FAQs - HuaweiDomain Name Service FAQs Issue 13 Date 2020-02-21 HUAWEI TECHNOLOGIES CO., LTD

Domain Name Service

FAQs

Issue 18

Date 2020-06-17

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 18 (2020-06-17) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 Product Consultation.............................................................................................................. 11.1 Is DNS a Paid Service?........................................................................................................................................................... 11.2 How Many Zones/Record Sets/PTR Records Can I Create?...................................................................................... 11.3 What Addresses Does HUAWEI CLOUD DNS Use to Provide Domain Resolution?.........................................11.4 What Are the Private DNS Server Addresses Provided by the DNS Service?......................................................31.5 What Are the Differences Between Public and Private Domain Names?............................................................41.6 Does DNS Support IPv4 and IPv6?.................................................................................................................................... 51.7 Does DNS Support Explicit or Implicit URL Forwarding?.......................................................................................... 51.8 Does DNS Support Dynamic Domain Name Resolution?......................................................................................... 61.9 Are Wildcard DNS Record Sets Supported?................................................................................................................... 61.10 What Is TTL?........................................................................................................................................................................... 61.11 How Many Domain Name Levels Does the DNS Service Support?.................................................................... 61.12 How Are Zones Queried to Resolve a Domain Name?............................................................................................71.13 What Are the Priorities of Resolution Lines?...............................................................................................................71.14 Why Is the Email Address Format Changed in the SOA Record?.........................................................................71.15 What Is CAA?..........................................................................................................................................................................81.16 What Is the Function of an MX Record Set Priority?............................................................................................. 10

2 Invalid Domain Resolution..................................................................................................112.1 Why Has My Record Set Not Taken Effect?.................................................................................................................112.2 How Do I Test Whether a Record Set Has Taken Effect?........................................................................................122.3 When Will a Record Set Take Effect After I Create It?.............................................................................................142.4 When Will a Record Set Modification Take Effect?...................................................................................................142.5 How Long Is Required for DNS Server Address Changes to Take Effect?......................................................... 15

3 Website Access Failures....................................................................................................... 163.1 Why Can't I Access the Website After the Domain Name Has Been Resolved Successfully?.................... 16

4 Public Zones............................................................................................................................184.1 Why a Message Indicating Conflict with an Existing Record Set Is Displayed When I Add a Record Set?............................................................................................................................................................................................................ 184.2 How Do I Add Record Sets for Subdomains?.............................................................................................................. 224.3 How Is a Domain Name Resolved When a Record Set Has Multiple Values?................................................ 254.4 Can I Modify a Zone?.......................................................................................................................................................... 264.5 Can I Resolve a Domain Name to Addresses of Servers in an On-premise Data Center or Servers ofAnother Cloud Service Provider?............................................................................................................................................ 26

Domain Name ServiceFAQs Contents

Issue 18 (2020-06-17) Copyright © Huawei Technologies Co., Ltd. ii

4.6 How Do I Access the Same Website Using Multiple Domain Names?.............................................................. 274.7 Configuring Weighted Resolution................................................................................................................................... 27

5 Private Zones.......................................................................................................................... 305.1 How Do I Switch to a Private DNS Server?..................................................................................................................305.2 How Can I Access an ECS Using Its Host Name?...................................................................................................... 315.3 How Can I Configure a PTR Record for the Private IP Address of an ECS?...................................................... 325.4 How Do I Configure the Same Public and Private Domain Name for My Website?.................................... 375.5 Can Private Domain Names Be Used Across Regions?............................................................................................ 385.6 Do I Need to Register Private Domain Names?......................................................................................................... 395.7 Will a VPC Be Automatically Disassociated from a Public Zone If I Delete the VPC?.................................. 395.8 Are Private DNS Server Addresses the Same for All Users?...................................................................................395.9 What Are the Restrictions on Concurrent Private DNS Requests?.......................................................................40

6 Domain Transfer.................................................................................................................... 416.1 Can I Transfer a Hosted Domain Name from Account A to Account B?...........................................................416.2 Will Domain Name Resolution Be Affected After Domain Names Are Transferred or Migrated?...........416.3 How Do I Migrate My Domain from Another DNS Service Provider to HUAWEI CLOUD DNS?..............43

7 Mailbox Resolution............................................................................................................... 447.1 What Are Common Record Sets for Domain Resolution of a Mailbox?............................................................ 44

Domain Name ServiceFAQs Contents

Issue 18 (2020-06-17) Copyright © Huawei Technologies Co., Ltd. iii

1 Product Consultation

1.1 Is DNS a Paid Service?No.

1.2 How Many Zones/Record Sets/PTR Records Can ICreate?

By default, you can create a maximum of 50 public zones, 50 private zones, 50PTR records, and 500 record sets.

