certificates and for Sender Policy Framework (SPF) records to prevent spam.
Limitations
If the hostname is not
@, a TXT record conflicts with an NS or CNAME record that shares the same hostname and resolution line. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.The maximum length for a TXT record value is 8,192 characters.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Form field
Description
Recommended value
Record Type
Different record types require corresponding record values.
Select TXT from the drop-down list. A TXT record is often used for SSL certificate validation and for creating an SPF record for anti-spam.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only Round Robin is supported.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all record values for the specified resolution line. The local DNS resolver passes these values to the client, which then chooses one at random.
Round Robin
Record Values
A TXT record is often used for verification purposes. You can obtain the required record value from your certificate service or email service provider. For example, you might need to add a TXT record to verify ownership of a subdomain. You can add multiple values.
NoteDuring routine operations and maintenance (O&M), we recommend that you remove unused TXT records. An excessive number of TXT records for a single subdomain can cause the DNS response to exceed size limits, which may lead to resolution failures for some local DNS resolvers.
Example:
5d597b2c12464a7a8d0dde6b858ce543.Example
For Routing policy, select Round Robin. In the Record values section, you can view the added record values and their status, and use the Add and Delete options.
Common TXT verification records
SPF record
SPF (Sender Policy Framework) records declare which mail servers are authorized to send email on behalf of your domain.
Hostname:
@Record type: TXT
Record value: Starts with
v=spf1, followed by authorization mechanisms and qualifiers. Example:v=spf1 include:spf.qiye.aliyun.com -all
DKIM record
DKIM (DomainKeys Identified Mail) records are used to verify the cryptographic digital signatures of outgoing emails.
Hostname:
selector._domainkey(Example:default._domainkey、aliyun-cn-hangzhou._domainkey, as specified by your email service provider)Record type: TXT
Record value:The public key string provided by your email service provider.
DMARC record
DMARC (Domain-based Message Authentication, Reporting, and Conformance) records instruct receiving mail servers on how to handle emails that fail SPF or DKIM checks.
Hostname:
_dmarcRecord type: TXT
Record value: Starts with
v=DMARC1, followed by policy parameters. Example:v=DMARC1; p=none; rua=mailto:dmarc@example.com
SSL certificate/platform verification record
When applying for an SSL certificate using DNS validation, you must add a specified TXT record to verify domain ownership.
Hostname:
_dnsauth,_acme-challengeor a random string specified by the platform.Record type: TXT
Record value: The verification value provided by the platform.
Record values are case-sensitive. Please copy and paste the values exactly as provided by your service provider. If verification fails, check the record value for accidental spaces or hidden characters.
FAQ
ALIAS record
Background
Per DNS standards, a CNAME record cannot coexist with other record types (such as MX or TXT) for the same hostname. When a recursive server queries for MX but finds CNAME, it returns the CNAME instead, causing conflicts. Alibaba Cloud DNS blocks conflicting records. DNS record conflict rules.
Feature overview
An ALIAS record provides CNAME flattening: it points a domain to another hostname and resolves the target to an IP before responding to the client. This reduces DNS lookups, speeds up resolution, and solves CNAME conflicts with other record types. For example, use ALIAS when your domain needs both a CNAME (for WAF or CDN) and an MX record (for email). Available in the Ultimate and Premium Editions only.
ALIAS record vs. CNAME record
Similarity: Both record types use another domain name as the record value.
Differences:
CNAME | ALIAS |
| 
|
Limitations
The ALIAS record type is available only in the Ultimate and Premium Editions.
The Ultimate Edition supports up to 10 ALIAS records per domain. The Premium Edition has no limit*. Alibaba Cloud DNS edition comparison.
Unlimited*: If the default system limit is exceeded, you can apply to increase it provided that stable and secure product operation is ensured.
If you downgrade your paid plan to the Personal or Free Edition, your ALIAS records remain but become inactive. If you downgrade from the Premium Edition to the Ultimate Edition with more than 10 ALIAS records, the records remain active, but you cannot modify them. To make changes, you must first delete records to bring the total number to 10 or fewer.
The ALIAS record type is mutually exclusive with the DNSSEC feature. To use the ALIAS record type, you must first disable the DNSSEC setting for the domain name.
An ALIAS record conflicts with A, AAAA, and CNAME records but not with other record types. DNS record conflict rules.
ALIAS records are supported only for public authoritative DNS resolution and are not supported by Global Traffic Manager.
