Overview

Alibaba Cloud DNS PrivateZone is an easy-to-use DNS resolution service in corporate intranets. It can resolve internal and external domain names in corporate intranets, such as Alibaba Cloud VPCs and on-premises data centers. It allows you to define private authoritative domain names in corporate intranets, retain caches, clear caches, forward DNS requests, send recursive queries to the Internet, define DNS service IP addresses in VPC, and analyze traffic for DNS requests. This ensures faster and safer internal DNS resolution.

Device-Cloud Integration

Meet the DNS resolution requirements in the fully integrated scenario of devices, IDCs and cloud platforms, and achieve all products coverage for end-to-end DNS resolution path.

High Availability

The deployment of the resolution components uses a fully heterogeneous architecture, providing up to 99.99% and 99.9% level agreement (SLA) commitments in the central regions and local regions, respectively.

Visualization

Resource Records configuration supports graphical orchestration, providing a one-click batch configuration experience for all record types simultaneously. At the same time, it provides DNS resolution logs to analyze end-to-end DNS resolution path and behavior.

Features

Built-In Authoritative Module, Cache Module, Forward Module, Recursion Module, Service Address and Traffic Analysis Module

Built-In Authoritative Module

Define private authoritative zones within your internal networks (such as VPCs). Built-in authoritative zones are classified into regular zones and acceleration zones. For regular zones, the DNS requests from clients are not directly routed to the Built-In Authoritative Module. The DNS requests are firstly routed to the Cache Module and then routed to the regular zone Module if the cache is missed. Resource Records updates take effect with the TTL limit. For acceleration zones, the DNS requests from clients are directly responded to with the lowest latency. Resource Records real-time updates take effect with no TTL limit. Acceleration zones are an upgraded version of regular zones, and newly added features include DNS resolution based on weights and user-defined lines. VPC Security Isolation Private domain names can only be resolved in VPCs associated. Unified DNS Management across Multiple Alibaba Cloud Accounts Associate DNS Setting Data with VPCs of multiple Alibaba Cloud accounts and perform centralized DNS management in the same corporate intranet. User-Defined Authoritative Zones Define private authoritative zones, and support hosting zones and sub-zones. Intelligent DNS Resolution Support private intelligent DNS resolution based on request lines or weights in corporate intranets. User-Defined Request Lines Support defining inner request lines based on IP addresses and then define private DNS resource records for those lines. Synchronization for ECS Hostnames Support synchronization for ECS hostnames in presetting regions, and support manual synchronization and automatic synchronization (once every minute). Recursive Resolution Proxy for Subdomain Names Queries for non-existent sub domain names under the private zones are routed to the Forward Module and Recursive Module, which can achieve separation of private and public DNS resolutions. IP Reverse Resolution Support IP reverse resolution for translating IP addresses to domain names. Secondary DNS Support synchronizing built-in authoritative zone data from on-premises IDCs with AXFR or IXFR zone transfer protocols.

Cache Module

The results of DNS resolution response in corporate intranets are temporarily stored in the Cache Module if it is from the Built-In Authoritative Module for Regular Zones, Forward Module, or Recursion Module. It can accelerate the DNS resolution for the same domain names. We recommend enabling the cache retention feature for hotspots and important domain names to permanently store the DNS resolution results in the caches. This can accelerate the DNS resolution speed in intranet networks, and prevent DNS resolution failures for public domain names in intranet networks when DNS resolution services are down, which are provided by other authoritative DNS vendors. Cache Retention for 100% Cache Hit It supports enabling the cache retention feature for hotspots and important domain names to permanently store the DNS resolution results in the caches. This can accelerate the DNS resolution speed in intranet networks, and prevent DNS resolution failures for public domain name in intranet networks when DNS resolution services are down which are provided by other authoritative DNS vendors. Clear Cache In an emergency, clear DNS cache results from the Cache Module rapidly without TTL limitation.

Forward Module

You can create forward zone rules and outbound endpoints, which can forward DNS requests for the zone in VPCs to the external DNS. This is suitable for DNS resolution in hybrid cloud scenarios and DNS resolution between cloud and on-premises scenarios. Outbound Endpoints These are DNS forwarders in VPC networks, which can forward DNS requests for the zone in VPCs to the external DNS, to meet Cloud ECS or Containers' DNS resolution requirements to private domain names hosted in on-premises IDC DNS. User-Defined Forward Zones Support defining forward rules based on zones, and only permit DNS forward queries for those zones.

Recursion Module

If the query domain name is NOT hit in the Built-In Authoritative Module, Cache Module, and Forward Module, it will be routed to the Recursion Module to get responses from the Internet and then notify the Cache Module to update cached results. Recursive Resolution We provide the Recursion Module for free by default. It can serve all ECS instances, containers, and other clients hosted in Alibaba Cloud VPCs or your IDC intranet network. For the Recursion Module, we can't guarantee to give you a Service Level Agreement (SLA) but provide best-effort service because of external network instability.

Service Address

The Name Server addresses of the Private DNS resolution service, which can be configured as the DNS service address of terminals in the cloud (ECS or container), or can be used for terminals out of the cloud (external hosts or external DNS) to access the in-cloud DNS. Inbound Endpoints If you want to use your own planned private IP address in the VPC to provide Private DNS resolution services, you can customize Private DNS resolution IP addresses within a VPC by creating an Inbound Endpoint.

Traffic Analysis Module

We provide end-to-end, full-resolution path and visualized DNS traffic analysis service to profile entire processes, including receiving DNS requests, processing DNS resolution, and returning resolution results. We provide graphical charts for various statistical metrics to help users to view and make decisions to optimize their business. Traffic Analysis We provide data analysis in various dimensions (such as resolution delay, resolution volume, cache hit rate, hot domain names, and hot request sources), which can offer data references for business optimization. DNSLog Transferred to SLS Logstore DNSLog can be transferred to SLS Logstore. You must firstly open the traffic analysis service to gather DNS resolution logs to use this function.