If the quotas do not meet your service requirements, you can contact customerservice for an increase.

1.3 What Addresses Does HUAWEI CLOUD DNS Use toProvide Domain Resolution?

To enable users to access the nearest DNS server and resolve domain names withthe lowest latency, HUAWEI CLOUD has deployed DNS servers in multiple AZsaround the world. In some regions, anycast is supported.

NO TE

Currently, DNS servers have been deployed in the AZs in the following countries and cities:Beijing, Langfang, Shanghai, Guangzhou, Shenzhen, Guiyang, Hong Kong, Thailand,Singapore, South Africa, Russia, Chile, and Dubai.

HUAWEI CLOUD DNS uses the following addresses to provide resolution services:

● ns1.huaweicloud-dns.com: DNS address for regions on the Chinese mainland● ns1.huaweicloud-dns.cn: DNS address for regions on the Chinese mainland● ns1.huaweicloud-dns.net: DNS address for countries or regions outside the

Chinese mainland● ns1.huaweicloud-dns.org: DNS address for countries or regions outside the

Chinese mainland

Domain Name ServiceFAQs 1 Product Consultation

Issue 18 (2020-06-17) Copyright © Huawei Technologies Co., Ltd. 1

After you have created a public zone on the console, an NS record set isgenerated by default, and its value is the preceding four DNS addresses.

Recommendation for DNS Address SettingBecause there is a limit in the international Internet bandwidth on the Chinesemainland, network latency increases when users access the network across theChinese mainland.

For this reason, it is recommended that you configure an NS record set for yourpublic domain in the following ways:

● If your website users are mainly on the Chinese mainland, set the DNSaddresses to ns1.huaweicloud-dns.com and ns1.huaweicloud-dns.cn.

● If your website users are mainly in countries or regions outside the Chinesemainland, set the DNS addresses to ns1.huaweicloud-dns.net andns1.huaweicloud-dns.org.

● If users of your website are all over the world, set the preceding DNSaddresses.

Setting the DNS AddressesYou need to set the DNS addresses on the Record Sets page.

1. Log in to the management console.2. In the Network category, click Domain Name Service.

The DNS console is displayed.3. In the navigation pane, choose DNS Resolution > Public Zones.

The Public Zones page is displayed.4. In the public zone list, click the name of the target domain.5. Locate the NS record set and click Modify under Operation.



https://support.huaweicloud.com/en-us/usermanual-dns/en-us_topic_0035467702.html

Figure 1-1 Modify Record Set

6. Change the settings of Value based on Recommendation for DNS AddressSetting.

7. Click OK.

NO TE

For public domains registered with HUAWEI CLOUD before, their DNS servers arens1.hwclouds-dns.com and ns1.hwclouds-dns.net. The two addresses are still available.It is recommended that you change the two addresses to four new DNS addresses, so thatwe can provide better resolution services.

1.4 What Are the Private DNS Server AddressesProvided by the DNS Service?

Private DNS servers are used in VPCs to:

● Resolve private domain names and internal domain names of other cloudservices, such as OBS and Workspace.

● Forward domain name requests to public DNS servers.

Compared with the public DNS server 114.114.114.114, private DNS serversprovided by the DNS service have the following advantages:

● Resolve private domain names created within VPCs.● Access internal addresses of cloud services like OBS and SFS.● Allow ECSs not assigned with EIPs to access the Internet.

Table 1-1 lists private DNS server addresses provided by the DNS service indifferent regions.



Table 1-1 Private DNS server addresses

Region Private DNS Server Addresses

CN North-Beijing1 100.125.1.250

100.125.21.250

CN North-Beijng4 100.125.1.250

100.125.129.250

CN Southwest-Guiyang1

100.125.1.250

100.125.129.250

CN South-Guangzhou

100.125.1.250

100.125.136.29

CN East-Shanghai1 100.125.1.250

100.125.64.250

CN East-Shanghai2 100.125.17.29

100.125.135.29

AP-Hong Kong 100.125.1.250

100.125.3.250

AP-Bangkok 100.125.1.250

AP-Singapore 100.125.1.250

100.125.128.250

AF-Johannesburg 100.125.1.250

LA-Santiago 100.125.1.250

100.125.0.250

EU-Paris 100.125.0.41

100.126.0.41

US-Atlanta 100.125.2.5

100.125.2.6

1.5 What Are the Differences Between Public andPrivate Domain Names?

Public domain names are used on the Internet. They need to be purchased andmust be unique on the Internet.



To resolve a public domain name, you need to:

1. Purchase a domain name from a domain name registrar, for example,HUAWEI CLOUD.

2. Create a public zone for the domain name and add record sets. For details,see Configuring Record Sets for a Website (for Domain Names Registeredwith HUAWEI CLOUD) or Configuring Record Sets for a Website (forDomain Names Registered with a Third-Party Registrar).

After you perform the preceding operations, the domain name will be resolved byDNS and accessible on the Internet. For details about how a public domain nameis resolved, see Public Zone.

Private domain names are used within VPCs and do not need to be registered.

For details about private domain names, see Configuring a Private Zone.

The most important difference between public and private domain names is thatthe former is used on the Internet and the later within VPCs.

1.6 Does DNS Support IPv4 and IPv6?Yes.

You can add A and AAAA record sets for a domain name to resolve it into IPv4and IPv6 addresses.

For example, add the following record sets for example.com.

Table 1-2 Record sets

Name Type Value

www.example.com A 192.168.1.2

www.example.com AAAA 2407:c080:0:ffff:ffff:fffe:0:1

HUAWEI CLOUD DNS servers (ns1.huaweicloud-dns.com, ns1.huaweicloud-dns.cn,ns1.huaweicloud-dns.net, and ns1.huaweicloud-dns.org) support both IPv4 andIPv6.

All local DNS servers, either supporting IPv4 or IPv6 or both, can send requests toHUAWEI CLOUD DNS servers and obtain the record sets.

1.7 Does DNS Support Explicit or Implicit URLForwarding?

No. Currently, DNS does not support explicit or implicit URL forwarding.



https://support.huaweicloud.com/en-us/qs-dns/dns_qs_0002.html


https://support.huaweicloud.com/en-us/qs-dns/en-us_topic_0035467699.html


https://support.huaweicloud.com/en-us/productdesc-dns/en-us_topic_0035920135.html


1.8 Does DNS Support Dynamic Domain NameResolution?

No. The DNS service can only resolve domain names to fixed IPv4 or IPv6addresses.

1.9 Are Wildcard DNS Record Sets Supported?Yes.

You can use an asterisk (*) as the host name in a domain name to create awildcard record set. For more details, see RFC 4592.

Currently, you can create a wildcard DNS record set of the A, AAAA, MX, CNAME,TXT, CAA, and SRV types.

1.10 What Is TTL?TTL, short for time-to-live, specifies the cache duration of records on a local DNSserver.

The local DNS server is connected to clients (computers or smartphones) throughthe Internet. By default, its address is assigned by the broadband carrier. You canalso choose a public DNS server, for example, 114.114.114.114 and 8.8.8.8, as yourlocal DNS server. The local DNS servers for ECSs purchased on HUAWEI CLOUDare private DNS servers. For details, see What Are the Private DNS ServerAddresses Provided by the DNS Service?

When the local DNS server receives a domain name request, it asks theauthoritative DNS server of the domain name for the required resource record,and then caches the record for a period of time. During this period, if the localDNS server receives requests for this domain name again, it does not request therecord from the authoritative DNS server, but directly returns a result from therecord in its cache.

The time period during which resource records are cached on the local DNS serveris specified by the TTL value. You can set it when adding record sets in public orprivate zones. For details, see Managing Record Sets.

1.11 How Many Domain Name Levels Does the DNSService Support?

The DNS service supports the following levels for domain names suffixedwith .com:● Second level, such as example.com● Third level, such as www.example.com

The DNS service supports the following levels for domain names suffixedwith .com.cn:




● Third level, such as example.com.cn● Fourth level, such as www.example.com.cn

1.12 How Are Zones Queried to Resolve a DomainName?

When a domain name request is initiated, the domain name is first queried in thezone of a subdomain of the domain name.

● If the zone created for the subdomain exists, the system returns the resultfrom the zone configuration file.

● Otherwise, the system queries the domain name from the zone configurationfile of a higher-level domain name.

For example:

For example, you have created a zone for example.com and added an A record setfor www.example.com. You have also created a zone for www.example.com buthave not added an A record set for it.

In this case, if a visitor tries to access www.example.com, the domain name is firstqueried in the configuration file of zone www.example.com. However, because youhave not added an A record set in the zone, no result will be returned.

1.13 What Are the Priorities of Resolution Lines?The DNS service supports the following types of resolution lines:

● ISP line● Region line● Custom line

For details, see Resolution Line.

If multiple resolution lines are configured for a domain name, the priorities ofthese resolution lines comply with the following principles:

● If there are default lines in addition to ISP lines, region lines, and customlines, the priorities of the four types of resolution lines are as follows:Custom line > ISP line > Region line > Default line

● For region lines, the more accurate the range is, the higher the priority is.If there are multiple region lines, the priorities of these lines are as follows:Beijing (Province/State) > North China (Region) > Chinese mainland > Global> Default

1.14 Why Is the Email Address Format Changed in theSOA Record?

When you create a zone, we strongly recommend you specifyHOSTMASTER@Domain name as the email address.



https://support.huaweicloud.com/en-us/usermanual-dns/dns_usermanual_0041.html

After the zone is created, the email you specified is displayed in the SOA record setof the zone. Because the "@" sign in the SOA record set has other meanings, thesystem replaces @ in the email address with a dot (.). If a dot already exists beforethe @ sign, the system includes a backslash (\) before the dot. However, emailsare still sent to the email address you specified. For more details, see RFC 1035.

Take [email protected] as an example.

If you have specified [email protected] when creating the zone, theemail address displayed in the SOA record set is test\.hostmaster.example.com.

1.15 What Is CAA?Certification Authority Authorization (CAA) is a way to ensure that HTTPScertificates are issued by authorized certificate authorities (CAs). It is incompliance with IETF RFC 6844 standards. Since September 8, 2017, all CAs arerequired to check CAA records before issuing certificates.

CAA SpecificationsDomain name owners can create CAA records that allow authorized to specifythat authorized CAs to issue certificates for their domain names.

There are hundreds of CAs worldwide that have the right to issue HTTPScertificates to verify identity of a website. CAA allows you to specify that onlyauthorized CAs issue HTTPS certificates for your website domain names, andprevent fraudulent certificates from being issued. Setting CAA records is a way toenhance security for your websites.

CAs will perform a DNS lookup for CAA records when they issue certificates.

● If a CA does not find any CAA record, it can issue a certificate for the domainname.Any other CAs are also able to issue certificates for this domain name,bringing risks of certificate mis-issuing.

● If the CA finds a CAA record that authorizes it to issue certificates, it will issuea certificate for the domain name.

● If the CA finds a CAA record but the record does not authorize it to issuecertificates, the CA will not be able to issue HTTPS certificates for the domainname. In this case, HTTPS certificates will not be mis-issued.

CAA RecordA CAA record consists of a flag byte [flag], a property tag, and a property value[tag]-[value]. You can create multiple CAA records for a domain name.



Table 1-3 Configuration of CAA records

Function Example Description

Configure aCAA record forone domainname.

0 issue"ca.example.com"

Only the specified CA(ca.example.com) can issuecertificates for a particular domainname (domain.com). Requests toissue certificates for the domainname by other CAs will be rejected.

0 issue ";" No CA is allowed to issuecertificates for the domain namedomain.com.

Configure theCA to reportviolations tothe domainname holder.

0 iodef"mailto:[email protected]"

When a certificate issuing requestviolates the CAA record, the CA willnotify the domain name holder ofthe violation.

0 iodef "http://domain.com/log/"0 iodef "https://domain.com/log/"

Requests to issue certificates byunauthorized CAs will be recorded.

Authorize a CAto issuewildcardcertificates.

0 issuewild"ca.example.com"

The specified CA (ca.example.com)can issue wildcard certificates forthe domain name.

Configurationexample

0 issue "ca.abc.com"0 issuewild "ca.def.com"0 iodef"mailto:[email protected]"

The example configures a CAArecord for the domain namedomain.com.● Only CA ca.abc.com can issue

certificates of all types.● Only CA ca.def.com can issue

wildcard certificates.● Any other CAs are not allowed to

issue certificates.● When a violation occurs, the CA

sends a notification [email protected].

Checking Whether a CAA Record Takes Effect

You can use dig to check whether the CAA record has taken effect. dig is short fordomain information groper and is a network administration command-line toolfor querying the Domain Name System (DNS).

The command format is: dig [Type] [Domain name] +trace.

Example:



dig caa www.example.com +trace

NO TE

If dig has not installed, you need to manually install it first.

1.16 What Is the Function of an MX Record SetPriority?

The priority in an MX record specifies the sequence for an email server to receiveemails. A smaller value indicates a higher priority.

● If there is only one MX record set on the DNS server, the priority does notwork.

● If there are multiple MX record sets, the DNS server of the email senderpreferentially sends emails to the email server with the highest priority.If this email server becomes faulty, the DNS server of the senderautomatically sends emails to the email server with the second highestpriority.

You can set the priority when creating MX record sets in public or private zones.For details, see Managing Record Sets.




2 Invalid Domain Resolution

2.1 Why Has My Record Set Not Taken Effect?If an IP address cannot be returned when you ping a domain name, the record setis not working.

The record set will not take effect in the following conditions:

● Your network is faulty.● The record set is abnormal.● The record set is modified or cached by the DNS server.

You can perform the following operations to locate the fault for your domainname (example.com):

1. Check your network.Check whether you can successfully ping another domain name.– If yes, the network is normal. Go to step 2.– If no, your network is faulty. Contact your broadband carrier to rectify the

fault.2. Do as follows and check whether the record set takes effect.

a. Run the following commands:dig example.com @ns1.hwclouds-dns.comdig example.com @ns1.huaweicloud-dns.cndig example.com @ns1.huaweicloud-dns.netdig example.com @ns1.huaweicloud-dns.org

▪ If the command output shows that the record set has not takeneffect, go to step 2.b.

▪ If the command output shows that the record set has taken effect,the DNS server is normal. In this case, go to step 3.

b. Log in to the DNS console, check whether the record set exists and if itsstatus is normal.

Domain Name ServiceFAQs 2 Invalid Domain Resolution


▪ If the record set does not exist, add it and perform step 2.a again.

▪ If the record set exists but its status is not normal, delete the recordset and create it again. Then, perform step 2.a again.

▪ If the record set exists and its status is normal, submit a service ticketto obtain service support.

3. Check whether the record set is modified or cached.

a. Check whether the DNS server has been changed.Typically, updated DNS server addresses take effect in approximately 24to 48 hours.

b. Check whether the record set is cached by the local computer.

▪ For a Windows OS, run the ipconfig /flushdns command to refreshthe DNS cache.

▪ A Linux or Unix OS does not cache DNS records.However, if the NSCD service is installed, run the service nscdrestart command to refresh DNS cache.

c. Check whether the record set is cached by the local DNS server providedby the carrier.DNS records are usually cached for less than an hour. Therefore, you canrun the ping command after ah hour to check whether the record set hastaken effect.

d. Check whether the local DNS server has been attacked. (If so, the DNSrecord set may have been changed.)Change your local DNS server to a public DNS server, for example, 8.8.8.8or 114.114.114.114, and run the dig [email protected] or [email protected] command to check whether the recordset takes effect.

NO TE

Refer to Why Can't I Access the Website After the Domain Name Has BeenResolved Successfully? if your record set has taken effect but you still cannot accessthe website with the domain name.

2.2 How Do I Test Whether a Record Set Has TakenEffect?

Run the following commands in the DOS window on a PC connected to theInternet to test whether a record set has taken effect:

● ping Domain name● nslookup [-qt= Type] Target domain name Authoritative DNS server● dig Type Target domain name @Authoritative DNS server



NO TE

● Set Type in the nslookup and dig commands to the record type, for example, A,CNAME, TXT, or MX, to check whether the record set of that type works. If you do notspecify a type, the system queries the A record set by default.

● If dig has not installed, you need to manually install it first.● The preceding commands can be used to test both public and private domain names.

You can run any of the preceding commands to check whether the commandoutput is the same as the configured record set.

● If the command output is the same as the configured record set, the recordset has taken effect.

● If the command output is different from the configured record set, check theTTL value. Run the commands again after the cache duration specified by theTTL value elapses. For details, see What Is TTL?

dig Command Example (for Linux)● This example assumes that the record set has taken effect.

Run the following command to test the resolution result of domain name1.private.com by the private DNS server (100.125.1.250):dig @100.125.1.250 1.private.com IN A; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @100.125.1.250 1.private.com IN A; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12120;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;1.private.com. IN A

;; ANSWER SECTION: 1.private.com. 300 IN A 1.1.1.1

;; Query time: 0 msec;; SERVER: 100.125.1.250#53(100.125.1.250);; WHEN: Wed Oct 09 11:13:14 CST 2019;; MSG SIZE rcvd: 58

The command output indicates that domain name 1.private.com has one Arecord.

● This example assumes that the record set has not taken effect.Run the following command to test the resolution result of domain namea.private.com by the private DNS server (100.125.1.250):dig @100.125.1.250 a.private.com IN A; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @100.125.1.250 a.private.com IN A; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60081;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;a.private.com. IN A



;; AUTHORITY SECTION: private.com. 300 IN SOA ns1.private.hwclouds-dns.com. hwclouds\.cs.huawei.com. 1 7200 900 1209600 300

;; Query time: 0 msec;; SERVER: 100.125.1.250#53(100.125.1.250);; WHEN: Wed Oct 09 11:13:14 CST 2019;; MSG SIZE rcvd: 122

The command output indicates that the domain name exists but cannot beresolved.

nslookup Command Example (Windows)● This example assumes that the record set has taken effect.

Run the following command to test the resolution result of domain namepublictest.com:nslookup publictest.comServer: xxx.com Address: xx.xx.xx.xx

Non-authoritative answer:Name: publictest.comAddress: xx.xx.xx.xx

The command output indicates that the A record set configured for thedomain name has taken effect.

● This example assumes that the record set has not taken effect.Run the following command to test the resolution result of a CAA record setfor domain name publictest.com:nslookup -qt=caa publictest.com ns1.hwclouds-dns.comunknown query type: caaDNS request timeout. timeout was 2 seconds.Server: Unknown Address: xx.xx.xx.xx

The command output indicates that no CAA record set is found.

2.3 When Will a Record Set Take Effect After I CreateIt?

● If the record set is created for the first time, it takes effect immediately.● If you delete a record set and add a new record set, the new record set will

take effect after the cache duration specified by the TTL value of the deletedrecord set expires.In some cases, however, the carrier may prolong the cache duration of adomain name.

2.4 When Will a Record Set Modification Take Effect?After you modify a record set, the modification takes effect when the cacheduration specified by the TTL value of the record set expires.

If the carrier sets a longer cache duration, the modification will take effect afterthis period of time elapses.



2.5 How Long Is Required for DNS Server AddressChanges to Take Effect?

DNS server address changes can be quickly synchronized to the top-level domainserver and take effect on the network. However, some domain name registrars setthe TTL value of NS records to 48 hours. In this scenario, if the NS records arecached by a local DNS server, the changes will take effect in 48 hours.

Consult the domain name registrars for specific cache duration. Do not deleteoriginal record sets until the changes take effect to ensure your service continuity.



3 Website Access Failures

3.1 Why Can't I Access the Website After the DomainName Has Been Resolved Successfully?

Website access is performed at two necessary phases. Figure 3-1 shows processfor accessing a website.