Usage
Because ALIAS records rely on recursive queries over the public internet, network fluctuations or recursive server failures can cause resolution to fail. Therefore, Alibaba Cloud DNS does not provide a Service Level Agreement (SLA) for the availability of ALIAS record resolution.
When resolving an ALIAS record, the authoritative DNS server forwards the client's subnet information by using the EDNS Client Subnet (
ECS) option. If the target recursive server supports ECS, it can return a location-optimized IP address for smart resolution.Some CDN providers might report a "CNAME record not configured" error after you configure an ALIAS record. If this occurs, contact your CDN provider and suggest that they update their validation rules.
An ALIAS record's response TTL is determined by its own configured value, not inherited from the target domain's query result.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
Different record types require corresponding record values.
Select ALIAS from the drop-down list. This record type points a domain name to another domain name, and the system automatically resolves it to return the final IP address.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only the Ratio method is supported. To configure weights, see Configure weights.
Ratio
Record Values
The target domain name. You can add multiple values.
If you select Ratio for the Record Values Load Strategy, you can set a Ratio for each record value. When responding to queries, Alibaba Cloud DNS returns record values based on the probability determined by their configured weights.
Example:
aliyundoc.com.Example
In the Record Values field, enter the target domain name, for example,
aliyundoc.com.
URL forwarding
URL forwarding allows you to point a domain name to an existing website. This feature includes two types: Explicit URL Forwarding and Implicit URL Forwarding. This feature works by resolving your domain name to an Alibaba Cloud forwarding server, which then proxies the request to the target site. During this process, Alibaba Cloud DNS automatically creates an A record that points to the IP address of the forwarding server. Therefore, it is normal to see an A record with an IP address such as 203.107.XX.XX when you run a dig command, even if you configured a URL as the record value.
Explicit URL Forwarding: This method uses a 301 (permanent) or 302 (temporary) redirect. The browser's address bar displays the target URL, and the content is loaded from the target website.
Implicit URL ForwardingImplicit URL Forwarding This method uses an iframe. The domain name in the browser's address bar remains unchanged, but the displayed content is from the target website.
URL forwarding is not covered by a Service Level Agreement (SLA) for resolution availability. For high-availability redirection, set up your own Nginx reverse proxy to handle HTTPS forwarding and hide the resolution port.
Prerequisites
URL forwarding works by resolving your domain name to an Alibaba Cloud forwarding server, which then proxies the request. These servers are located in the Chinese mainland. Therefore, your domain name must have a valid ICP filing to use this feature. The filing does not need to be completed through Alibaba Cloud. To obtain an ICP filing through Alibaba Cloud, see ICP filing process.
Limitations
The record value cannot be an IP address. It must be a domain name or URL.
The source domain name for URL forwarding cannot contain an underscore (_).
URL forwarding does not support wildcard resolution.
The target domain name for URL forwarding cannot be a Chinese domain name.
The source domain name supports only HTTP, not HTTPS. The target URL can use either HTTP or HTTPS. To enable HTTPS redirection, set up a self-hosted Nginx reverse proxy or use CDN. For more information, see set up your own Nginx reverse proxy
If the hostname is not
@, URL records conflict with NS, CNAME, A, or AAAA records when the hostname and resolution line are identical. If you receive a conflict error when adding a URL record, delete the conflicting record or change the hostname. For more information, see DNS record conflict rules.URL forwarding is a special feature and is not covered by attack protection services. If your domain is black-holed due to an attack, URL forwarding becomes unavailable. In this case, configure the hostname to use an A record or CNAME record.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
Explicit URL Forwarding: When a user visits your domain, their browser's address bar updates to the target URL, and the content is loaded from the target website.
The effect of Implicit URL Forwarding is that when a user visits a domain name configured with Implicit URL Forwarding, the domain name in the browser's address bar remains unchanged, but the content of the target domain's website is displayed.
Select Explicit URL Forwarding or Implicit URL Forwarding from the drop-down list.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only Round Robin is supported.
Round Robin
Record Values
The URL of an existing website.
NoteFor Explicit URL Forwarding:
Supports
301(permanent) and302(temporary) redirects.A 301 redirect signals to search engines that a resource has been permanently moved. The search engine then crawls the new content and updates its index to the new URL.
A 302 redirect indicates a temporary move. Search engines crawl the new content but keep the original URL in their index.
