Access OSS using Alibaba Cloud HTTPDNS

Solution overview

Mobile apps using the OSS SDK rely on Local DNS for domain resolution, which presents two challenges:

• Domain hijacking: Traditional DNS transmits in plaintext. Attackers can tamper with responses to redirect requests to malicious servers.

• Unstable resolution: DNS failures, slow responses, or inaccurate scheduling can cause OSS operations to fail or increase latency.

EMAS HTTPDNS is a client-side DNS solution that replaces Local DNS to prevent domain hijacking and improve resolution reliability. To integrate HTTPDNS with the OSS SDK, complete these steps:

1. Activate the HTTPDNS service

2. Add domain names to the resolution list

3. Get the resolved IP addresses

4. Apply resolution results to the network library

5. Verify the integration

Activate the HTTPDNS service

Activate HTTPDNS in the EMAS console. After activation, the system provides credentials for SDK initialization.

Add domain names to the resolution list

In the EMAS console, add domain names to the resolution list based on your OSS access method.

• Standard OSS endpoints

  Add the wildcard domain *.aliyuncs.com to cover OSS service domains across all regions.

  To add specific domains instead, identify the endpoint from Regions and Endpoints. Add both the <Bucket>.<Endpoint> and <Endpoint> domains because the OSS SDK accesses both. For example, add bucket.oss-cn-hangzhou.aliyuncs.com and oss-cn-hangzhou.aliyuncs.com.

• Custom domain names

  Add the custom domain name bound to your OSS bucket.

Get the resolved IP addresses

HTTPDNS provides two methods to obtain resolution results.

• SDK (Recommended)

  The SDK handles server interaction, caching, and high availability (HA). Use this method for quick integration with full-featured support.

• HTTP API

  The HTTP API supports custom protocols and lightweight integration in restricted environments or when you need fine-grained control. Extensible with SDNS and additional error codes.

Apply resolution results to the network library

After you obtain the resolved IP address, apply it to the DNS step of the network request. If the network library supports custom DNS resolution through a DNS hook or domain mapping interface, inject the result directly. Otherwise, use direct IP connection, protocol replacement, or a local proxy. Platform-specific integration guides:

• Best practices for using HTTPDNS with Alibaba Cloud OSS SDK on Android

• Best practices for using HTTPDNS with the Alibaba Cloud OSS SDK for iOS

• Best practices for using HTTPDNS with the Alibaba Cloud OSS SDK on HarmonyOS

• Best practices for HTTPDNS C SDK and Alibaba Cloud OSS C++ SDK

• Best practices for using HTTPDNS with Alibaba Cloud OSS SDK for Java

• Best practices for using HTTPDNS with Alibaba Cloud OSS SDK for Node.js

Verify the integration

After integration, verify HTTPDNS resolution using one of the following methods.

• Log verification (Recommended)

  Log the resolved IP addresses from the HTTPDNS API and the status of business requests. Review the logs to confirm that HTTPDNS resolution works and that requests use the resolved IPs. This method is lightweight and suits most scenarios.

• Packet capture verification

  Use tcpdump, Wireshark, or Charles to capture packets. Confirm that the destination IP matches the HTTPDNS result and that no additional system DNS queries are initiated. This method is more accurate and suits complex network environments.