Domain Name Service

Home , Mailto, MX record, Subdomain, TXT record, Wildcard DNS record

Domain Name Service

User Guide

Date 2021-04-20 Domain Name Service User Guide Contents

Contents

1 Overview...... 1 1.1 What Is DNS?...... 1 1.2 Public Zone...... 2 1.3 Private Zone...... 5 1.4 Reverse Resolution...... 8 1.5 Related Services...... 8 1.6 Product Concepts...... 9 1.6.1 Domain Name Format and Structure...... 9 1.6.2 Record Set...... 9 1.6.3 Region and AZ...... 11 1.6.4 Project...... 12 1.6.5 User Permissions...... 13 2 Getting Started...... 14 2.1 Quick Start...... 14 2.2 Routing Internet Traffic to a Website...... 14 2.3 Configuring a Private Zone...... 19 2.4 Configuring a PTR Record...... 23 3 Public Zone...... 26 3.1 Overview...... 26 3.2 Creating a Public Zone...... 27 3.3 Managing Public Zones...... 29 4 Private Zone...... 31 4.1 Overview...... 31 4.2 Creating a Private Zone...... 32 4.3 Managing Private Zones...... 35 4.4 Associating a VPC with a Private Zone...... 36 4.5 Disassociating a VPC from a Private Zone...... 37 5 Record Set...... 39 5.1 Overview...... 39 5.2 Record Set Types and Configuration Rules...... 40 5.3 Adding Record Sets...... 44 5.3.1 Adding an A Record Set...... 44

2021-04-20 ii Domain Name Service User Guide Contents

5.3.2 Adding an AAAA Record Set...... 47 5.3.3 Adding an NS Record Set...... 49 5.3.4 Adding a CNAME Record Set...... 52 5.3.5 Adding an MX Record Set...... 54 5.3.6 Adding a TXT Record Set...... 57 5.3.7 Adding an SRV Record Set...... 60 5.3.8 Adding a CAA Record Set...... 62 5.3.9 Adding a PTR Record...... 65 5.4 Managing Record Sets...... 67 5.5 Creating a Wildcard DNS Record Set...... 69 6 PTR Record...... 72 6.1 Overview...... 72 6.2 Creating a PTR Record...... 73 6.3 Managing PTR Records...... 75 7 Key Operations Recorded by CTS...... 77 7.1 DNS Operations Recorded by CTS...... 77 7.2 Viewing Traces...... 79 8 Quota Adjustment...... 81 9 FAQs...... 83 9.1 DNS Overview...... 83 9.1.1 Will I Be Billed for the DNS Service?...... 83 9.1.2 How Many Zones, PTR Records, and Record Sets Can I Create?...... 83 9.1.3 Does DNS Support Wildcard Entries?...... 83 9.1.4 How Are Zones Queried to Resolve a Domain Name?...... 83 9.1.5 Why Was the Email Address Format Changed in the SOA Record?...... 84 9.1.6 What Is CAA?...... 84 9.1.7 Can DNS Point a Domain Name to a Specific Port?...... 86 9.2 Public Zones...... 86 9.2.1 What Can I Do If the System Prompts that the Domain Name Already Exists When I Create a Public Zone?...... 86 9.3 Private Zones...... 86 9.3.1 How Can I Configure a PTR Record to Map the IP Address of an ECS to a Domain Name?...... 86 A Change History...... 91 B Glossary...... 94

2021-04-20 iii Domain Name Service User Guide 1 Overview

1 Overview

1.1 What Is DNS? Domain Name Service (DNS) is a highly available and scalable authoritative DNS service that translates domain names (such as www.example.com) into IP addresses (such as 192.1.2.3) required for network connection. The DNS service allows users to visit your websites or web applications with domain names.

Basic Functions The DNS service provides the following functions: ● Public zone Maps domain names to public IP addresses so that your users can access your website or web applications over the Internet. ● Private zone Translates private domain names into private IP addresses to facilitate access to cloud resources within VPCs. ● Reverse resolution Obtains a domain name based on an IP address. Reverse resolution is typically used to improve credibility of email servers.

Product Advantages The DNS service has the following advantages: ● High performance DNS can handle millions of concurrent queries on a single node, allowing your end users to quickly access the closest application endpoints that are healthy. ● Easy access to cloud resources You can host private domain names so that your ECSs can communicate with each other or with resources within VPCs using private domain names. Traffic is not directed to the Internet, and this reduces network latency and improves security.

2021-04-20 1 Domain Name Service User Guide 1 Overview

● Isolation of core data A private DNS server provides domain name resolution for ECSs carrying core data, enabling communications while safeguarding the core data. You do not need to bind EIPs to these ECSs.

How to Access The cloud platform provides a web-based management console and REST APIs through which you can access the DNS service. ● Management console A web-based management console enables you to access the DNS service. With a few steps, you can start using the DNS service for domain name resolution. ● APIs REST APIs are provided for accessing the DNS service. You can also use the provided APIs to integrate DNS into a third-party system for secondary development. For details, see the Domain Name Service API Reference.

1.2 Public Zone

What Is a Public Zone? A public zone contains information about how domain names are translated into IP addresses for routing traffic over the Internet. Your users can access your website or mailbox by using a domain name.

Accessing a Website Using a Domain Name A domain name is required if you expect that your website is accessible on the Internet. To route traffic for the domain name, you must complete the following steps: 1. Register the domain name that your users can use to access your website. 2. Set up your website. You may need to purchase cloud resources. 3. Configure the DNS service to route Internet traffic for your domain name. Create a public zone to host the domain name on the DNS service and add record sets to map the domain name to the EIP bound to the web server where the website is deployed. For details, see Routing Internet Traffic to a Website. After you finish the above steps, end users will be able to access your website on the Internet with the registered domain name and its subdomains.

2021-04-20 2 Domain Name Service User Guide 1 Overview

Figure 1-1 How DNS routes Internet traffic to a website

● Phase 1 shows how DNS resolves your domain name. ● Phase 2 shows how a user accesses your website using your domain name. Public domain name resolution depends on the DNS hierarchy. The following describes the hierarchies of domain names and how domain names are resolved.

DNS Hierarchy Domain names are hierarchical, and domain resolution is a recursive lookup process. The following uses example.com to describe the hierarchies of domain names. ● Root domain A dot (.) is the designation for the root domain. A fully qualified domain name (FQDN) ends with a dot (example.com.). When you enter a domain name (example.com) in the browser, the DNS system will automatically add a dot in the end. Root domain names are resolved by root DNS servers that hold the addresses of top-level DNS servers. ● Top-level domain Below the root domain are top-level domains, which are categorized into two types: – Generic top-level domain (gTLD), such as .com, .net, .org, and .top – Country code top-level domain (ccTLD), such as .cn, .uk, and .de Top-level domains are resolved by top-level DNS servers that hold the addresses of second-level DNS servers. For example, the top-level DNS server of .com saves the addresses of all DNS servers of second-level domain names that end with .com. ● Second-level domain Second-level domains (such as example.com) are subdomains of top-level domains and are resolved by second-level DNS servers, which provide authoritative domain name resolution services. For example, if you purchase example.com from a domain name registrar and set a DNS server for the domain name, the DNS server will provide

2021-04-20 3 Domain Name Service User Guide 1 Overview

authoritative resolution for example.com, and its address will be recorded by all top-level DNS servers. If you host domain names on the DNS service, authoritative DNS servers will be provided for your domain names.

Domain Name Resolution

Figure 1-2 shows the process for accessing a website using the domain name www.example.com.

Figure 1-2 Domain name resolution

1. A user enters www.example.com in the address box of the browser. 2. The request for querying domain name www.example.com is then sent to the local DNS server. Local DNS servers are usually provided by the Internet service provider to cache domain name information and perform recursive lookup. 3. If the local DNS server does not find any records in the cache, it routes the request for www.example.com to the root DNS server. 4. The root DNS server returns the DNS server address of .com (because the domain name suffix is .com) to the local DNS server. 5. The local DNS server sends the query request to the DNS server of .com. 6. The .com DNS server returns the address of the second-level DNS server which provides authoritative records for example.com. 7. The local DNS server sends the request to the DNS server of example.com. If you have hosted www.example.com on the DNS service and set its DNS servers to the DNS servers provided by the DNS service, these DNS servers will provide authoritative records for the domain name. 8. The second-level DNS server returns the IP address mapped to www.example.com to the local DNS server. 9. The local DNS server returns the IP address to the web browser. 10. The web browser accesses the website server with the IP address. 11. The website server returns the web page to the browser. 12. The user views the web page using the browser.

For details, see Routing Internet Traffic to a Website.

2021-04-20 4 Domain Name Service User Guide 1 Overview

1.3 Private Zone

What Is a Private Zone? A private zone contains information about how to map domain names used within VPCs such as ecs.com to private IP addresses such as 192.168.1.1. With private domain names, your ECSs can communicate with each other within the VPCs without having to connect to the Internet. You can also access cloud services, such as OBS and SMN, via the private DNS server. Figure 1-3 shows the process how a private domain name is resolved.

Figure 1-3 Process for resolving a private domain name

When an ECS in the VPC requests a private domain name, the private DNS server directly returns a private IP address mapped to the domain name. Private zones allow you to: ● Flexibly customize private domain names in your VPCs. ● Associate one or more multiple VPCs with one domain name. ● Use private DNS servers to prevent DNS spoofing and quickly respond to requests for accessing ECSs in VPCs as well as OBS and RDS resources. You can use private domain names in the following scenarios: ● Managing ECS Host Names ● Replacing an ECS Without Service Interruption ● Accessing Cloud Resources

Managing ECS Host Names You can plan host names based on the locations, usages, and account information of ECSs, and map the host names to private IP addresses, helping you manage ECSs more easily.

2021-04-20 5 Domain Name Service User Guide 1 Overview

For example, if you have deployed 20 ECSs in an AZ, 10 for website A and 10 for website B, you can plan their host names (private domain names) as follows:

● ECSs for website A: weba01.region1.az1.com – weba10.region1.az1.com ● ECSs for website B: webb01.region1.az1.com – webb10.region1.az1.com

After you configure the host names, you will be able to quickly determine the locations and usages of ECSs during routine management and maintenance.

See Configuring a Private Zone for detailed operations.

Replacing an ECS Without Service Interruption As the number of Internet users is continuously increasing, a website application deployed only on one server can hardly handle concurrent requests during business spikes. A common practice is to deploy the application on multiple servers and distribute the load across servers.

These servers are in the same VPC and communicate with each other using private IP addresses that are coded into internal APIs called among ECSs. If one server is replaced in the system, its private IP address changes accordingly. As a result, you need to change this IP address in the APIs and re-publish the website. This poses challenges for system maintenance.

If you create a private zone for each server in the VPCs and map their host names to private IP addresses, they will be able to communicate using private domain names. When you replace any of the ECSs, you only need to change the IP address in record sets, instead of modifying the code.

Figure 1-4 shows a typical scenario of private zones.

Figure 1-4 Configuring private DNS for cloud servers

ECSs and RDS instances are in the same VPC.

● ECS0: primary service node ● ECS1: public service interface ● RDS1: service database

2021-04-20 6 Domain Name Service User Guide 1 Overview

● ECS2 and RDS2: backup service node and backup database When ECS1 becomes faulty, the backup server ECS2 must work instead. However, if no private domain names are configured for the two ECSs, you need to change the private IP addresses in the code for ECS0. This will interrupt services, and you will need to publish the website again. Now assume that you have configured private domain names for the ECSs and have included these domain names in the code. If ECS1 becomes faulty, you only need to change the DNS records to direct traffic to ECS2. Services are not interrupted, and you do not need to publish the website again.

Accessing Cloud Resources Configure private domain names for ECSs so that they can access other cloud services, such as SMN and OBS, without connecting to the Internet. When you create an ECS, note the following: ● If a public DNS server is configured for the subnet where the ECS resides and the VPC of this subnet has been associated with a private zone, requests to access cloud services will be routed over the Internet. Figure 1-5 shows the process for resolving a domain name when an ECS accesses cloud services. Requests are routed on the Internet, resulting in an increase in network latency. ● If a private DNS server is configured for the subnet, it directly processes the requests to access cloud resources. When the ECS accesses these cloud services, the private DNS server returns their private IP addresses, instead of routing requests over the Internet. This reduces network latency and improves access speed. Steps 1 to 4 on the left of Figure 1-5 shows the process.

Figure 1-5 Accessing cloud services

2021-04-20 7 Domain Name Service User Guide 1 Overview

1.4 Reverse Resolution Reverse resolution involves obtaining a domain name based on an IP address and is typically used to improve credibility of email servers.

After a recipient server receives an email, it checks whether the IP address and domain name of the sender server are trustworthy and determines whether the email is spam. If the recipient server cannot obtain the domain name mapped to the IP address of the sender server, it considers that the email is sent by a malicious host and rejects it. It is necessary to configure pointer records (PTR) to point the IP addresses of your email servers to domain names.

In the following figure, an ECS serves as an email server, and a PTR record is configured to map the EIP of the ECS to the domain name configured for accessing the email server.

Figure 1-6 Reverse resolution

NO TE

Figure 1-6 shows only the process for reverse resolution. Information about how an email server checks the credibility of the sender's IP address and whether domain name is available on the Internet is not provided here.

If no PTR records are configured, the recipient server will treat emails from the email server as spam or malicious and discard them.

See Configuring a PTR Record for detailed operations.

1.5 Related Services Table 1-1 shows the relationships between DNS and other services.

Table 1-1 Related services

Description Related Service Reference

Provide public domain Elastic Cloud Server Routing Internet Traffic name resolution services (ECS) to a Website for ECSs.

2021-04-20 8 Domain Name Service User Guide 1 Overview

Description Related Service Reference

Create VPCs for the DNS Virtual Private Cloud Configuring a Private service. (VPC) Zone

Host static website Object Storage Service Using a User-Defined resources to map (OBS) Domain Name to domain names to Configure Static buckets. Website

Record operations Cloud Trace Service DNS Operations performed on the DNS (CTS) Recorded by CTS service

1.6 Product Concepts

1.6.1 Domain Name Format and Structure A valid domain name meets the following requirements: ● A domain name is segmented using dots (.) into multiple labels. ● A domain name label can contain letters, digits, and hyphens (-) and cannot start or end with a hyphen. ● A label cannot exceed 63 characters. ● The total length of a domain name, including the dot at the end, cannot exceed 254 characters. Domain names are classified into the following levels based on their structure: ● Root domain: . (a dot) ● Top-level domain: for example, .com, .net, .org, and .cn ● Second-level domain: subdomains of the top-level domain names, such as example.com, example.net, and example.org ● Third-level domain: subdomains of the second-level domain names, such as abc.example.com, abc.example.net, and abc.example.org ● The next-level domain names are similarly expanded by adding prefixes to the previous-level domain names, such as def.abc.example.com, def.abc.example.net, and def.abc.example.org. 1.6.2 Record Set

Overview A record set is a collection of resource records that belong to the same domain name. A record set defines DNS record types and values. If you have created a zone on the DNS console, you can create record sets to expand the domain name or record its detailed information. Table 1-2 describes the record set types and their application scenarios.

2021-04-20 9 Domain Name Service User Guide 1 Overview

Table 1-2 Record set usages Type Where to Use Usage

A Public and Maps domains to IPv4 addresses. private zones

CNAME Public and Maps one domain name to another or multiple private zones domain names to one domain name.

MX Public and Maps domain names to email servers. private zones

AAAA Public and Maps domain names to IPv6 addresses. private zones

TXT Public and Specifies text records. TXT record sets are usually private zones used in the following scenarios: ● To record DKIM public keys to prevent email fraud. ● To record the identity of domain name owners to facilitate domain name retrieval.

SRV Public and Records servers providing specific services. private zones

NS Public and Delegates subdomains to other name servers. private zones ● For public zones, an NS record set is automatically created, and you can add NS records for subdomains. ● For private zones, an NS record set is automatically created, and you cannot add other NS record sets.

SOA Public and Specifies the master authoritative DNS server for a private zones domain name. The SOA record set is created by the system and cannot be added manually.

CAA Public zone Grants certificate issuing permissions to CAs. CAA record sets can be used to prevent the issuance of unauthorized HTTPS certificates.

PTR Private zone Maps IP addresses to domain names.

Usage Record sets are used in following scenarios: ● Website domain name resolution A and AAAA record sets are usually used to build websites. They translate domain names into IP addresses.

2021-04-20 10 Domain Name Service User Guide 1 Overview

Figure 1-7 Website domain name resolution

● Private domain name resolution On a private network, A and AAAA record sets translate private domain names into private IP addresses.

Figure 1-8 Private domain name resolution

● Email domain name resolution MX, CNAME, and TXT record sets are usually used for email services.

Figure 1-9 Email domain name resolution

● Reverse resolution on a private network You can use PTR records to translate private IP addresses into private domain names.

Figure 1-10 Reverse resolution on a private network

Helpful Links For details, see Overview. 1.6.3 Region and AZ

Concept A region and availability zone (AZ) identify the location of a data center. You can create resources in a specific region and AZ.

2021-04-20 11 Domain Name Service User Guide 1 Overview

● A region is a physical data center, which is completely isolated to improve fault tolerance and stability. The region that is selected during resource creation cannot be changed after the resource is created. ● An AZ is a physical location where resources use independent power supplies and networks. A region contains one or more AZs that are physically isolated but interconnected through internal networks. Because AZs are isolated from each other, any fault that occurs in one AZ will not affect others.

Figure 1-11 shows the relationship between regions and AZs.

Figure 1-11 Regions and AZs

Selecting a Region

Select a region closest to your target users for lower network latency and quick access.

Selecting an AZ

When deploying resources, consider your applications' requirements on disaster recovery (DR) and network latency.

● For high DR capability, deploy resources in different AZs within the same region. ● For lower network latency, deploy resources in the same AZ.

Regions and Endpoints

Before you use an API to call resources, specify its region and endpoint. For more details, see Regions and Endpoints. 1.6.4 Project

Projects are used to group and isolate OpenStack resources, including computing, storage, and network resources. Multiple projects can be created for one account. A project can be a department or a project team.

Public zones are global-level resources, while private zones and PTR records are resources at the region level. Private zones and PTR records are isolated and managed based on projects. You need to create, query, and configure private zones or PTR records in specific regions and projects.

2021-04-20 12 Domain Name Service User Guide 1 Overview

1.6.5 User Permissions The system provides two types of permissions by default: user management and resource management. ● User management refers to management of users, user groups, and user group permissions. ● Resource management refers to control operations that can be performed by users on cloud service resources. The DNS service provides the following resources: public zones, private zones, and PTR records. ● Public zone: global-level resources. However, you need to add permissions for users in the region, instead of in the global service. ● Private zone and PTR record: region-level resources. You need to add permissions for users in the project. For details, see section Permissions.

2021-04-20 13 Domain Name Service User Guide 2 Getting Started

2 Getting Started

2.1 Quick Start

DNS provides domain name resolution services in different network scenarios.

Selecting a Service Type

Select a DNS service type based on Table 2-1.

Table 2-1 DNS service types

Type Scenario Reference

Public domain Map domain names to web Routing Internet Traffic to resolution servers or web applications on a Website the Internet.

Private domain Map private domain names to Configuring a Private Zone resolution private IP addresses within VPCs.

Reverse Obtain public domain names Configuring a PTR Record resolution based on IP addresses. PTR records are mainly used to build email servers.

2.2 Routing Internet Traffic to a Website

Scenarios

After you register a domain name and set up a website using an IP address, configure the domain name so that visitors can access your website on the Internet.

2021-04-20 14 Domain Name Service User Guide 2 Getting Started

For example, you can deploy a web server with an IPv4 EIP. To access the website through domain name example.com and its subdomain www.example.com, do as follows: ● Add an A record set that maps the domain name example.com to the EIP. ● Add an A record set that maps the subdomain www.example.com to the EIP.

Prerequisites ● You have registered domain name example.com. ● You have deployed a web server and obtained its IP address.

Process Figure 2-1 shows the process for configuring a domain name for your web server.

Figure 2-1 Process for configuring a domain name

Step 1. Create a Public Zone Create a public zone for your domain name and add record sets to it. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones. The Public Zones page is displayed. 4. Click Create Public Zone.

2021-04-20 15 Domain Name Service User Guide 2 Getting Started

5. Set Name to example.com. Set other parameters by referring to Creating a Public Zone.

Figure 2-2 Creating a public zone

6. Click OK. View the created public zone on the Public Zones page.

Figure 2-3 Public zone list

NO TE

Click the zone name to view zone details. You can view SOA and NS record sets automatically generated by the system. ● The SOA record set defines the DNS server that is the authoritative information source for a particular domain name. ● The NS record set defines authoritative DNS servers for a domain name.

Step 2. Add an A Record Set for the Domain Name Add an A record set to the created public zone to allow access the website using example.com.

2021-04-20 16 Domain Name Service User Guide 2 Getting Started

1. On the Public Zones page, click the name (example.com) of the public zone you created. The Record Sets page is displayed. 2. Click Add Record Set. 3. Set the parameters as follows: – Name: Leave this parameter blank. The system automatically considers example.com to be the name, and requests are routed to example.com. – Type: Set it to A – Map domains to IPv4 addresses. – Value: Enter the EIP of the web server. Retain default settings for other parameters. For detailed descriptions of the parameters, see Adding an A Record Set.

