DNS Best Practices
This section describes the common application scenarios of DNS and provides detailed solution description and operation guide for each scenario. You can use DNS and other services on Huawei Cloud to develop solutions for different scenarios.
Best Practices for Public Domain Name Resolution
|
Scenario |
Example |
Cloud Services |
Description |
|---|---|---|---|
|
DNS settings migration |
DNS |
Another DNS service provider is used for domain name resolution, and you want to migrate your domain name and their DNS settings to Huawei Cloud DNS for faster and more reliable domain name resolution and easier management. |
|
|
You can transfer your domain name and its DNS settings or just the DNS settings from one Huawei Cloud account to another Huawei Cloud account. |
||
|
Ensuring Normal Resolution After Domain Name Transfer to Huawei Cloud |
|
Some domain name registrars (such as GoDaddy) will delete all data about your domain name if you transfer it to Huawei Cloud DNS. To prevent domain name resolution from being affected, you can first transfer all record sets for the domain name to Huawei Cloud DNS and wait the record sets become active before you transfer the domain name. |
|
|
Intelligent DNS resolution |
DNS |
Cloud applications usually use multiple IP addresses from different carriers. Traditional DNS resolution randomly returns an IP address to visitors regardless of their carriers or regions. This will lead to poor connectivity to applications. You can configure intelligent resolution to return a proper IP address for faster access to applications. |
|
|
DNS |
You can configure ISP lines for visitors from different carriers. The DNS server returns different IP addresses to visitors based on their carrier networks. |
||
|
DNS |
You can configure region lines for visitors at different locations. The DNS server returns different IP addresses to visitors based on their locations. |
||
|
DNS |
Usually, a DNS server returns the same IP address to all visitors, irrespective of where they come from. With custom lines, the DNS server returns a specific IP address based on the IP addresses of visitors. |
||
|
DNS |
When your website has multiple servers and each server has an independent IP address, you can consider weighted routing to distribute requests to different servers proportionally. |
||
|
If you deploy web servers in the Chinese mainland, end users outside the Chinese mainland may face problems such as high latency, packet loss, and jitter, due to unstable cross-border networks. You need to address these issues for faster access from areas outside the Chinese mainland. |
||
|
You use a global accelerator to accelerate cross-border access to your website. To save costs, you also use CDN to accelerate static content and then use Global Accelerator to speed up dynamic requests to your web server. |
||
|
Speeding Up Cross-Border Access to Third-Party On-Premises Servers |
|
You have a web server deployed in an on-premises data center in the Chinese mainland. End users can access your website over the public network. Due to unstable cross-border networks, end users outside the Chinese mainland may face problems such as high latency, packet loss, and jitter. You need to address these issues for faster access from areas outside the Chinese mainland. |
|
|
Accelerating Communications Between Cloud and On-Premises Servers and Implementing Multi-active DR |
|
You have a web server deployed in your on-premises data center in the Chinese mainland and you want to run your workloads in one or more regions for multi-active DR. |
|
|
Security |
Setting CAA Records to Prevent CAs from Issuing Unauthorized HTTPS Certificate |
|
Certification Authority Authorization (CAA) ensures that HTTPS certificates are issued by authorized certificate authorities (CAs). CAA complies with all IETF RFC 6844 requirements. If a CA is blacklisted, the browser will no longer trust the HTTPS certificates issued by this CA. If you try to access websites that have those certificates, the browser will prompt that the websites are not secure. Using Huawei Cloud DNS, you can configure CAA record sets for your public domain names on the DNS console. |
|
Augmented stability and reliability |
Configuring the NSCD Service to Accelerate Performance and Improve DNS Availability |
DNS |
NSCD is a system service that caches name service requests. It caches information from passwd, group, hosts, services, and netgroup databases. NSCD improves the cache hit rate and service performance by reducing the number of lookups to name services. Also, it costs a little traffic. |
|
DNS |
Serving stale data is a method described in RFC 8767 to improve the reliability of DNS resolution. When the domain name cache on the local DNS server expires and the local DNS server cannot update the local cache due to a fault of the authoritative DNS server, the local DNS server can use the expired cache to respond to the requests. In this way, the client can still obtain responses. |
Best Practices for Private Domain Name Resolution
|
Scenario |
Example |
Cloud Services |
Description |
|---|---|---|---|
|
Active/standby switchover |
Configuring Private Domain Names for ECSs for Smooth ECS Switchover |
|
If the ECS running your website becomes faulty and you need to use the backup ECS, you have to change the private IP address in the code for the faulty ECS. Your services will be interrupted, and you need to launch your website again. Here is the solution: Configure private domain names for the ECSs and include the private domain names in the code. If one ECS is malfunctioning, you only need to change the DNS record sets to direct traffic to a normal ECS. Your services will not be interrupted, and you do not need to launch the website again. |
|
Database migration |
|
Private domain names are isolated using VPCs to ensure that services in different VPCs do not affect each other. On Huawei Cloud DNS, you create a private domain name that is the same as that of the on-premises service database and add a CNAME record to map it to the private domain name allocated by RDS. |
|
|
Resolver |
Using DNS Resolver to Enable Communication Between On-premises Servers and the Cloud |
|
For security purposes of data management and information, data is stored both on-premises and cloud. Instead, a hybrid networking that spans Huawei Cloud and on-premises data centers is used. This hybrid networking safeguards your sensitive data and allows for flexible deployment and cost control. |
|
Resolver |
Using DNS Resolver to Access a Specific Domain Name Across Regions |
|
The outbound and inbound endpoints of Huawei Cloud DNS resolvers work with Cloud Connect to allow access to specific domain names across regions. |
|
Resolver |
Using DNS Resolver and Linux Bind to Resolve Domain Names Across Accounts |
|
Use DNS Resolver to resolve DNS queries between the local DNS and Huawei Cloud without setting up another DNS server in Huawei Cloud. This enables seamless communication between local networks and Huawei Cloud resources, facilitates hybrid deployment, and reduces management costs. |
|
DNS resolution for a hybrid cloud |
Using AD-Integrated DNS for DNS Resolution in a Hybrid Cloud |
|
Enable a conditional forwarder for the DNS server deployed in AD-integrated DNS in Windows. The conditional forwarder forwards DNS queries for domain names of Huawei Cloud services from the on-premises DNS server or the self-built DNS server on the cloud to Huawei Cloud integrated DNS server for further resolution and response. |
|
DNS resolution of a hybrid cloud |
|
Configure conditional forwarders for DNS servers deployed using Linux BIND to forward DNS queries received by Huawei Cloud service endpoints to Huawei integrated DNS for further resolution and response. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
