Updated on 2025-08-20 GMT+08:00

DNS Best Practices

This section describes the common application scenarios of DNS and provides detailed solution description and operation guide for each scenario. You can use DNS and other services on Huawei Cloud to develop solutions for different scenarios.

Best Practices for Public Domain Name Resolution

Scenario

Example

Cloud Services

Description

DNS settings migration

Migrating DNS Settings to Huawei Cloud DNS

DNS

Another DNS service provider is used for domain name resolution, and you want to migrate your domain name and their DNS settings to Huawei Cloud DNS for faster and more reliable domain name resolution and easier management.

Transferring Record Sets Between Accounts

  • DNS
  • Domains

You can transfer your domain name and its DNS settings or just the DNS settings from one Huawei Cloud account to another Huawei Cloud account.

Ensuring Normal Resolution After Domain Name Transfer to Huawei Cloud

  • DNS
  • Domains

Some domain name registrars (such as GoDaddy) will delete all data about your domain name if you transfer it to Huawei Cloud DNS. To prevent domain name resolution from being affected, you can first transfer all record sets for the domain name to Huawei Cloud DNS and wait the record sets become active before you transfer the domain name.

Intelligent DNS resolution

Configuring ISP Routing and Geolocation Routing

DNS

Cloud applications usually use multiple IP addresses from different carriers. Traditional DNS resolution randomly returns an IP address to visitors regardless of their carriers or regions. This will lead to poor connectivity to applications. You can configure intelligent resolution to return a proper IP address for faster access to applications.

Configuring ISP Lines

DNS

You can configure ISP lines for visitors from different carriers. The DNS server returns different IP addresses to visitors based on their carrier networks.

Configuring Region Lines

DNS

You can configure region lines for visitors at different locations. The DNS server returns different IP addresses to visitors based on their locations.

Configuring Custom Lines

DNS

Usually, a DNS server returns the same IP address to all visitors, irrespective of where they come from. With custom lines, the DNS server returns a specific IP address based on the IP addresses of visitors.

Configuring Weighted Routing

DNS

When your website has multiple servers and each server has an independent IP address, you can consider weighted routing to distribute requests to different servers proportionally.

Speeding Up Cross-Border Access to Web Servers

  • DNS
  • Global Accelerator

If you deploy web servers in the Chinese mainland, end users outside the Chinese mainland may face problems such as high latency, packet loss, and jitter, due to unstable cross-border networks. You need to address these issues for faster access from areas outside the Chinese mainland.

Speeding Up Cross-Border Access

  • DNS
  • Global Accelerator
  • CDN

You use a global accelerator to accelerate cross-border access to your website. To save costs, you also use CDN to accelerate static content and then use Global Accelerator to speed up dynamic requests to your web server.

Speeding Up Cross-Border Access to Third-Party On-Premises Servers

  • DNS
  • Global Accelerator

You have a web server deployed in an on-premises data center in the Chinese mainland. End users can access your website over the public network. Due to unstable cross-border networks, end users outside the Chinese mainland may face problems such as high latency, packet loss, and jitter. You need to address these issues for faster access from areas outside the Chinese mainland.

Accelerating Communications Between Cloud and On-Premises Servers and Implementing Multi-active DR

  • DNS
  • Global Accelerator

You have a web server deployed in your on-premises data center in the Chinese mainland and you want to run your workloads in one or more regions for multi-active DR.

Security

Setting CAA Records to Prevent CAs from Issuing Unauthorized HTTPS Certificate

  • DNS
  • Domains

Certification Authority Authorization (CAA) ensures that HTTPS certificates are issued by authorized certificate authorities (CAs). CAA complies with all IETF RFC 6844 requirements.

If a CA is blacklisted, the browser will no longer trust the HTTPS certificates issued by this CA. If you try to access websites that have those certificates, the browser will prompt that the websites are not secure.

Using Huawei Cloud DNS, you can configure CAA record sets for your public domain names on the DNS console.

Augmented stability and reliability

Configuring the NSCD Service to Accelerate Performance and Improve DNS Availability

DNS

NSCD is a system service that caches name service requests. It caches information from passwd, group, hosts, services, and netgroup databases. NSCD improves the cache hit rate and service performance by reducing the number of lookups to name services. Also, it costs a little traffic.

Using Serving Stale Data to Improve DNS Resilience

DNS

Serving stale data is a method described in RFC 8767 to improve the reliability of DNS resolution.

When the domain name cache on the local DNS server expires and the local DNS server cannot update the local cache due to a fault of the authoritative DNS server, the local DNS server can use the expired cache to respond to the requests. In this way, the client can still obtain responses.

Best Practices for Private Domain Name Resolution

Scenario

Example

Cloud Services

Description

Active/standby switchover

Configuring Private Domain Names for ECSs for Smooth ECS Switchover

  • DNS
  • ECS
  • RDS
  • VPC

If the ECS running your website becomes faulty and you need to use the backup ECS, you have to change the private IP address in the code for the faulty ECS. Your services will be interrupted, and you need to launch your website again.

Here is the solution: Configure private domain names for the ECSs and include the private domain names in the code. If one ECS is malfunctioning, you only need to change the DNS record sets to direct traffic to a normal ECS. Your services will not be interrupted, and you do not need to launch the website again.

Database migration

Migrating an Enterprise Service Database to the Cloud

  • DNS
  • ECS
  • RDS
  • VPC

Private domain names are isolated using VPCs to ensure that services in different VPCs do not affect each other. On Huawei Cloud DNS, you create a private domain name that is the same as that of the on-premises service database and add a CNAME record to map it to the private domain name allocated by RDS.

Resolver

Using DNS Resolver to Enable Communication Between On-premises Servers and the Cloud

  • DNS
  • ECS
  • VPC

For security purposes of data management and information, data is stored both on-premises and cloud. Instead, a hybrid networking that spans Huawei Cloud and on-premises data centers is used.

This hybrid networking safeguards your sensitive data and allows for flexible deployment and cost control.

Resolver

Using DNS Resolver to Access a Specific Domain Name Across Regions

  • DNS
  • ECS
  • EIP
  • NAT Gateway
  • VPC

The outbound and inbound endpoints of Huawei Cloud DNS resolvers work with Cloud Connect to allow access to specific domain names across regions.

Resolver

Using DNS Resolver and Linux Bind to Resolve Domain Names Across Accounts

  • DNS
  • ECS
  • VPC

Use DNS Resolver to resolve DNS queries between the local DNS and Huawei Cloud without setting up another DNS server in Huawei Cloud. This enables seamless communication between local networks and Huawei Cloud resources, facilitates hybrid deployment, and reduces management costs.

DNS resolution for a hybrid cloud

Using AD-Integrated DNS for DNS Resolution in a Hybrid Cloud

  • DNS
  • ECS
  • VPC

Enable a conditional forwarder for the DNS server deployed in AD-integrated DNS in Windows. The conditional forwarder forwards DNS queries for domain names of Huawei Cloud services from the on-premises DNS server or the self-built DNS server on the cloud to Huawei Cloud integrated DNS server for further resolution and response.

DNS resolution of a hybrid cloud

Using Linux BIND for DNS Resolution in a Hybrid Cloud

  • DNS
  • ECS
  • VPC

Configure conditional forwarders for DNS servers deployed using Linux BIND to forward DNS queries received by Huawei Cloud service endpoints to Huawei integrated DNS for further resolution and response.