Figure 2-4 Adding an A record set

4. Click OK. View the added record set in the record set list and ensure that the status of the record set is Normal.

Step 3. Add an A Record Set for the Subdomain Add another record set to allow access to your website using www.example.com. 1. On the Public Zones page, click the name (example.com) of the public zone you created.

2021-04-20 17 Domain Name Service User Guide 2 Getting Started

The Record Sets page is displayed. 2. Click Add Record Set. 3. Set the parameters as follows: – Name: Set the value to www, indicating that the subdomain to be resolved is www.example.com. – Type: Set it to A – Map domains to IPv4 addresses. – Value: Enter the EIP of the web server. Retain default settings for other parameters. For detailed descriptions of the parameters, see Adding an A Record Set.

Figure 2-5 Adding an A record set

4. Click OK. View the added record set in the list and ensure that the status of the record set is Normal.

Step 4. Change DNS Servers of the Domain Name

The DNS service provides authoritative DNS servers for domain resolution.

After you create a public zone, an NS record set is generated, which specifies the DNS servers provided by the DNS service.

2021-04-20 18 Domain Name Service User Guide 2 Getting Started

If DNS servers of the public domain name are not the same as those in the NS record set, the DNS service will not be able to resolve the domain name. You must change the DNS servers of the domain name on the registrar's website.

NO TE

Generally, the changes to DNS servers take effect within 48 hours, but the time may vary depending on the domain name registrar's cache duration. Query the DNS servers provided by the DNS service 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones. The Public Zones page is displayed. 4. Click the name of the public zone you created. Locate the NS record set. The DNS servers provided by the DNS service are displayed under Value.

Figure 2-6 NS record set

Change the DNS servers Log in to the domain name registrar's website and change the DNS servers to those provided by the DNS service. Refer to the domain name registrar's documentation for detailed operations.

2.3 Configuring a Private Zone

Scenarios If you have deployed ECSs and other cloud services on the cloud, you can configure private domain names for the ECSs so that they can communicate using domain names within VPCs. You can create any private zones for domain names that are unique within VPCs. You do not need to register the domain names. This section describes how to configure a private zone for a private domain name and add an A record set.

Prerequisites You have created an ECS and obtained its VPC name and private IP address.

Process Figure 2-7 shows the process for configuring a private zone for a domain name.

2021-04-20 19 Domain Name Service User Guide 2 Getting Started

Figure 2-7 Process for configuring a private zone

Create a Private Zone Create a private zone to allow access to your ECS using a private domain name. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Private Zones. The Private Zones page is displayed.

4. Click in the upper left corner and select the desired region and project. 5. Click Create Private Zone. 6. Set Name to example.com and select the VPC where the ECS resides. For details about more parameters, see Creating a Private Zone.

2021-04-20 20 Domain Name Service User Guide 2 Getting Started

Figure 2-8 Creating a private zone

7. Click OK. 8. Switch back to the Private Zones page. View the created private zone.

NO TE

Add an A Record Set

To access the ECS using example.com, add an A record set.

1. On the Private Zones page, click the name of the private zone you created. The Record Sets page is displayed. 2. Click Add Record Set. 3. Set the parameters as follows: – Name: Leave this parameter blank. The system automatically considers example.com to be the name, and requests are routed to example.com. – Type: Set it to A – Map domains to IPv4 addresses.

2021-04-20 21 Domain Name Service User Guide 2 Getting Started

– Value: Enter the private IP address of the ECS. Retain the default values for other parameters. For details, see Adding an A Record Set.

Figure 2-9 Add Record Set

4. Click OK. 5. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal.

(Optional) Configure DNS Servers for the VPC Subnet

To ensure that private domain names can be resolved in a VPC, change the DNS servers for the VPC subnet to those provided by the DNS service.

Query the private DNS servers provided by the DNS service

1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Private Zones. The Private Zones page is displayed.

2021-04-20 22 Domain Name Service User Guide 2 Getting Started

4. Click in the upper left corner and select the desired region and project. 5. In the private zone list, click the name of the zone and view the DNS servers.

Change the DNS servers

1. Go to the private zone list. 2. Click the VPC name under Associated VPC. On the VPC console, change the DNS servers of the VPC subnet. For details, see Modifying a Subnet.

2.4 Configuring a PTR Record

Scenarios

PTR records are used to prove credibility of IP addresses and domain names of email servers. Most spam senders use email servers whose IP addresses are dynamically allocated or not mapped to registered domain names in order to avoid being tracked. If you do not want emails sent from your email server to be considered as spam, add a PTR record to map the email server IP address to a domain name. In this way, the email recipient can obtain the domain name by IP address and will know that the email server is trustworthy.

If you use an ECS as an email server, configure a PTR record to map the ECS IP address to a domain name.

NO TE

After an ECS is successfully created and assigned with an EIP, a PTR record will be generated for the EIP by default in format of ecs-xx-xx-xx-xx.compute.xxx.com, where xx- xx-xx-xx is the EIP and xxx is the domain name provided by the cloud platform. You can use one of the following methods to query the default PTR record of an EIP: ● ping -a EIP ● nslookup [-qt=ptr] EIP ● dig -x EIP The default PTR record of the EIP may not be applicable in some scenarios. For example, it cannot be used as the domain name of an email server. In this case, create a PTR record for the EIP. After you create a PTR record, the default record will be overwritten.

This section describes how to add a PTR record for a cloud resource, such as ECS.

Constraints

Currently, you can configure PTR records only for IP addresses with a 32-bit subnet mask.

Prerequisites ● You have registered a domain name. ● You have created an ECS and bound an EIP to it.

2021-04-20 23 Domain Name Service User Guide 2 Getting Started

Procedure 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose PTR Records. The PTR Records page is displayed.

4. Click in the upper left corner and select the desired region and project. 5. Click Create PTR Record. – EIP: Select the EIP of the ECS. – Domain Name: Enter the domain name that the EIP points to. Retain default settings for other parameters. For detailed descriptions of the parameters, see Creating a PTR Record.

Figure 2-10 Creating a PTR record

6. Click OK. View the created PTR record on the PTR Records page.

Figure 2-11 PTR Records

2021-04-20 24 Domain Name Service User Guide 2 Getting Started

NO TE

If the domain name is mapped to multiple EIPs, you must create a PTR record for each EIP. 7. Verify that the PTR record has taken effect. Run the following DOS command on a PC connected to the Internet: nslookup -qt=ptr IP address

2021-04-20 25 Domain Name Service User Guide 3 Public Zone

3 Public Zone

3.1 Overview A public zone provides information to translate a domain name and its subdomains into IP addresses required for network communications on the Internet. Visitors can access your website by entering a domain name in the address box of a browser. DNS provides public domain names resolution. To resolve public domain names, you must host the registered domain names on the DNS service. This chapter describes how to create and manage public zones.

Table 3-1 Public zone operations Operation Scenario Remarks

Creating a Create a zone for your ● Public zones are global Public Zone domain name. resources. You do not need to set a region or project. ● Each user can add a maximum of 50 public zones. ● The domain name can be a second-level domain name or one of its subdomains, for example, abc.example.com.

Managing Modify, delete, and view ● Once a public zone is created, Public public zones. its name cannot be modified. Zones ● After a public zone is deleted, all its record sets will also be deleted.

2021-04-20 26 Domain Name Service User Guide 3 Public Zone

3.2 Creating a Public Zone

Scenarios Create a public zone on the DNS console to resolve your domain name.

Prerequisites You have registered a domain name.

Procedure If your domain name is registered with a third-party registrar, create a public zone and add record sets to it on the DNS console. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones. The Public Zones page is displayed. 4. Click Create Public Zone. 5. Set the parameters.

Figure 3-1 Creating a public zone

2021-04-20 27 Domain Name Service User Guide 3 Public Zone

Table 3-2 describes the parameters.

Table 3-2 Parameters for creating a public zone

Parameter Description Example Value

Name Name of the public zone, which is example.com the domain name you registered

Email (Optional) Email address of the HOSTMASTER@exam administrator managing the public ple.com zone It is recommended that you set the email address to HOSTMASTER@Domain name. For more information about the email address, see Why Was the Email Address Format Changed in the SOA Record?

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. example_value1 You can add a maximum of 20 tags to a zone. For details about tag key and value requirements, see Table 3-3.

Description (Optional) Supplementary This is a zone information about the zone example. You can enter a maximum of 255 characters.

Table 3-3 Tag key and value requirements

Parameter Requirements Example Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters. ● Can contain only letters, digits, hyphens (-), and underscores (_).

Value ● Cannot be left blank. example_value1 ● Can contain a maximum of 43 characters. ● Can contain only letters, digits, hyphens (-), and underscores (_).

2021-04-20 28 Domain Name Service User Guide 3 Public Zone

6. Click OK. View the created public zone on the Public Zones page. 7. Click the zone name or click Add Record Set under Operation. On the Record Sets page, click Add Record Set. For detailed operations, see Overview.

NO TE

Follow-up Operations After a public zone is created, you can perform the following operations:

● Add record sets for it. For details, see Overview. ● Modify or delete it, or view its details. For details, see Managing Public Zones.

3.3 Managing Public Zones

Scenarios You can view details of a public zone, modify a public zone, or delete a public zone.

Modifying a Public Zone Change the email address of the domain name administrator and description of the public zone.

NO TE

For more information about the email address, see Why Was the Email Address Format Changed in the SOA Record? 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones. The Public Zones page is displayed. 4. Locate the public zone you want to modify and click Modify under Operation. The Modify Public Zone dialog box is displayed. 5. Change the email address or description of the zone as required. 6. Click OK.

2021-04-20 29 Domain Name Service User Guide 3 Public Zone

Deleting a Public Zone Delete a public zone when you no longer need it. After a public zone is deleted, the domain name and its subdomains cannot be resolved by the DNS service.

NO TICE

Before you delete a public zone, back up all record sets in the public zone.

1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones. The Public Zones page is displayed. 4. Locate the public zone you want to delete and click Delete under Operation. The Delete Public Zone dialog box is displayed. 5. Click Yes.

Viewing Details About a Public Zone View details about a public zone, such as zone ID, operation time, tag, and TTL, on the Public Zones page. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. On the Dashboard page, click Public Zones under My Resources. 4. Locate the public zone you want to view and click before the zone name to view its details.

2021-04-20 30 Domain Name Service User Guide 4 Private Zone

4 Private Zone

4.1 Overview

Private zones provide configurations for private domain names that are only applicable within VPCs, and they map private domain names to private IP addresses and resolve domain names within VPCs.

● You can create any domain names without registering them. ● One private zone can be associated with multiple VPCs, and domain names are valid only in VPCs.

To use private domain names, you must first create a private zone and associate VPCs with it.

This chapter describes how to create and manage private zones.

Table 4-1 Private zone operations

Operation Description Constraint

Creating a Create a zone for ● Private zones are project-level Private your domain name. resources. When you create a private Zone zone, select a region and project. ● Each account can create a maximum of 50 private zones. ● Private domain names must meet the following requirements: – Domain name labels are separated by dot (.), and each label does not exceed 63 characters. – A domain name label can contain letters, digits, and hyphens (-) and cannot start or end with a hyphen. – The total length of a domain name cannot exceed 254 characters.

2021-04-20 31 Domain Name Service User Guide 4 Private Zone

Operation Description Constraint

Managing Modify, delete, and ● The name of a private zone cannot be Private query private zones. modified after the zone is created. Zones ● After a private zone is deleted, all its record sets will also be deleted.

Associating Configure private ● You can only associate VPCs that you a VPC with domain names for have created using your own account. a Private VPCs. ● Each VPC can be associated only with Zone one private zone. However, a private zone can have more than one VPC associated with it.

Disassociati Disassociate a VPC ● After the disassociation, private domain ng a VPC from a private names will not take effect in the VPC. from a zone. ● If a private zone is only associated with Private one VPC, you cannot disassociate it. Zone

4.2 Creating a Private Zone

Scenarios Create a private zone to resolve a private domain name within VPCs.

Prerequisites ● You have created a VPC. ● You have created an ECS in the VPC and planned a domain name (example.com) for the ECS.

Procedure 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Private Zones. The Private Zones page is displayed.

4. Click in the upper left corner and select the desired region and project. 5. Click Create Private Zone. 6. Set the required parameters.

2021-04-20 32 Domain Name Service User Guide 4 Private Zone

Figure 4-1 Creating a private zone

Table 4-2 describes the parameters.

Table 4-2 Parameters for creating a private zone Parameter Description Example Value

Name Name of the private zone, which is example.com the private domain name you have planned for the ECS You can enter a top-level domain that complies with the domain naming rules.

VPC VPC to be associated with the private - zone NOTE This VPC must be the same as the VPC where the servers are deployed. Otherwise, the domain name cannot be resolved.

2021-04-20 33 Domain Name Service User Guide 4 Private Zone

Parameter Description Example Value

Email (Optional) Email address of the HOSTMASTER@exam administrator managing the private ple.com zone It is recommended that you set the email address to HOSTMASTER@Domain name. For more information about the email address, see Why Was the Email Address Format Changed in the SOA Record?

Description (Optional) Supplementary This is a zone information about the zone example. You can enter a maximum of 255 characters.

Table 4-3 Tag key and value requirements Parameter Requirements Example Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters. ● Can contain only letters, digits, hyphens (-), and underscores (_).

Value ● Cannot be left blank. example_value1 ● Can contain a maximum of 43 characters. ● Can contain only letters, digits, hyphens (-), and underscores (_).

7. Click OK. 8. Switch back to the Private Zones page. View the created private zone in the zone list. 9. Click the zone name to add a record set. On the Record Sets page, click Add Record Set. For detailed operations, see Overview.

2021-04-20 34 Domain Name Service User Guide 4 Private Zone

NO TE

Follow-up Operations After a private zone is created, you can perform the following operations: ● Add record sets for it. For details, see Overview. ● Modify or delete it, or view its details. For details, see Managing Private Zones.

4.3 Managing Private Zones

Scenarios You can view details of a private zone, modify a private zone, or delete a private zone.

Modifying a Private Zone Change the email address of the domain name administrator and description of the private zone.

NO TE

4. Click in the upper left corner and select the desired region and project. 5. Locate the private zone you want to modify and click Modify under Operation. The Modify Private Zone dialog box is displayed. 6. Change the email address or description of the zone as required. 7. Click OK.

Deleting a Private Zone Delete a private zone when you no longer need it. After a private zone is deleted, the domain name and its subdomains cannot be resolved by the DNS service.

2021-04-20 35 Domain Name Service User Guide 4 Private Zone

NO TICE

Before you delete a private zone, back up all record sets in the private zone.

4. Click in the upper left corner and select the desired region and project. 5. Locate the private zone you want to delete and click Delete under Operation. The Delete Private Zone dialog box is displayed. 6. Click Yes.

Viewing Details About a Private Zone View details about a private zone, such as zone ID, operation time, tag, and TTL, on the Private Zones page. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. On the Dashboard page, click Private Zones under My Resources.

4. Click in the upper left corner and select the desired region and project. 5. Locate the private zone you want to view and click before the zone name to view its details.

4.4 Associating a VPC with a Private Zone

Scenarios Associate a VPC with a private zone so that the private domain name can work in this VPC.

NO TE

This VPC must be the same as the VPC where the servers are deployed. Otherwise, the domain name cannot be resolved.

Procedure 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Private Zones.

2021-04-20 36 Domain Name Service User Guide 4 Private Zone

The Private Zones page is displayed.

4. Click in the upper left corner and select the desired region and project. 5. Locate the private zone with which you want to associate the VPC and click Associate VPC under Operation. 6. Select the VPC you want to associate. If no VPCs are available, create one on the VPC console and then associate the private zone with it.

Figure 4-2 Associating a VPC

7. Click OK. The VPC is displayed under Associated VPC.

4.5 Disassociating a VPC from a Private Zone

Scenarios Disassociate a VPC from a private zone if you do not want to the private domain name to work in this VPC. If a private zone has only one VPC associated, you cannot disassociate the VPC.

NO TE

If you do not intend to use private domain names, delete the private zone.

4. Click in the upper left corner and select the desired region and project. 5. Locate the private zone from which a VPC is to be disassociated, select the VPC to be disassociated under Associated VPC, and click on the right of the VPC.

2021-04-20 37 Domain Name Service User Guide 4 Private Zone

Figure 4-3 Associated VPC

6. In the Disassociate VPC dialog box, click Yes.

Figure 4-4 Disassociating a VPC

2021-04-20 38 Domain Name Service User Guide 5 Record Set

5 Record Set

5.1 Overview A record set is a collection of resource records that belong to the same domain name. A record set defines DNS record types and values.

Table 5-1 Record set management Operation Scenario Constraint

Record Set View record set types None Types and supported by the DNS Configurati service and their on Rules configuration rules.

Adding Add record sets to a domain ● After a zone is created for a Record Sets name. domain name, the system For details, see Table 5-2. automatically creates the SOA and NS record sets. ● A maximum of 500 record sets can be added in an account.

Managing Modify, delete, and view ● After a record set is added, its Record Sets record sets. resolution line cannot be modified. ● You cannot modify or delete SOA and NS record sets automatically generated by the system.

Creating a Add a record set that Wildcard DNS resolution does not Wildcard matches all subdomains. support NS record sets. DNS Record Set

Figure 5-1 shows the process for configuring a record set on the DNS console.

2021-04-20 39 Domain Name Service User Guide 5 Record Set

Figure 5-1 Process for configuring a record set

NO TE

Either a public or private zone can be created. For details, see the following: ● Creating a Public Zone ● Creating a Private Zone

5.2 Record Set Types and Configuration Rules

Type

Table 5-2 describes the record set types.

Table 5-2 Record set types

Record Set Scenario Description Type

A Public and private Maps domains to IPv4 addresses. zones

CNAME Public and private Maps one domain name to another or zones multiple domain names to one domain name.

MX Public and private Maps domain names to email servers. zones

AAAA Public and private Maps domain names to IPv6 addresses. zones

2021-04-20 40 Domain Name Service User Guide 5 Record Set

Record Set Scenario Description Type

TXT Public and private Specifies text records. It is usually used zones in the following scenarios: ● To record DKIM public keys to prevent email fraud. ● To record the identity of domain name owners to facilitate domain name retrieval.

SRV Public and private Records servers providing specific zones services.

NS Public and private Delegates subdomains to other name zones servers. ● For public zones, an NS record set is automatically created, and you can add NS record sets for subdomains. ● For private zones, an NS record set is automatically created, and you cannot add other NS record sets.

SOA Public and private Specifies the master authoritative DNS zones server for a domain name. The SOA record set is created by the system and cannot be added manually.

CAA Public zone Grants certificate issuing permissions to CAs. CAA record sets can be used to prevent the issuance of unauthorized HTTPS certificates.

PTR Private zone Maps IP addresses to domain names.

Record Set Configuration

Table 5-3 lists the value requirements for different types of record sets.

Table 5-3 Requirements for record set values

Record Value Example Set Type

A IPv4 addresses mapped to the domain 192.168.12.2 name 192.168.12.3 You can enter a maximum of 50 record values, each on a separate line.

CNAME Domain name alias. You can enter only www.example.com one domain name.

2021-04-20 41 Domain Name Service User Guide 5 Record Set

Record Value Example Set Type

MX Email server address 10 You can enter a maximum of 50 record mailserver.example.co values, each on a separate line. m. The format is [priority][mail server host 20 name]. mailserver2.example.c om. Configuration rules: ● priority: priority for an email server to receive emails. A smaller value indicates a higher priority. ● mail server host name: domain name provided by the email service provider

AAAA IPv6 addresses mapped to the domain ff03:0db8:85a3:0:0:8a2 name e:0370:7334 You can enter a maximum of 50 record values, each on a separate line.

TXT Text content ● Single text record: Configuration rules: "aaa" ● Text record values must be enclosed in ● Multiple text double quotation marks. records: "bbb" ● One or more text record values are supported, each on a separate line. "ccc" A maximum of 50 text record values ● A text record that can be entered. contains multiple ● A single text record value can contain strings: multiple character strings, each of "ddd" "eee" "fff" which is double quoted and separated from others using a space. One character string cannot exceed 255 characters. A value must not exceed 4096 characters. ● The value cannot be left blank. ● The text cannot contain a backslash (\).

2021-04-20 42 Domain Name Service User Guide 5 Record Set

Record Value Example Set Type

SRV Server address 2 1 2355 You can enter a maximum of 50 record example_server.test.co values, each on a separate line. m The value format is [priority] [weight] [port number] [server address]. Configuration rules: ● The priority, weight, and port number range from 0 to 65535. ● A smaller priority value indicates a higher priority. ● A larger weight value indicates a larger weight. ● The server address is the domain name of the target server. Ensure that the domain name can be resolved. NOTE The system checks the priority values first. If the priority values are the same, the system will check the weight values.

NS DNS server address ns1.example.net You can enter a maximum of 50 record ns2.example.net values, each on a separate line.

2021-04-20 43 Domain Name Service User Guide 5 Record Set

Record Value Example Set Type

CAA CA to be authorized to issue certificates for 0 issue "ca.abc.com" a domain name or its subdomains 0 issuewild You can enter a maximum of 50 record "ca.def.com" values, each on a separate line. 0 iodef The format is [flag] [tag] [value]. "mailto:admin@domai Configuration rules: n.com" ● flag: certificate authority (CA) 0 iodef "http:// identifier, which is an unsigned domain.com/log/" character ranging from 0 to 255. Usually, the value is set to 0. ● tag: a string of 1 to 15 characters composed of letters and digits from 0 to 9. The tag can be one of the following: – issue: authorizes CAs to issue all types of certificates. – issuewild: authorizes CAs to issue wildcard certificates. – iodef: requests notifications once CAs receive invalid certificate requests. ● value: authorized CA or email address/URL required for notification once the CA receives invalid certificate requests, depending on the value of tag. The value must be enclosed in quotation marks (""). It is a string of 1 to 255 characters, including letters, digits, spaces, and special characters - #*?&_~=:;.@+^/!%

PTR Private domain name mapped to the www.example.com. private IP address. You can enter only one domain name.

5.3 Adding Record Sets

5.3.1 Adding an A Record Set

Scenarios

If you want to use a domain name to access websites, web applications, or cloud servers configured with IPv4 addresses, you can add an A record set for the domain name.

2021-04-20 44 Domain Name Service User Guide 5 Record Set

For more information about the types of record sets, see Record Set Types and Configuration Rules.

Prerequisites

You have a web server and obtained an IPv4 address.

4. (Optional) If you have selected Private Zones, click on the upper left corner to select the region and project. 5. Click the zone name. 6. Click Add Record Set. The Add Record Set dialog box is displayed. 7. Set required parameters based on Table 5-4.

Table 5-4 Parameters for adding an A record set

Paramete Description Example r Value

Name Prefix of the domain name to be resolved www For example, if the zone name is example.com, the domain name prefix can be as follows: ● www: The domain name is www.example.com, which is usually used for a website. ● Left blank: The domain name is example.com. In some cases, you may need to set the record set name to the at sign (@). However, the at sign is not supported. Leave the Name blank. ● abc: The domain name is abc.example.com, a subdomain of example.com. ● mail: The domain name is mail.example.com, which is typically used for an email server. ● *: The domain name is *.example.com, which is a wildcard domain name, indicating all subdomains of example.com.

2021-04-20 45 Domain Name Service User Guide 5 Record Set

Paramete Description Example r Value

Type Type of the record set A – Map If a message is displayed indicating that the domains to record set you are trying to create exists, the IPv4 record set conflicts with an existing record set. addresses

TTL (s) Cache duration of the record set on a local The default DNS server, in seconds value is 300, The value ranges from 1 to 2147483647, and which is, 5 the default is 300. minutes. If your service address changes frequently, set TTL to a smaller value.

Value IPv4 addresses mapped to the domain name 192.168.12.2 You can enter a maximum of 50 record values, 192.168.12.3 each on a separate line.

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. You can example_valu add a maximum of 20 tags to a record set. e1 This parameter is displayed when you enable Other Settings. For details about tag key and value requirements, see Table 5-5.

Descriptio (Optional) Supplementary information about N/A n the record set You can enter a maximum of 255 characters.

Table 5-5 Tag key and value requirements Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal.

2021-04-20 46 Domain Name Service User Guide 5 Record Set

Related Operations For more information about how to configure A record sets, see Routing Internet Traffic to a Website. 5.3.2 Adding an AAAA Record Set

Scenarios If you want to use a domain name to access websites, web applications, or cloud servers configured with IPv6 addresses, you can add an AAAA record set for the domain name. For more details, see Record Set Types and Configuration Rules.

Prerequisites You have a web server and obtained an IPv6 address.

2021-04-20 47 Domain Name Service User Guide 5 Record Set

Table 5-6 Parameters for adding an AAAA record set Parameter Description Example Value

Type Type of the record set AAAA – Map If a message is displayed indicating that the domains to record set you are trying to create exists, the IPv6 record set conflicts with an existing record addresses set.

TTL (s) Cache duration of the record set on a local The default DNS server, in seconds value is 300, The value ranges from 1 to 2147483647, which is, 5 and the default is 300. minutes. If your service address changes frequently, set TTL to a smaller value.

Value IPv6 addresses mapped to the domain name ff03:0db8:85a You can enter a maximum of 50 record 3:0:0:8a2e: values, each on a separate line. 0370:7334

2021-04-20 48 Domain Name Service User Guide 5 Record Set

Parameter Description Example Value

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. You example_valu can add a maximum of 20 tags to a record e1 set. This parameter is displayed when you enable Other Settings. For details about tag key and value requirements, see Table 5-7.

Description (Optional) Supplementary information - about the record set You can enter a maximum of 255 characters.

Table 5-7 Tag key and value requirements Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal. 5.3.3 Adding an NS Record Set

Scenarios If you want to specify authoritative DNS servers for a domain name, you can add NS record sets. For more details, see Record Set Types and Configuration Rules.

Constraints ● You can create NS record sets only in public zones. ● After a public zone is created, the system automatically adds an NS record set for the domain name. This NS record set cannot be modified or deleted. Therefore, you can add NS record sets only in the following scenarios: – The Name parameter is not left blank. This means that you can add NS record sets for subdomains of a domain name.

2021-04-20 49 Domain Name Service User Guide 5 Record Set

– The value of the Line parameter is not set to Default. This means that you can add NS record sets for the domain name with other resolution lines.

Procedure 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones. The Public Zones page is displayed. 4. Click the zone name. 5. Click Add Record Set. The Add Record Set dialog box is displayed. 6. Set required parameters based on Table 5-8.

Table 5-8 Parameters for adding an NS record set Paramete Description Example r Value

Name Prefix of the domain name to be resolved abc For example, if the zone name is example.com, the domain name prefix can be as follows: ● www: The domain name is www.example.com, which is usually used for a website. ● Left blank: The domain name is example.com. In some cases, you may need to set the record set name to the at sign (@). However, the at sign is not supported. Leave the Name blank. ● abc: The domain name is abc.example.com, a subdomain of example.com. ● mail: The domain name is mail.example.com, which is typically used for an email server. ● *: The domain name is *.example.com, which is a wildcard domain name, indicating all subdomains of example.com.

2021-04-20 50 Domain Name Service User Guide 5 Record Set

Paramete Description Example r Value

Type Type of the record set NS – Delegate If a message is displayed indicating that the subdomains to record set you are trying to create exists, the other name record set conflicts with an existing record servers set.

Value DNS server address ns1.example.n You can enter a maximum of 50 record et values, each on a separate line. ns2.example.n et

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. You can example_value add a maximum of 20 tags to a record set. 1 This parameter is displayed when you enable Other Settings. For details about tag key and value requirements, see Table 5-9.

Descriptio (Optional) Supplementary information about - n the record set You can enter a maximum of 255 characters.

Table 5-9 Tag key and value requirements

Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

7. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal.

2021-04-20 51 Domain Name Service User Guide 5 Record Set

5.3.4 Adding a CNAME Record Set

Scenarios If you want to map one domain name to another, add a CNAME record set for the domain name. For more details, see Record Set Types and Configuration Rules.

Constraints ● You can leave the Name parameter blank when adding a CNAME record set. ● You cannot create a CNAME record set with the same name and resolution line as an NS record set.

2021-04-20 52 Domain Name Service User Guide 5 Record Set

Table 5-10 Parameters for adding a CNAME record set Parameter Description Example Value

Name Prefix of the domain name to be resolved Left blank For example, if the zone name is example.com, the domain name prefix can be as follows: ● www: The domain name is www.example.com, which is usually used for a website. ● Left blank: The domain name is example.com. In some cases, you may need to set the record set name to the at sign (@). However, the at sign is not supported. Leave the Name blank. ● abc: The domain name is abc.example.com, a subdomain of example.com. ● mail: The domain name is mail.example.com, which is typically used for an email server. ● *: The domain name is *.example.com, which is a wildcard domain name, indicating all subdomains of example.com.

Type Type of the record set CNAME – Map If a message is displayed indicating that the one domain to record set you are trying to create exists, the another record set conflicts with an existing record set.

Value Domain name alias. You can enter only one webserver01.e domain name. xample.com

2021-04-20 53 Domain Name Service User Guide 5 Record Set

Parameter Description Example Value

Descriptio (Optional) Supplementary information about - n the record set You can enter a maximum of 255 characters.

Table 5-11 Tag key and value requirements Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal. 5.3.5 Adding an MX Record Set

Scenarios If you want to specify email servers mapped a domain name, you can add MX record sets. For details about other types of record sets, see Record Set Types and Configuration Rules.

Prerequisites You have deployed an email server and obtained its domain name.

4. (Optional) If you have selected Private Zones, click on the upper left corner to select the region and project.

2021-04-20 54 Domain Name Service User Guide 5 Record Set

5. Click the zone name. 6. Click Add Record Set. The Add Record Set dialog box is displayed. 7. Set required parameters based on Table 5-12.

Table 5-12 Parameters for adding an MX record set Paramete Description Example r Value

Type Type of the record set MX – Map If a message is displayed indicating that the domains to record set you are trying to create exists, the email servers record set conflicts with an existing record set.

2021-04-20 55 Domain Name Service User Guide 5 Record Set

Paramete Description Example r Value

Value Email server address 10 You can enter a maximum of 50 record mailserver.exa values, each on a separate line. mple.com The format is [priority][mail server host name]. Configuration rules: ● priority: priority for an email server to receive emails. A smaller value indicates a higher priority. ● mail server host name: domain name provided by the email service provider

Descriptio (Optional) Supplementary information about The n the record set description of You can enter a maximum of 255 characters. the hostname.

Table 5-13 Tag key and value requirements Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal.

2021-04-20 56 Domain Name Service User Guide 5 Record Set

5.3.6 Adding a TXT Record Set

Scenarios A TXT record set provides description for a domain name. For details about other record set types, see Record Set Types and Configuration Rules.

2021-04-20 57 Domain Name Service User Guide 5 Record Set

Table 5-14 Parameters for adding a TXT record set Parameter Description Example Value

Type Type of the record set TXT – Specify If a message is displayed indicating that the text records record set you are trying to create exists, the record set conflicts with an existing record set.

2021-04-20 58 Domain Name Service User Guide 5 Record Set

Parameter Description Example Value

Value Text content ● Single text Configuration rules: record: "aaa" ● Text record values must be enclosed in double quotation marks. ● Multiple text ● One or more text record values are records: supported, each on a separate line. "bbb" A maximum of 50 text record values can be entered. "ccc" ● A single text record value can contain ● A text multiple character strings, each of which record that is double quoted and separated from contains others using a space. multiple One character string cannot exceed 255 strings: characters. "ddd" "eee" "fff" A value must not exceed 4096 characters. ● The value cannot be left blank. ● The text cannot contain a backslash (\).