Example:
www.aliyun.com.Example
Explicit URL Forwarding
On the Add Record page, set Record Type to Explicit URL Forwarding. Enter
alidnscheckfor Hostname, select Default for Query Source, and set the TTL to 10 minutes (recommended). Set Record Values Load Strategy to Round Robin. In the Record Values section, select the 301 redirect type and enter the target URL.Implicit URL Forwarding
On the Add Record page, set Record Type to Implicit URL Forwarding, enter a Hostname (such as www or @), select Default for Query Source, and set the TTL to 10 minutes (recommended). Set Record Values Load Strategy to Round Robin, and enter the target URL in the Record Values section.
FAQ
NS record
To delegate a subdomain to another DNS provider, or to allow a subsidiary, department, or business unit to independently manage its subdomain resolution, you must add an NS record to the root domain. For information about subdomain delegation scenarios, see subdomain management.
Limitations
You cannot use an NS record to delegate a root domain (hostname @). To delegate your root domain, change the DNS server addresses at your domain registrar. Modify the DNS servers of a domain name.
If the hostname is not
@, an NS record conflicts with any other DNS record type for the same hostname and query source. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.Request quota: When NS records delegate subdomain resolution, DNS queries for these NS records will generate DNS query volume. Although the query volume for NS records is typically lower than that of direct domain resolution, it must still be factored into your DNS query volume planning.
Procedure
Add the subdomain to Alibaba Cloud DNS and obtain the DNS server addresses assigned to the subdomain. For detailed steps, see subdomain management.
Go to the authoritative DNS server for the root domain and modify the DNS records for the subdomain. For example, to use Alibaba Cloud DNS, go to the Alibaba Cloud DNS – Public Zone page, and then click the target domain name to open the Settings page.
Click Add Record.
Fill in the fields.
Parameter
Description
Recommended value
Record Type
To delegate subdomain resolution to another DNS provider, add an NS record.
Select NS from the drop-down list.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only Round Robin is supported.
For A, AAAA, NS, MX, and TXT records, Alibaba Cloud DNS returns all record values for the specified query source. The local DNS resolver then either returns a single record value or returns the full set, from which the client randomly selects one.
Round Robin
Record Values
The domain name of the DNS server to which you want to delegate the subdomain.
NoteDNS providers typically provide multiple DNS server addresses. To add all of them, configure a separate NS record for each address, using the same hostname but a different record value.
Example:
ns3.dnspod.net(a domain name for a Tencent Cloud DNS server).Example: Set record values load strategy to Round Robin. For record values, add the target DNS server address, such as
ns1.hichina.com. Ensure the record value is enabled, and then click OK.
SRV record
An SRV record identifies a server that provides a specific service. It is commonly used for directory management in Microsoft systems.
Limitations
If the hostname is not
@, an SRV record conflicts with an NS or CNAME record that shares the same hostname and resolution line. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
An SRV record identifies the server that provides a specific service. It also provides the service's target domain, port, priority, and weight.
Select SRV from the drop-down list to specify the server for a service.
Hostname
The hostname for an SRV record is usually in the format "_service._protocol".
Example: _sip._tcp
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only Round Robin is supported.
Round Robin
Record Values
Format:
priorityweightporttarget domainExample: 0 5 5060 www.cloud-example.com.
Example: Set the Record value load strategy to Round Robin. For the SRV record value, enter the priority, weight, port, and target domain. For example,
0 5 5060 www.cloud-example.com.
CAA record
A Certificate Authority Authorization (CAA) record is an optional record type that specifies which CAs can issue certificates for your domain, preventing unauthorized issuance.
A CAA record authorizes specific certificate authorities (CAs) to issue certificates for your domain, which helps prevent certificate mis-issuance and enhances website security.
Limitations
If the hostname is not
@, a CAA record conflicts with an NS or CNAME record that shares the same hostname and query source. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Example
Record Type
Specifies which certificate authorities (CAs) are authorized to issue certificates for your domain.
Select CAA from the drop-down list.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values Load Strategy
Only Round Robin is supported.
Round Robin
Record Values
flag: The default value is
0. If a certificate authority does not recognize this record, it ignores the record.tag: The valid values are
issue,issuewild, andiodef.issue: Authorizes a single certificate authority to issue any type of certificate for the domain.
issuewild: Authorizes a single certificate authority to issue wildcard certificates for the domain.
iodef: Allows a certificate authority to send violation reports to a specified email address.
value: The domain name of the certificate authority or the email address for violation reports. For example, "ca.cloud-example.com". The value must be enclosed in double quotation marks.
Example:
0 issue "ca.cloud-example.com"Example: Set TTL to 10 minutes and select Round Robin for Record values load strategy. The
flagdefaults to0, and thetagcan beissue,issuewild, oriodef. In the Record values section, add an entry withflagset to0,tagset toissue, andvalueset to"ca.cloud-example.com". Ensure the record is enabled.
PTR record
Reverse DNS lookup: Maps an IP address to a domain name. Unlike forward lookups (A/AAAA records), a PTR record verifies that an IP address corresponds to a specific domain.
Configuration:
Alibaba Cloud DNS provides a Reverse DNS Lookup feature to configure PTR records for public IP addresses (EIPs or ECS static public IP addresses) in your Alibaba Cloud account. What is reverse DNS lookup?.
For public IP addresses not provided by Alibaba Cloud, contact your IDC data center or hosting service provider to configure reverse DNS lookup.
SVCB record
An SVCB (Service Binding) record improves service discovery by providing clients with protocol and endpoint details before connection. SVCB records support various transport protocols and are closely related to HTTPS records.
SVCB records enable clients to make optimal connection decisions, improving performance, security, and user experience.
Limitations
If the hostname is not @, an SVCB record conflicts with an NS or CNAME record that shares the same hostname and resolution line. The alias mode and service mode are also mutually exclusive. To resolve a conflict, delete the conflicting record or change the hostname. DNS record conflict rules.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Parameter
Description
Recommended value
Record Type
An SVCB record, or service binding record, is used for service discovery. It specifies supported protocols and Service Parameters.
Select SVCB from the drop-down list.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Record Values
Priority: A non-negative integer from 0 to 65535. A lower value means a higher priority. When multiple SVCB records exist for a service, clients process them in order of priority, starting with the lowest value. This is similar to the priority parameter for MX records.
NoteA priority of 0 indicates Service Parameters. In this mode, you cannot set Service Parameters. It functions similarly to a CNAME record by redirecting to another service name.
A non-zero priority indicates service mode, which allows you to define service parameters.
Destination Zone Name: The domain name of the server that the client should connect to.
In alias mode (priority 0), the target domain is another service name that the client should resolve.
In service mode, the target domain is usually the hostname of the actual service. The client then resolves this domain name to obtain the service's IP address. Example:
www.example.com.
Service Parameters: A set of key-value pairs that define service configuration and required features. These parameters can provide various types of information, such as expected protocol versions, Application-Layer Protocol Negotiation (ALPN) lists, Transport Layer Security (TLS) requirements, transport parameters, and IP address hints.
Service Parameters enable service providers to give clients detailed pre-connection information, optimizing performance and security. Example:
alpn="h2" ipv4hint="223.5.5.5" port="443" ech="MTIzNDU2Nzg="NoteCommon Service Parameters:
alpn="h3,h2": Indicates support for HTTP/2 and HTTP/3.ipv4hint="223.5.XX.XX": An IPv4 address hint for the target domain.ipv6hint="2400:3200::XX": An IPv6 address hint for the target domain.port="443": The port number.ech="MTIzNDU2Nzg=": A Base64-encoded string of the Encrypted Client Hello (ECH) configuration.mandatory="alpn,port": A list of required parameters that must be understood by the client.no-default-alpn: Indicates that there is no default application-layer protocol. If this parameter is present, thealpnparameter must also be specified.dohpath="/dns-query{?dns}": The URI template for DNS over HTTPS (DoH).
Separate multiple key-value pairs with spaces. The maximum length is 1,024 characters.
Example: This example assumes a load balancing policy of round robin for multiple record values. As described previously, service parameters must use the format
key="value"with spaces separating pairs. In the Record values section, add a record and specify its priority, target domain, and service parameters. For instance: priority1, target domainsvc.example.com, and service parametersalpn="h2" ipv4hint=....
HTTPS record
An HTTPS record is a specialized SVCB record for HTTPS services. It uses the same key-value parameters, which are interpreted for the HTTPS protocol.
HTTPS records let website operators specify details about their HTTPS service, such as available IP addresses, supported protocols, and service parameters. This helps clients use the optimal configuration on their first connection, reducing handshake latency, minimizing connection failures, and enhancing user privacy.
Limitations
If the Hostname is not @, an HTTPS record conflicts with an NS or CNAME record when they share the same Hostname and Query Source. Additionally, the alias mode and service mode for an HTTPS record are mutually exclusive. If a conflict occurs when you add an HTTPS record, you can resolve it by deleting the conflicting record or changing the Hostname.
Procedure
On the Alibaba Cloud DNS - Public Zone page, click the target domain name to open the Settings page.
Click Add Record.
Fill in the form fields.
Form field
Description
Recommended value
Record Type
A record type for defining secure connection protocols and optimal service endpoints, which improves the security and reliability of HTTPS access.
Select HTTPS from the drop-down list.
Hostname
Usually refers to the prefix of a subdomain, which the system automatically appends to the root domain.
Do not enter the fully qualified domain name; otherwise, it will result in a duplicated suffix in the resolution results.
For the domain name
www.example.com, enterwww.For the root domain name
example.com, enter@.For the domain name
demo.example.com, enterdemo.For the domain name
test.blog.example.com, entertest.blog.
Query Source
For most scenarios, select Default. To return different values based on the query source, configure ISP-specific or geographic lines. smart resolution and custom resolution lines.
ImportantYou must create a DNS record with the Default resolution line. This record serves as a fallback to prevent resolution failures when a query does not match any other resolution line.
If you have no special requirements, keep Default.
For requests from Beijing and nearby cities, you can select
China Region_North China.For requests from the China Telecom network, you can select
China Telecom.
Record Values
Priority: An integer from 0 to 65535 that sets the record's processing order. A lower number indicates a higher priority. For services with multiple HTTPS records, clients process the record with the lowest priority value first. This is similar to the priority parameter for MX records.
NoteA priority of 0 indicates alias mode. In this mode, you cannot set service parameters. It functions similarly to a CNAME record, redirecting to another service name.
A non-zero priority indicates service mode, which allows you to define service parameters.
Destination Zone Name: The target server's domain name.
In alias mode (priority 0), the HTTPS record's Target Domain is another service name for the client to resolve.
In service mode, this is the service endpoint's hostname. Clients resolve this name to get the IP address. Example:
www.example.com.Service Parameters: A set of key-value pairs defining the service configuration. Parameters include information such as Application-Layer Protocol Negotiation (ALPN) lists, Transport Layer Security (TLS) requirements, transport parameters, and IP address hints.
Service Parameters allow service providers to give clients detailed guidance on how to access a service and provide pre-connection information to optimize performance and security. Example:
alpn="h2,h3" ipv4hint="223.5.XX.XX" ipv6hint="2400:3200::XX" port="443"NoteExamples:
alpn="h3,h2": Indicates support for HTTP/2 and HTTP/3.ipv4hint="223.5.XX.XX": An IPv4 address hint for the target domain.ipv6hint="2400:3200::XX": An IPv6 address hint for the target domain.port="443": The port number.mandatory="alpn,port": A list of required parameters that must be understood by the client.no-default-alpn: Indicates that there is no default application-layer protocol. If this parameter is present, thealpnparameter must also be specified.dohpath="/dns-query{?dns}": The URI template for DNS over HTTPS (DoH).
Separate multiple key-value pairs with spaces. The maximum length is 1,024 characters.
Example:
aliyundoc.com.TTL
How long DNS resolvers cache this record. Recommended: 10 minutes. Lower values propagate changes faster. How to configure TTL.
Edition
Free edition
Personal edition
Enterprise ultimate and premium edition
Minimum TTL value
600 seconds (10 minutes)
600 seconds (10 minutes)
1 second
Maximum TTL value
86400 seconds (24 hours)
86400 seconds (24 hours)
86400 seconds (24 hours)
Example: We recommend setting the TTL to 10 minutes and selecting round-robin for the Record Value Load Balancing Policy. Service parameters must be in the format
key="value". Common parameters includealpn,ipv4hint,ipv6hint,port,mandatory, andno-default-alpn. For example:alpn="h2,h3" ipv4hint="223.5.5.5" ipv6hint="2400:3200::1" port="443". In the Record Values section, you can configure the Priority, Target Domain, and Service Parameters fields.
Verify configuration
Once DNS records are added or modified, they typically take effect in most regions within 10 to 30 minutes. However, complete synchronization across all global recursive DNS servers can take up to 48 hours. This propagation time is determined by the TTL (Time to Live) value. Please familiarize yourself with the TTL mechanism beforehand and verify your configurations only after DNS propagation is complete.
In addition to accessing the URL directly, you can also use DNS resolution testing methods. If the DNS resolution fails, see Quick Troubleshooting for Failed DNS Resolution.
Related documents
If you encounter a conflict error when adding a DNS record, see DNS record conflict rules.
To add a wildcard DNS record with the hostname *, see wildcard DNS resolution.
If you encounter issues during setup, see the following documents: