Advanced DNS Configuration
This document will introduce the advanced configuration principles and methods such as DNSSEC, custom NS, CNAME acceleration supported by EdgeOne.
Note:
The following advanced DNS configuration features are only supported in NS access mode.
DNSSEC
Introduction
Domain Name System Security Extensions (DNSSEC) can effectively prevent attacks such as DNS spoofing and cache poisoning. By employing digital signatures, it guarantees the authenticity and integrity of DNS response messages, protecting users from being redirected to unintended addresses. This in turn fosters user trust in the internet while safeguarding your core business. If you wish to heighten the security of your site's resolution to prevent hijacking and tampering, activating this configuration is suggested.
How It Works
Through the addition of encrypted signatures to existing DNS records, DNSSEC establishes a more secure DNS. These signatures are stored in the DNS name servers along with common record types such as AAAA and MX records. Thereafter, by simply checking the signature corresponding to the requested DNS record, one can confirm whether the record originates directly from an authoritative name server. This means that the DNS record will not be poisoned or otherwise altered during digital transmission, thus effectively preventing the introduction of forged records.
Directions
1. Log in to the TencentCloud EdgeOne Console, click on Site List in the left menu, and within the site list, click on the Site you need to configure to proceed to the site details page.
2. On the Site Details page, click on Domain Name Services > DNS configuration to navigate to the DNS configuration page.
3. On the DNS configuration page, click on
within the DNSSEC module. After double confirmation, enable the DNSSEC feature.4. EdgeOne will provide you with DS record information as shown in the picture below. For the corresponding relationship between the summary type and the algorithm, please refer to: Summary Type and Algorithm.
5. Next, you need to add a DS record at the Domain registration merchant based on the above information.
6. Once the configuration is complete, wait for it to take effect at the Domain registration service provider's end.
Custom NS
Introduction
The custom NS feature allows you to create a name server (NS) dedicated to your own site to replace the default assigned name server. After creation, EdgeOne will automatically assign an IP to it.
Overview
When you choose to connect your site via NS and you wish to customize the name of your site's DNS server, you can utilize this configuration.
Note
Custom NS has the following limits:
Only a subdomain (for example: ns.example.com) of the current site (for example: example.com) can be used as the custom NS server name.
Custom NS requires at least two domains to be added, and they must not conflict with the current existing DNS records.
Directions
1. Log in to the EdgeOne console, click on Site List in the left menu, and within the site list, click on the Site you need to configure to proceed to the site details page.
2. On the Site Details page, click on Domain Name Services > DNS configuration to navigate to the DNS configuration page.
3. On the DNS configuration page, within the Custom NS module, hit the
input field to add a custom NS server host record.4. After clicking on OK to finalize the addition, you need to append the custom NS's glue record at your Domain Registration provider for the changes to fully become effective. If your domain is registered with Tencent Cloud, you may refer to Custom DNS Host. For domains registered with other vendors, please consult the respective Domain Registration provider's guidance documentation to carry out the configuration.
Note:
Upon enabling and adding your custom NS service, EdgeOne will automatically append the corresponding A records to your current domain name, with no requisite configuration on your part.
5. Once the configuration is complete, wait for it to take effect at the Domain registration service provider's end.
CNAME Acceleration
Introduction
The activation of this function effectively accelerates the resolution speed. If multi-level CNAME records for the domain are set in EdgeOne DNS, the system will directly provide the final IP resolution result, thus decreasing the number of resolutions. This feature is pre-set as enabled, typically needing no alterations. However, should you require offering the user a complete path of resolution, you can opt for deactivation. Example:
Assume your site is
example.com
, you have configured the following multi-level resolution records: loopthree.example.com
-> looptwo.example.com
-> loopone.example.com
-> 1.2.3.4
.
In the absence of CNAME Acceleration, the resolution results would be as follows:
With CNAME Acceleration enabled, the resolution result will directly display as IP address: