Edge Acceleration
  • Site Acceleration
    • Overview
    • Quickly Import and Export Site Configuration
    • Access Control
      • Token Authentication
    • Smart Acceleration
    • File Optimization
      • Smart Compression
    • Network Optimization
      • HTTP/2
      • HTTP/3(QUIC)
        • Overview
        • Enable HTTP/3
        • QUIC SDK
          • SDK Overview
          • SDK Download and Integration
          • Sample Code
            • Android
            • iOS
          • API Documentation
            • Android
            • iOS
      • IPv6 Access
      • Maximum Upload Size
      • WebSocket
      • Client IP Geolocation Header
      • Client IP Geographical Location
      • gRPC
    • URL Rewrite
      • Access URL Redirection
      • Origin-Pull URL Rewrite
    • Modifying Header
      • Modifying HTTP Response Headers
      • Modifying HTTP Request Headers
    • Custom Error Page
    • Request and Response Actions
      • Processing order
      • Default HTTP Headers of Origin-Pull Requests
      • Default HTTP Response Headers
    • Media Services
      • Audio and Video Pre-pulling
      • Just-in-Time Image Processing
      • Just-in-Time Media Processing
      • VOD Media Origin
  • L4 Proxy
    • Overview
    • Creating an L4 Proxy Instance
    • Modifying an L4 Proxy Instance
    • Disabling or Deleting an L4 Proxy Instance
    • Batch Configuring Forwarding Rules
    • Obtaining Real Client IPs
      • Obtaining Real TCP Client IPs via TOA
      • Obtaining Real Client IPs Through Protocol V1/V2
        • Overview
        • Method 1: Obtaining Real Client IPs Through Nginx
        • Method 2: Parsing Real Client IPs on Application Server
        • Format of Real Client IPs Obtained Through Proxy Protocol V1/V2
      • Transmitting Client Real IP via SPP Protocol
  • Edge DNS
    • Hosting DNS Records
      • Modifying DNS Servers
      • Configuring DNS Records
      • Advanced DNS Configuration
    • Domain Connection
      • Adding A Domain Name for Acceleration
      • Ownership Verification
      • Modifying CNAME Records
    • Domain alias
      • Overview
      • Configuration Guide
      • Batch Connecting SaaS Domain Names
      • Configuring Alias Domain Names for Disaster Recovery
    • Traffic Scheduling
      • Traffic Scheduling Management
    • Origin Configuration
      • Origin-pull configuration
        • Configuring Origin-Pull HTTPS
        • Host Header Rewrite
        • Controlling Origin-pull Requests
        • Redirect Following During Origin-Pull
        • HTTP/2 Origin-Pull
        • Range GETs
      • Load Balancing
        • Overview
        • Quickly Create Load Balancers
        • Health Check Policies
        • Viewing the Health Status of Origin Server
        • Related References
          • Load Balancing-Related Concepts
          • Introduction to Request Retry Strategy
      • Origin Group Configuration
      • Related References
        • ld Version Origin Group Compatible Related Issues
      • Collect EdgeOne origin-pull node IP
  • Edge Cache
    • Overview
    • EdgeOne Cache Rules
      • Content Cache Rules
      • Cache Key Introduction
      • Vary Feature
    • Cache Configuration
      • Custom Cache Key
      • Node Cache TTL
      • Status Code Cache TTL
      • Browser Cache TTL
      • Offline Caching
      • Cache Prefresh
    • Clear and Preheat Cach
      • Cache Purge
      • URL Pre-Warming
    • How to improve the Cache Hit Rate of EdgeOne
  • Rules Engine
    • Overview
    • Supported Matching Types and Actions
    • Rule Management
    • variables

Advanced DNS Configuration

This document will introduce the advanced configuration principles and methods such as DNSSEC, custom NS, CNAME acceleration supported by EdgeOne.
Note:
The following advanced DNS configuration features are only supported in NS access mode.

DNSSEC

Introduction

Domain Name System Security Extensions (DNSSEC) can effectively prevent attacks such as DNS spoofing and cache poisoning. By employing digital signatures, it guarantees the authenticity and integrity of DNS response messages, protecting users from being redirected to unintended addresses. This in turn fosters user trust in the internet while safeguarding your core business. If you wish to heighten the security of your site's resolution to prevent hijacking and tampering, activating this configuration is suggested.

How It Works

Through the addition of encrypted signatures to existing DNS records, DNSSEC establishes a more secure DNS. These signatures are stored in the DNS name servers along with common record types such as AAAA and MX records. Thereafter, by simply checking the signature corresponding to the requested DNS record, one can confirm whether the record originates directly from an authoritative name server. This means that the DNS record will not be poisoned or otherwise altered during digital transmission, thus effectively preventing the introduction of forged records.


Directions

1. Log in to the TencentCloud EdgeOne Console, click on Site List in the left menu, and within the site list, click on the Site you need to configure to proceed to the site details page.
2. On the Site Details page, click on Domain Name Services > DNS configuration to navigate to the DNS configuration page.
3. On the DNS configuration page, click on

within the DNSSEC module. After double confirmation, enable the DNSSEC feature.
4. EdgeOne will provide you with DS record information as shown in the picture below. For the corresponding relationship between the summary type and the algorithm, please refer to: Summary Type and Algorithm.

5. Next, you need to add a DS record at the Domain registration merchant based on the above information.
6. Once the configuration is complete, wait for it to take effect at the Domain registration service provider's end.

Custom NS

Introduction

The custom NS feature allows you to create a name server (NS) dedicated to your own site to replace the default assigned name server. After creation, EdgeOne will automatically assign an IP to it.

Overview

When you choose to connect your site via NS and you wish to customize the name of your site's DNS server, you can utilize this configuration.
Note
Custom NS has the following limits:
Only a subdomain (for example: ns.example.com) of the current site (for example: example.com) can be used as the custom NS server name.
Custom NS requires at least two domains to be added, and they must not conflict with the current existing DNS records.

Directions

1. Log in to the EdgeOne console, click on Site List in the left menu, and within the site list, click on the Site you need to configure to proceed to the site details page.
2. On the Site Details page, click on Domain Name Services > DNS configuration to navigate to the DNS configuration page.
3. On the DNS configuration page, within the Custom NS module, hit the

input field to add a custom NS server host record.
4. After clicking on OK to finalize the addition, you need to append the custom NS's glue record at your Domain Registration provider for the changes to fully become effective. If your domain is registered with Tencent Cloud, you may refer to Custom DNS Host. For domains registered with other vendors, please consult the respective Domain Registration provider's guidance documentation to carry out the configuration.
Note:
Upon enabling and adding your custom NS service, EdgeOne will automatically append the corresponding A records to your current domain name, with no requisite configuration on your part.
5. Once the configuration is complete, wait for it to take effect at the Domain registration service provider's end.

CNAME Acceleration

Introduction

The activation of this function effectively accelerates the resolution speed. If multi-level CNAME records for the domain are set in EdgeOne DNS, the system will directly provide the final IP resolution result, thus decreasing the number of resolutions. This feature is pre-set as enabled, typically needing no alterations. However, should you require offering the user a complete path of resolution, you can opt for deactivation. Example:
Assume your site is example.com, you have configured the following multi-level resolution records: loopthree.example.com -> looptwo.example.com -> loopone.example.com -> 1.2.3.4.

In the absence of CNAME Acceleration, the resolution results would be as follows:

With CNAME Acceleration enabled, the resolution result will directly display as IP address: