Custom ACLs let you configure Alibaba Cloud DNS to return specific IP addresses for DNS queries from designated IP address ranges.
Prerequisites
-
The Public Authoritative Zone service must be Ultimate Edition or higher.
Step 1: Create a custom ACL
-
Go to the Alibaba Cloud DNS - Public Authoritative Zone page, and then click Settings for the target domain name.
-
Click the Custom ACLs tab.
-
Click Add Custom ACLs, and then enter an ACL Name and an IP Address Range.
The ACL Name must be 1–20 characters and can contain Chinese characters, letters, digits, hyphens (
-), and underscores (_). For IP Address Range, separate start and end IP addresses with a hyphen. Enter one range per line. You can specify up to 50 ranges. For a single IP address, use the format IP1-IP1. Ranges must not overlap. The specified range must match the egress IP address of the client's local DNS server. This server, which can be ISP-operated or self-managed, must support the EDNS protocol.NoteOnly IPv4 addresses are supported.
Important-
By default, Public Zone resolves DNS queries based on the egress IP address of the client's local DNS server.
-
If the client's local DNS server supports EDNS-Client-Subnet (ECS), Public Zone can resolve DNS queries based on the client's subnet.
-
Step 2: Configure a custom ACL record
-
Go to the Alibaba Cloud DNS - Public Authoritative Zone page, and then click Settings for the target domain name.
-
When adding a DNS record, select your custom ACL from the Query Source drop-down list.