Descriptio (Optional) Supplementary information about - n the record set You can enter a maximum of 255 characters.

Table 5-15 Tag key and value requirements

Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page.

2021-04-20 59 Domain Name Service User Guide 5 Record Set

View the added record set in the record set list of the zone and ensure that the status of the record set is Normal. 5.3.7 Adding an SRV Record Set

Scenarios To record services provided by a server, you can add SRV record sets for a domain name. For details about other record set types, see Record Set Types and Configuration Rules.

Table 5-16 Parameters for adding an SRV record set Paramete Description Example r Value

Name Service (for example, FTP, SSH, or SIP) _ftp._tcp provided over the specified protocol (for _ftp._tcp example, TCP or UDP) on a host indicates that The format is _Service name._Protocol. the host provides the FTP service over TCP.

Type Type of the record set SRV – Record If a message is displayed indicating that the servers record set you are trying to create exists, the providing record set conflicts with an existing record set. specific services

2021-04-20 60 Domain Name Service User Guide 5 Record Set

Paramete Description Example r Value

Value Server address 2 1 2355 You can enter a maximum of 50 record example_serve values, each on a separate line. r.test.com The value format is [priority] [weight] [port number] [server address]. Configuration rules: ● The priority, weight, and port number range from 0 to 65535. ● A smaller priority value indicates a higher priority. ● A larger weight value indicates a larger weight. ● The server address is the domain name of the target server. Ensure that the domain name can be resolved. NOTE The system checks the priority values first. If the priority values are the same, the system will check the weight values.

Descriptio (Optional) Supplementary information about - n the record set You can enter a maximum of 255 characters.

2021-04-20 61 Domain Name Service User Guide 5 Record Set

Table 5-17 Tag key and value requirements

Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal. 5.3.8 Adding a CAA Record Set

Scenarios

If you want to specify CAs authorized to issue HTTPS certificates for your domain name, add CAA record sets for the domain name.

CAA record sets are used to prevent HTTPS certificates from being incorrectly issued.

For details about other record set types, see Record Set Types and Configuration Rules.

Constraints

CAA record sets can be added only to public zones.

2021-04-20 62 Domain Name Service User Guide 5 Record Set

Table 5-18 Parameters for adding a CAA record set Paramete Description Example r Value

Type Type of the record set CAA – Grant If a message is displayed indicating that the certificate record set you are trying to create exists, the issuing record set conflicts with an existing record set. permissions to CAs

2021-04-20 63 Domain Name Service User Guide 5 Record Set

Paramete Description Example r Value

Value CA to be authorized to issue certificates for a 0 issue domain name or its subdomains "ca.abc.com" You can enter a maximum of 50 record 0 issuewild values, each on a separate line. "ca.def.com" The format is [flag] [tag] [value]. 0 iodef Configuration rules: "mailto:admin @domain.com ● flag: certificate authority (CA) identifier, " which is an unsigned character ranging from 0 to 255. Usually, the value is set to 0 iodef "http:// 0. domain.com/ log/" ● tag: a string of 1 to 15 characters composed of letters and digits from 0 to 9. The tag can be one of the following: – issue: authorizes CAs to issue all types of certificates. – issuewild: authorizes CAs to issue wildcard certificates. – iodef: requests notifications once CAs receive invalid certificate requests. ● value: authorized CA or email address/URL required for notification once the CA receives invalid certificate requests, depending on the value of tag. The value must be enclosed in quotation marks (""). It is a string of 1 to 255 characters, including letters, digits, spaces, and special characters -#*?&_~=:;.@+^/!%

Descriptio (Optional) Supplementary information about - n the record set You can enter a maximum of 255 characters.

2021-04-20 64 Domain Name Service User Guide 5 Record Set

Table 5-19 Tag key and value requirements

Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

7. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal. 5.3.9 Adding a PTR Record

Scenarios

You can create PTR records to map private IP addresses to private domain names.

For details about other record set types, see Overview.

Constraints ● You can create PTR records only in private zones. ● PTR records take effect only in a private zone whose domain name suffix is in-addr.arpa. For details about how to add a PTR record for a public domain name, see Creating a PTR Record.

4. Click in the upper left corner and select the desired region and project. 5. Click the zone name. 6. Click Add Record Set. The Add Record Set dialog box is displayed. 7. Set required parameters based on Table 5-20.

2021-04-20 65 Domain Name Service User Guide 5 Record Set

Table 5-20 Parameters for adding a PTR record Paramete Description Example r Value

Name Name of the PTR record 10.1.168 For example, if the IP address is 192.168.1.10, the domain name in the PTR record is 10.1.168.192.i n-addr.arpa. ● If the private zone name is 192.in- addr.arpa, enter 10.1.168 in the box. ● If the private zone name is 1.168.192.in -addr.arpa, enter 10 in the box.

Type Type of the record set PTR – Map IP If a message is displayed indicating that the addresses to record set you are trying to create exists, the domains record set conflicts with an existing record set.

Value Private domain name mapped to the private host.example.c IP address. You can enter only one domain om. name.

2021-04-20 66 Domain Name Service User Guide 5 Record Set

Paramete Description Example r Value

Descriptio (Optional) Supplementary information about - n the record set You can enter a maximum of 255 characters.

Table 5-21 Tag key and value requirements

Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal.

Related Operations For more information, see How Can I Configure a PTR Record to Map the IP Address of an ECS to a Domain Name?

5.4 Managing Record Sets

Scenarios You can modify, delete, disable, or enable record sets, and view their details.

Modifying a Record Set Change the TTL, value, and description of a record set to better address your service requirements.

2021-04-20 67 Domain Name Service User Guide 5 Record Set

NO TE

SOA and NS record sets are automatically generated by the system and cannot be deleted. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones or Private Zones. The zone list is displayed.

4. (Optional) If you have selected Private Zones, click on the upper left corner to select the region and project. 5. Click the zone name. The Record Sets page is displayed. 6. Locate the record set you want to modify and click Modify under Operation. The Modify Record Set dialog box is displayed. 7. Modify the parameters. You can change only the TTL, value, and description of a record set. 8. Click OK.

Deleting a Record Set

NO TE

SOA and NS record sets are automatically generated by the system and cannot be deleted.

Record sets that are no longer required can be deleted. After a record set is deleted, it will become unavailable. For example, if an A record set is deleted, the domain name cannot be resolved into the IPv4 address specified in the record set. If a CNAME record set is deleted, the domain alias cannot be mapped to the domain name.

1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. On the Dashboard page, click Public Zones or Private Zones. The zone list is displayed.

4. (Optional) If you have selected Private Zones, click on the upper left corner to select the region and project. 5. Click the zone name. The Record Sets page is displayed. 6. Locate the record set you want to delete and click Delete under Operation. 7. In the Delete Record Set dialog box, click Yes.

Viewing Details About a Record Set 1. Log in to the management console.

2021-04-20 68 Domain Name Service User Guide 5 Record Set

2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Public Zones or Private Zones. The zone list is displayed.

5.5 Creating a Wildcard DNS Record Set

Scenarios A wildcard DNS record set is used to match requests for all subdomains in a zone. You can add a record whose name is an asterisk (*) to resolve requests to all subdomains of the domain name to the same value. This section describes how to create a wildcard DNS record set.

Constraints Wildcard DNS resolution does not support NS record sets.

4. (Optional) If you have selected Private Zones, click on the upper left corner to select the region and project. 5. Click the name of the zone to which you want to add a wildcard DNS record set. 6. Click Add Record Set. 7. Set the parameters based on Table 5-22.

2021-04-20 69 Domain Name Service User Guide 5 Record Set

Table 5-22 Parameters for adding a wildcard DNS record set Paramete Description Example Value r

Name Public (or private) domain name *.abc Enter an asterisk (*) as the leftmost label of the domain name, for example, *.example.com. NOTE Only the leftmost asterisk is considered as a wildcard character. Other asterisks in the domain name are common text characters.

Type Record set type A – Map domains Wildcard DNS resolution does not support to IPv4 addresses NS record sets.

TTL (s) Cache duration of the record set on a local The default value DNS server, in seconds is 300, which is, 5 The value ranges from 1 to 2147483647, minutes. and the default is 300. If your service address changes frequently, set TTL to a smaller value.

Value Record set value Take an A record set for example, Value is set to IPv4 addresses mapped to the domain name. Example: 192.168.12.2 192.168.12.3

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. You example_value1 can add a maximum of 20 tags to a record set. This parameter is displayed when you enable Other Settings. For details about tag key and value requirements, see Table 5-23.

Descriptio (Optional) Supplementary information This is a wildcard n about the record set DNS record set. You can enter a maximum of 255 characters.

2021-04-20 70 Domain Name Service User Guide 5 Record Set

Table 5-23 Tag key and value requirements Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

8. Click OK. 9. Switch back to the Record Sets page. View the created wildcard DNS record set in the record set list of the domain name, and ensure that the status of the record set is Normal.

2021-04-20 71 Domain Name Service User Guide 6 PTR Record

6 PTR Record

6.1 Overview Reverse resolution involves obtaining a domain name based on an IP address and is typically used to improve credibility of email servers. After a recipient server receives an email, it checks whether the IP address and domain name of the sender server are trustworthy and determines whether the email is spam. If the recipient server fails to obtain the domain name mapped to the sender's IP address, it considers that the email is sent by a malicious host and rejects it. Therefore, it is necessary to map IP addresses of your email servers to domain names by adding PTR records.

Table 6-1 PTR record description Operation Scenario Constraint

Creating a Create PTR records for ● PTR records are project-level PTR Record cloud resources such as resources. When you create a PTR ECS. record, you need to select a region and project. ● Each user can add a maximum of 50 PTR records.

Managing Modify, delete, and ● After you created a PTR record, its PTR query PTR records. EIP cannot be changed. Records ● After you delete a PTR record, the domain name mapped to your EIP will change to the default domain name.

2021-04-20 72 Domain Name Service User Guide 6 PTR Record

6.2 Creating a PTR Record

Scenarios PTR records are used to prove credibility of IP addresses and domain names of email servers. Most spam senders use email servers whose IP addresses are dynamically allocated or not mapped to registered domain names in order to avoid being tracked. If you do not want emails sent from your email server to be considered as spam, add a PTR record to map the email server IP address to a domain name. In this way, the email recipient can obtain the domain name by IP address and will know that the email server is trustworthy. If you use an ECS as an email server, configure a PTR record to map the ECS IP address to a domain name.

NO TE

This section describes how to add a PTR record for a cloud resource, such as ECS.

Constraints Currently, you can configure PTR records only for IP addresses with a 32-bit subnet mask.

Prerequisites ● You have registered a domain name. ● You have created an ECS and bound an EIP to it.

4. Click in the upper left corner and select the desired region and project.

2021-04-20 73 Domain Name Service User Guide 6 PTR Record

5. Click Create PTR Record.

Figure 6-1 Creating a PTR record

6. Set the parameters based on Table 6-2.

Table 6-2 Parameters for creating a PTR record

Parameter Description Example Value

EIP EIP of another cloud resource, for XX.XX.XX.XX example, ECS You can select an EIP from the drop-down list.

Name Domain name mapped to the EIP www.example.com

TTL (s) Cache duration period of the PTR 300 record, in seconds The default value is 300, which is, 5 minutes.

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a example_value1 value. You can add a maximum of 20 tags to a PTR record. For details about tag key and value requirements, see Table 6-3.

2021-04-20 74 Domain Name Service User Guide 6 PTR Record

Parameter Description Example Value

Description (Optional) Supplementary The description of the information about the PTR record PTR Record.

Table 6-3 Tag key and value requirements

Parameter Requirements Example Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters. ● Can contain only letters, digits, hyphens (-), and underscores (_).

Value ● Cannot be left blank. example_value1 ● Can contain a maximum of 43 characters. ● Can contain only letters, digits, hyphens (-), and underscores (_).

7. Click OK. View the created PTR record on the PTR Records page.

Figure 6-2 PTR Records

NO TE

If the domain name is mapped to multiple EIPs, you must create a PTR record for each EIP. 8. Verify that the PTR record has taken effect. Run the following DOS command on a PC connected to the Internet: nslookup -qt=ptr IP address

6.3 Managing PTR Records

Scenarios You can modify or delete PTR records and view their details.

Modifying a PTR Record Modify the domain name, TTL, or description of a PTR record.

2021-04-20 75 Domain Name Service User Guide 6 PTR Record

1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose PTR Records. The PTR Records page is displayed.

4. Click in the upper left corner and select the desired region and project. 5. Locate the PTR record you want to modify and click Modify under Operation. The Modify PTR Record dialog box is displayed. 6. Change the domain name, TTL, or description as required. 7. Click OK.

Deleting a PTR Record Delete a PTR record if you no longer need it. After you delete a PTR record, the domain name mapped to your EIP will change to the default domain name.

4. Click in the upper left corner and select the desired region and project. 5. Locate the PTR record you want to delete and click Delete under Operation. 6. Click Yes.

Viewing Details About a PTR Record After a PTR record is created, you can view its details, including the zone ID, TTL, tag, and EIP. 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. On the Dashboard page, click PTR Records under My Resources.

4. Click in the upper left corner and select the desired region and project. 5. In the PTR record list, view the record details.

2021-04-20 76 Domain Name Service User Guide 7 Key Operations Recorded by CTS

7 Key Operations Recorded by CTS

7.1 DNS Operations Recorded by CTS

CTS is interconnected with the DNS service to record operations performed by users in real time. Actions and results of the operations are stored in OBS buckets in the form of traces.

After you enable CTS, whenever a DNS API is called, the operation is recorded in a log file, which is then delivered to a specified OBS bucket for storage.

Table 7-1 and Table 7-2 list the DNS operations that will be recorded by CTS.

NO TE

The DNS service involves resources both at the global and region levels. Table 7-1 lists DNS operations at the global level. Traces of these operations are displayed only in the primary region. Table 7-2 lists DNS operations at the region level. Traces of these operations are displayed in the regions where the operations are performed.

Table 7-1 Global-level DNS operations that can be recorded by CTS

Operation Resource Type Trace Name

Creating a record set for a publicRecordSet createPublicRecordSet public zone

Deleting a record set of a publicRecordSet deletePublicRecordSet public zone

Modifying a record set of publicRecordSet updatePublicRecordSet a public zone

Creating a public zone publicZone createPublicZone

Modifying a public zone publicZone updatePublicZone

Deleting a public zone publicZone deletePublicZone

2021-04-20 77 Domain Name Service User Guide 7 Key Operations Recorded by CTS

Operation Resource Type Trace Name

Adding tags to a public publicZoneTag createPublicZoneTag zone

Deleting tags from a publicZoneTag deletePublicZoneTag public zone

Adding tags to a record publicRecordSet- createPublicRecordSetTag set in a public zone Tag

Deleting tags of a record publicRecordSet- deletePublicRecordSetTag set in a public zone Tag

Adding tags to a private privateZoneTag createPrivateZoneTag zone

Deleting tags from a privateZoneTag deletePrivateZoneTag private zone

Adding tags to a record privateRecordSet- createPrivateRecordSetTag set in a private zone Tag

Deleting tags from a privateRecordSet- deletePrivateRecordSetTag record set in a private Tag zone

Adding tags to a PTR ptrRecordTag createPTRRecordSetTag record

Deleting tags of a PTR ptrRecordTag deletePTRRecordTag record

Table 7-2 Region-level DNS operations that can be recorded by CTS Operation Resource Type Trace Name

Creating a record set in privateRecordSet createPrivateRecordSet a private zone

Deleting a record set in privateRecordSet deletePrivateRecordSet a private zone

Modifying a record set privateRecordSet updatePrivateRecordSet of a private zone

Creating a private zone privateZone createPrivateZone

Modifying a private privateZone updatePrivateZone zone

Deleting a private zone privateZone deletePrivateZone

Associating a VPC with privateZone associateRouter a private zone

2021-04-20 78 Domain Name Service User Guide 7 Key Operations Recorded by CTS

Operation Resource Type Trace Name

Disassociating a VPC privateZone disassociateRouter from a private zone

Configuring a PTR ptrRecord setPTRRecord record

Deleting a PTR record ptrRecord resetPTRRecord

7.2 Viewing Traces

Scenarios

After CTS is enabled, the tracker starts recording operations on cloud resources. You can view operation records of the last 7 days on the CTS console.

This section describes how to query these records.

Procedure 1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project. 3. Click Service List and select Cloud Trace Service under Management & Deployment. 4. In the navigation pane, choose Trace List. 5. Specify the filters used for querying traces. The following filters are available:

Figure 7-1 Filters

– Trace Type, Trace Source, Resource Type, and Search By Select a filter from the drop-down list. If you select Trace name for Search By, specify a trace name. If you select Resource ID for Search By, specify a resource ID. If you select Resource name for Search By, specify a resource name. – Operator: Select a user who performs operations. – Trace Status: Select All trace statuses, Normal, Warning, or Incident. – Time range: Specify the start and end time to view traces generated during a time range of the last seven days. 6. Click on the left of the required trace to expand its details.

2021-04-20 79 Domain Name Service User Guide 7 Key Operations Recorded by CTS

7. Click View Trace. A dialog box is displayed, in which the trace structure details are displayed.

2021-04-20 80 Domain Name Service User Guide 8 Quota Adjustment

8 Quota Adjustment

What Is Quota? Quotas are enforced for service resources on the platform to prevent unforeseen spikes in resource usage. Quotas can limit the number and capacity of resources available to users, for example, the maximum number of zones, PTR records, or record sets that you can create. If the existing resource quota cannot meet your service requirements, you can apply for a higher quota.

How Do I View My Quotas? 1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.

3. In the upper right corner of the page, click . The Service Quota page is displayed. 4. View the used and total quota of each type of resources on the displayed page. If a quota cannot meet service requirements, apply for a higher quota.

How Do I Apply for a Higher Quota? The system does not support online quota adjustment. If you need to adjust a quota, call the hotline or send an email to the customer service mailbox. Customer service personnel will timely process your request for quota adjustment and inform you of the real-time progress by making a call or sending an email. Before dialing the hotline number or sending an email, make sure that the following information has been obtained: ● Domain name, project name, and project ID, which can be obtained by performing the following operations: Log in to the management console using the cloud account, click the username in the upper right corner, select My Credentials from the drop- down list, and obtain the domain name, project name, and project ID on the My Credentials page.

2021-04-20 81 Domain Name Service User Guide 8 Quota Adjustment

● Quota information, which includes: – Service name – Quota type – Required quota Learn how to obtain the service hotline and email address.

2021-04-20 82 Domain Name Service User Guide 9 FAQs

9 FAQs

9.1 DNS Overview

9.1.1 Will I Be Billed for the DNS Service?

Yes.

The DNS service is charged in two parts:

● Zone: charged based on how long the domain name is managed ● Record set: charged based on the domain name resolution counts 9.1.2 How Many Zones, PTR Records, and Record Sets Can I Create?

By default, you can use an account to create up to 50 public zones, 50 private zones, 50 PTR records, and 500 record sets.

If the quotas do not meet your service requirements, contact customer service to request an increased quota. 9.1.3 Does DNS Support Wildcard Entries?

DNS allows you to configure wildcard entries.

A wildcard entry is a record set that uses an asterisk (*) as the name and matches requests for any domain name based on the configuration you set. For more information, see RFC 4592.

DNS supports wildcard entries for the following record set types: A, AAAA, MX, CNAME, TXT, CAA, and SRV. 9.1.4 How Are Zones Queried to Resolve a Domain Name?

When a domain name resolution request is initiated, a matched subdomain is first queried.

2021-04-20 83 Domain Name Service User Guide 9 FAQs

● If a zone is created for the subdomain, the system returns the result based on the zone configuration. ● If a zone is not created for the subdomain, the system queries the domain name in the zone created for the domain name.

For example, suppose you have created one zone named example.com and added an A record set to it, with the Name field set to www, and you have also created another zone named www.example.com but have not added an A record set to this zone.

If a visitor accesses www.example.com, the domain name is first queried in the zone named www.example.com. However, no result will be returned because no record sets have been added to the zone. 9.1.5 Why Was the Email Address Format Changed in the SOA Record? When you add a record set, you can enter an email address to receive error information and problem reports of the domain name. However, based on RFC 2142, we strongly recommend that you use HOSTMASTER@Domain name as the email address.

Because the at sign (@) has a special meaning in the SOA record set, the system replaces it with a period (.) and includes a backslash (\) before the period in the label before the at sign, but emails are still sent to the email address you specify. For more information, see RFC 1035.

For example, if you enter [email protected] when you create the zone, the email address displayed in the SOA record set is test \.hostmaster.example.com. 9.1.6 What Is CAA? Certification Authority Authorization (CAA) is a way to ensure that SSL certificates are issued by authorized certificate authorities (CAs). CAA complies with all RFC 6844 requirements. As of September 8, 2017, all CAs are required to check CAA records before they can issue certificates.

CAA Specifications

Domain name owners can create CAA records to specify authorized CAs that can issue SSL certificates.

