Function Overview

Domain Name Service (DNS) is a highly available and scalable authoritative DNS service that translates domain names like www.example.com into IP addresses like 192.1.2.3, reliably directing end users to your applications.

DNS provides domain resolution for various scenarios, including resolution for public domain names, resolution for private domain names, reverse resolution, and intelligent resolution.

DNS allows you to host domain names that are registered with domain name registrars and route traffic on the Internet.

DNS provides resolution for domain names that are used within VPCs. By hosting private domain names, your ECSs can communicate with each other without connecting to the Internet. You can also directly access cloud services, such as OBS and SMN, through the private DNS server.

Reverse resolution involves obtaining a domain name based on an IP address and is typically used to improve credibility of email servers.

After a recipient server receives an email, it checks whether the IP address and domain name of the sender server are trustworthy and determines whether the email is spam. If the recipient server fails to obtain the domain name mapped to the sender's IP address, it considers that the email is sent by a malicious host and rejects it. Therefore, it is necessary to map IP addresses of your email servers to domain names by adding PTR records.

You can deploy an ECS as an email server and add a PTR record to map the EIP bound to the ECS to the domain name used by the email server.

Usually, a DNS server returns the same resolution result to visitors from different networks or geographic locations. However, in cross-network or cross-region access, this would lead to high latency and poor user experience. DNS provides intelligent resolution to meet requirements of various scenarios.

• Traffic routing by carrier or geographic location

     You can configure ISP lines or region lines when you add record sets. The DNS server returns different IP addresses to visitors based on their carrier networks or locations.

• Traffic routing based on weights

     When your site has multiple servers and each server has an independent IP address, you can use weighted routing to distribute a certain proportion of requests to different servers.

A public zone provides information to translate domain names into IP addresses required for network connection.

DNS enables you to create, modify, delete, enable, disable, or view public zones.

DNS Security Extensions (DNSSEC) provides digital signatures to ensure data integrity and authenticity of DNS requests and responses and to defend against common attacks such as DNS spoofing. This prevents you from being redirected to unexpected addresses and protects your core services.

A private zone provides information to map private domain names used within VPCs to private IP addresses.

You can create any domain names without registering them.
Private zones are valid only in VPCs, and one private zone can have multiple VPCs associated.

A resolver answers DNS queries to and from your on-premises data center after your data center is connected to the cloud over Direct Connect or VPN.

Generally, on-premises data centers can access cloud resources over a Direct Connect or VPN connection. However, for security purposes, on-premises servers are not allowed to access the DNS service on the cloud directly. If your on-premises servers need to access private domain names used within VPCs, or your cloud servers use Huawei Cloud private DNS to access an on-premises domain name, you need to set up DNS on your cloud servers for forwarding DNS queries between the cloud DNS and on-premises DNS. This increases management and maintenance costs and causes reliability risks.

With Huawei Cloud DNS resolvers, on-premises servers and cloud servers can easily communicate with each other in hybrid cloud scenarios.

A record set is a collection of resource records that belong to the same domain name. It defines how you want to route traffic for the domain or a subdomain.

You can add the following types of record sets: A, CNAME, MX, AAAA, TXT, SRV, NS, and CAA.

You can also modify, delete, view, enable, and disable record sets.

TTL, short for time-to-live, specifies the cache duration of records on a local DNS server.

When the local DNS server receives a domain name request, it asks the authoritative DNS server of the domain name for the required resource record, and then caches the record for a period of time. During this period, if the local DNS server receives requests for this domain name again, it does not request the record from the authoritative DNS server, but directly returns a result from the record in its cache.

DNS enables you to centrally manage record sets in public and private zones. You can perform the following operations:

• Search for record sets by status, type, name, value, ID, or tag.
• Modify, delete, disable, and enable record sets in public zones.
• Modify and delete record sets in private zones.

You can import and export all record sets of a domain name when you want to migrate the domain name from or to Huawei Cloud.

You can import a maximum of 500 record sets at a time.

Tags are used to identify cloud resources. When you have many cloud resources of the same type, you can use tags to classify cloud resources.

You can add up to 20 tags to a cloud resource.

Quotas are enforced for service resources on the platform to prevent unforeseen spikes in resource usage. Quotas can limit the number and capacity of resources available to users, for example, the maximum number of zones, PTR records, or record sets that users can create.

Cloud Trace Service (CTS) records the operations on cloud resources in your account. You can use the records to perform security analysis, track resource changes, audit compliance, and locate faults.
CTS automatically records the operations after you enable it. You can view the records of the last 7 days on the console.

DNS logs the requests sent to resolvers, such as the time when a request was sent, client IP address, request path, and server response.

DNS provides RESTful APIs.
By calling these APIs, you can perform all DNS functions, such as creating, querying, modifying, and deleting public zones, private zones, and records sets.