- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Public Zones
- Private Zones
- Record Sets
- PTR Records
- Intelligent Resolution
- Permissions Management
- Using CTS to Collect DNS Key Operations
- Quota Adjustment
- Change History
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs
- Examples
- Permissions Policies and Supported Actions
- Appendix
- Best Practices
-
FAQs
-
DNS Overview
- Will I Be Billed for the DNS Service?
- How Many Zones, PTR Records, and Record Sets Can I Create?
- What Are Huawei Cloud DNS Servers?
- What Are Huawei Cloud Private DNS Server Addresses?
- What Are the Differences Between Public and Private Domain Names?
- Does DNS Support IPv6?
- Does DNS Support Explicit and Implicit URLs?
- Does DNS Support Dynamic Domain Name Resolution?
- Does DNS Support Wildcard Entries?
- What Is TTL?
- How Many Domain Name Levels Does DNS Support?
- How Are Zones Queried to Resolve a Domain Name?
- What Are the Priorities of Resolution Lines?
- Why Was the Email Address Format Changed in the SOA Record?
- What Is CAA?
- Why Should I Set Priority For an MX Record Set?
- Can DNS Point a Domain Name to a Specific Port?
- Invalid Domain Resolution
- Website Access Failures
-
Public Zones
- Why Is a Message Indicating Conflict with an Existing Record Set Displayed When I Add a Record Set?
- How Do I Add Record Sets to Subdomains?
- Which IP Address Is Returned for the Domain Name If There Are Multiple IP Addresses in a Record Set?
- Can I Modify a Zone?
- Can DNS Translate a Domain Name to IP Addresses of On-premises Servers or Third-Party Servers?
- How Can Multiple Domain Names Be Linked to the Same Website?
- How Do I View and Change the DNS Servers of a Domain Name?
-
Private Zones
- Why Is a Message Indicating Conflict with an Existing Record Set Displayed When I Add a Record Set?
- How Do I Change Default DNS Servers of an ECS to Huawei Cloud Private DNS Servers?
- How Can I Access an ECS Using Its Host Name?
- How Can I Map the Private IP Address of an ECS to a Domain Name?
- How Can I Use a Private Domain Name to Route Internet Traffic?
- Can I Use Private Domain Names Across Regions?
- Do I Need to Register Private Domain Names?
- Will a Deleted VPC Be Automatically Disassociated from the Private Zone?
- Are Private DNS Server Addresses the Same for All Users?
- What Are the Restrictions on Concurrent Private DNS Requests?
- Reverse Resolution
- Domain Transfer
-
DNS Overview
Authentication
- AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication.
- Token authentication: Requests are authenticated using tokens.
AK/SK Authentication
AK/SK authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token authentication is recommended.
In AK/SK authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.
- AK: access key ID, which is a unique identifier used in conjunction with a secret access key to sign requests cryptographically.
- SK: secret access key, which is used in conjunction with an AK to sign requests cryptographically. It identifies a request sender and prevents the request from being modified.
In AK/SK authentication, you can use an AK/SK to sign requests based on the signature algorithm or using the signing SDK. For details about how to sign requests and use the signing SDK, see API Request Signing Guide.
The signing SDK is only used for signing requests and is different from the SDKs provided by services.
Token Authentication
The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.
A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to requests to get permissions for calling the API. You can obtain a token by calling the Obtaining User Token API.
IMS is a project-level service. When you call the API, set auth.scope in the request body to project.
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", // IAM user name "password": $ADMIN_PASS, //IAM user password. You are advised to store it in ciphertext in the configuration file or an environment variable and decrypt it when needed to ensure security. "domain": { "name": "domainname" // Name of the account to which the IAM user belongs } } } }, "scope": { "project": { "name": "xxxxxxxx" // Project name } } } }
After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:
1 2 3 |
POST https://iam.myhuaweicloud.eu/v3/auth/projects Content-Type: application/json X-Auth-Token: ABCDEFJ.... |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.