For security reasons, only authorized CAs can issue SSL certificates for the domain names used by your website. Setting CAA records enhances security for your website.

CAs will perform a DNS lookup for CAA records when they issue certificates.

● If a CA does not find a CAA record, it can issue a certificate for the domain name. Any other CAs can also issue certificates for this domain name. Insecure certificates may be issued, and messages indicating that your website is insecure when users access your website.

2021-04-20 84 Domain Name Service User Guide 9 FAQs

● If the CA finds a CAA record that authorizes it to issue certificates, it will issue a certificate for the domain name. ● If the CA finds a CAA record but the record does not authorize it to issue certificates, the CA will not be able to issue SSL certificates for the domain name.

CAA Record

A CAA record consists of a flag byte [flag], a property tag, and a property value [tag]-[value]. You can create multiple CAA records for a domain name.

Table 9-1 Configuration of CAA records

Function Example Description

Configure a CAA 0 issue Only the specified CA (ca.example.com) record for one "ca.example.com can issue certificates for a particular domain name. " domain name (domain.com). Requests to issue certificates for the domain name by other CAs will be rejected.

0 issue ";" No CA is allowed to issue certificates for the domain name domain.com.

Configure the CA 0 iodef If a certificate request violates the CAA to report "mailto:admin@ record, the CA will notify the domain violations to the domain.com" name holder of the violation. domain name holder. 0 iodef "http:// Requests to issue certificates by domain.com/ unauthorized CAs will be recorded. log/" 0 iodef "https:// domain.com/ log/"

Authorize a CA to 0 issuewild The specified CA (ca.example.com) can issue wildcard "ca.example.com issue wildcard certificates for the domain certificates. " name.

Configuration 0 issue The example configures a CAA record for example "ca.abc.com" the domain name domain.com. 0 issuewild ● Only CA ca.abc.com can issue "ca.def.com" certificates of all types. 0 iodef ● Only CA ca.def.com can issue "mailto:admin@ wildcard certificates. domain.com" ● Any other CAs are not allowed to issue certificates. ● When a violation occurs, the CA sends a notification to [email protected].

2021-04-20 85 Domain Name Service User Guide 9 FAQs

Checking Whether a CAA Record Has Taken Effect Use Domain Information Groper (dig) to check whether the CAA record has taken effect. dig is a network administration command-line tool for querying the Domain Name System. If your OS does not support dig commands, install the dig tool. Command format: dig [Record set type] [Domain name] +trace. Example command: dig caa www.example.com +trace 9.1.7 Can DNS Point a Domain Name to a Specific Port? DNS cannot point a domain name to an IP address with a specific port (Server IP address:Port number).

9.2 Public Zones

9.2.1 What Can I Do If the System Prompts that the Domain Name Already Exists When I Create a Public Zone? If the system prompts that the domain name has been created by another user when you create a public zone, send an email to [email protected] for identity authentication. After the authentication is approved, the system sends an email to notify you that you can re-create the zone. Provide the following information in the email: ● Involved domain name ● Evidence that proves you have registered the domain name, for example, the proof of purchase or the email notifying that the domain name is valid for you

9.3 Private Zones

9.3.1 How Can I Configure a PTR Record to Map the IP Address of an ECS to a Domain Name? PTR records enable users to query domain names based on IP addresses. To map the private IP address of an ECS to a domain name, you must create a private zone and create a PTR record in the zone. To map the EIP of the ECS to a domain name, refer to Creating a PTR Record.

2021-04-20 86 Domain Name Service User Guide 9 FAQs

NO TE

The domain name in a PTR record must be in the x.x.x.x.in-addr.arpa format. in-addr.arpa is the domain name suffix used for reverse resolution. For example, if the private IP address is 192.168.1.10, the domain name in the PTR record must be 10.1.168.192.in-addr.arpa. In this case, you must create a private zone named 192.in-addr.arpa and add a PTR record with its value set to 10.1.168.192.in-addr.arpa.

Creating a Private Zone 1. Log in to the management console. 2. In the service list, choose Network > Domain Name Service. The DNS console is displayed. 3. In the navigation pane, choose Private Zones. The Private Zones page is displayed.

4. Click in the upper left corner and select the desired region and project. 5. Click Create Private Zone.

Figure 9-1 Create Private Zone

6. Set the parameters based on Table 9-2.

2021-04-20 87 Domain Name Service User Guide 9 FAQs

Table 9-2 Parameters for creating a private zone Paramete Description Example Value r

Name Domain name 192.in- Set the domain name suffix to in-addr.arpa. addr.arpa

VPC VPC to be associated with the private zone N/A Select the VPC you want to associate with the private zone.

Email (Optional) Email address of the HOSTMASTER administrator managing the private zone @example.com It is recommended that you set the email address to HOSTMASTER@Domain name. For more information about the email address, see Why Was the Email Address Format Changed in the SOA Record?

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. You can example_value add a maximum of 20 tags to a zone. 1 For details about tag key and value requirements, see Table 9-3.

Descriptio (Optional) This is a private n Supplementary information about the zone zone. You can enter a maximum of 255 characters.

Table 9-3 Tag key and value requirements Paramete Requirements Example r Value

Key ● Cannot be left blank. example_key1 ● Must be unique for each resource. ● Can contain a maximum of 36 characters.

Value ● Cannot be left blank. example_value ● Can contain a maximum of 43 characters. 1

7. Click OK. 8. Switch back to the Private Zones page. View the created private zone.

2021-04-20 88 Domain Name Service User Guide 9 FAQs

NO TE

Adding a PTR Record 1. On the Private Zones page, click the name of the private zone that you have created. The Record Sets page is displayed. 2. Click Add Record Set. The Add Record Set dialog box is displayed.

Figure 9-2 Add Record Set

3. Set the parameters based on Table 9-4.

2021-04-20 89 Domain Name Service User Guide 9 FAQs

Table 9-4 Parameters for adding a PTR record Param Description Example Value eter

Name IP address in the PTR record (typed in 10.1.168 reverse order) For example, if the IP address is 192.168.1.10, the domain name in the PTR record is 10.1.168.192.in- addr.arpa. ● If the private zone name is 192.in- addr.arpa, enter 10.1.168 in the box. ● If the private zone name is 1.168.192.in- addr.arpa, enter 10 in the box.

Type Type of the record set PTR – Map IP addresses to domains

TTL (s) Cache duration of the record set, in The default value is seconds 300, which is, 5 minutes.

Value Domain name mapped to the IP mail.example.com address You can enter only one name.

Tags (Optional) Identifier of a resource example_key1 Each tag contains a key and a value. example_value1 You can add a maximum of 20 tags to a record set. For details about tag key and value requirements, see Table 9-3.

Descrip (Optional) Supplementary information The PTR record is for tion about the PTR record reverse resolution.

4. Click OK. 5. Switch back to the Record Sets page. View the added record set in the record set list of the zone and ensure that the status of the record set is Normal.

2021-04-20 90 Domain Name Service User Guide A Change History

A Change History

Release What's New Date

2021-04-20 This issue incorporates the following changes: Optimized the second item of "Prerequisites" in Creating a Private Zone.

2021-02-05 This issue incorporates the following changes: ● Updated the screenshots. ● Supported a maximum of 20 tags for each public zone, private zone, PTR record, and record set.

2019-04-05 This issue incorporates the following changes: Accepted in OTC 4.0.

2019-03-15 This issue incorporates the following changes: Modified the following section: Added the description for global- and region-level resources in User Permissions.

2019-01-30 This issue incorporates the following changes: ● Added the description that record sets can be sorted by domain name and type in Managing Record Sets. ● Added the EIP description in the following sections: – Configuring a PTR Record – Creating a PTR Record

2018-08-30 This issue incorporates the following changes: Updated the screenshots.

2018-07-30 This issue incorporates the following changes: Updated the screenshots.

2021-04-20 91 Domain Name Service User Guide A Change History

Release What's New Date

2018-06-30 This issue incorporates the following changes: ● Accepted in OTC 3.1. ● Deleted descriptions of resource tags.

2018-06-15 This issue incorporates the following changes: ● Updated the screenshots. ● Changed the tag character set range.

2018-05-04 This issue incorporates the following changes: Added lists of key operations that can be recorded by CTS and how to check CTS traces in Key Operations Recorded by CTS. Modified the description of parameter Type for adding a record set in the following sections: ● Routing Internet Traffic to a Website ● Configuring a Private Zone ● Creating a Public Zone ● Creating a Private Zone ● Managing Record Sets ● Creating a Wildcard DNS Record Set

2018-03-30 This issue incorporates the following changes: Supported tags for zones and record sets, covering the following sections: ● Getting Started ● Public Zone Added CAA record sets in the following sections: ● Record Set ● Managing Record Sets

2018-02-12 This issue incorporates the following changes: Modified the process to disassociate VPCs in Creating a Private Zone.

2018-01-31 This issue incorporates the following changes: Added description about SOA record sets in Record Set.

2018-01-10 This issue incorporates the following changes: Modified the description of parameter Type for adding a record set in the following sections: ● Routing Internet Traffic to a Website ● Configuring a PTR Record ● Creating a Public Zone ● Managing PTR Records

2021-04-20 92 Domain Name Service User Guide A Change History

Release What's New Date

2017-12-30 This issue incorporates the following changes: Added PTR record description in Managing Record Sets.

2017-11-30 This issue incorporates the following changes: Added an FAQ How Can I Configure a PTR Record to Map the IP Address of an ECS to a Domain Name?

2017-10-30 This issue incorporates the following changes: ● Supported public zone modification in Creating a Public Zone. ● Supported private zone modification in Creating a Private Zone. ● Supported PTR records in private zones in Managing Record Sets.

2017-09-30 This issue incorporates the following changes: ● Supported record set modification in both public and private zones in Managing Record Sets. ● Supported PTR record modification in Managing PTR Records. ● Added SRV record sets in Record Set and Managing Record Sets.

2017-08-30 This issue incorporates the following changes: ● Allowed switching of the region and project in the upper left corner of the console. ● Updated the description based on the latest UI.

2017-07-31 This issue incorporates the following changes: Supported the multi-project feature.

2017-04-28 This issue incorporates the following changes: Supported private zones.

2017-02-28 This issue incorporates the following changes: ● Added wildcard DNS records. ● Supported DKIM.

2016-01-20 This issue incorporates the following changes: Added an FAQ Why Was the Email Address Format Changed in the SOA Record?

2016-11-30 This issue incorporates the following changes: Supported PTR records.

2016-10-19 This issue is the first official release.

2021-04-20 93 Domain Name Service User Guide B Glossary

B Glossary

For details about the glossaries in this document, see Glossary.

2021-04-20 94