Figure 3-1 Visitors accessing a website

● Phase 1: The DNS server resolves the domain name in the request into an IPaddress and returns the IP address to the client.At this phase, the website cannot be accessed if any of the followingsituations occurs:– The domain name cannot be resolved.

Rectify this issue by referring to Why Has My Record Set Not TakenEffect?

– Real-name authentication is not performed for the domain name.According to MITT's regulations, real-name authentication must beperformed within five days after a domain name is purchased. Otherwise,the domain name cannot be used on the Internet.

Domain Name ServiceFAQs 3 Website Access Failures


For domain names registered with HUAWEI CLOUD, perform real-nameauthentication on the HUAWEI CLOUD platform. For those registeredwith third-party registrars, refer to their help documents.

● Phase 2: The client accesses the web server using the IP address and obtainsthe desired content.If the domain name is successfully resolved by the DNS server but one of thefollowing events occurs, the access still fails:– The web server is unavailable due to network problems or other issues.– The domain name and IP address of the web server are not licensed.

Unlicensed domain names and IP addresses cannot be used on theInternet, as per MIIT stipulations.If the web server is deployed on HUAWEI CLOUD, you can license yourwebsite on HUAWEI CLOUD.

Domain Name ServiceFAQs 3 Website Access Failures


4 Public Zones

4.1 Why a Message Indicating Conflict with an ExistingRecord Set Is Displayed When I Add a Record Set?

If "This record set is in conflict with an existing one" is displayed, the record setyou are trying to create conflicts with or is the same as an existing record set.

Table 4-1 lists the rules.

Table 4-1 Restrictions between record types

NS CNAME

A AAAA MX TXT PTR SRV CAA

NS Nolimita

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

CNAME

Conflictb

Nolimit

Conflict

Conflict

Conflict

Conflict

Conflict

Conflict

Conflict

A Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

AAAA

Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

MX Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

TXT Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

PTR Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

SRV Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Domain Name ServiceFAQs 4 Public Zones


CAA Nolimit

Conflict

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

Nolimit

a: No NS record sets can be added for primary domains (for example,example.com). There is no restriction on subdomains (for example,www.example.com).b: For primary domains (for example, example.com), you can add CNAMErecord sets and NS record sets at the same time. However, CNAME record setsconflict with NS record sets for subdomains (for example, www.example.com),and therefore they cannot be added at the same time.

The rules are as follows:

● Conflict: The two types of record sets cannot coexist in the same resolutionline.

● No limit: The two types of record sets can coexist without restrictions.

To add a record set when the system displays a message indicating that the recordset conflicts with an existing one, perform the following operations:

● Delete the existing record set that conflicts with the record set that you wantto add, and then add the record set again.

NO TE

Deleting a record set may cause failure in domain name resolution. Exercise cautionwhen performing this operation.

● Set different names to add record sets for subdomains of the domain name.● Select different line types to add record sets.

The following are two examples of how to solve common record set conflicts.

Example 1: Adding an NS Record SetYou have hosted the domain name example.com on the DNS service, and thesystem automatically generates an NS record set and an SOA record set, whichcannot be deleted.

As shown in Table 4-1, NS record sets cannot be added to the primary domain inthe same resolution line. Therefore, you cannot add an NS record set forexample.com.

In this case, you can use either of the following methods to solve this problem:

● Method 1: Add an NS record set for a subdomain of example.com.In the following figure, an NS record set is added to 123.example.com, andthe value of the record set is ns.example.com.



Figure 4-1 Adding an NS record set

● Method 2: Add an NS record set with a resolution line other than Default forexample.com.In the following figure, an NS record set with the line type set to ISP is addedto example.com, and the value of the record set is ns.example.com.



Figure 4-2 Adding an NS record set with an ISP line

● Method 3: Change the value of the NS record set of domain nameexample.com.To configure a new DNS server address for a domain name, you can modifythe value of the NS record set. For more information, see What AddressesDoes HUAWEI CLOUD DNS Use to Provide Domain Resolution?

Example 2: Adding a CNAME Record Set (Email Address Resolution)If you have hosted the email domain name example.com on the DNS service, youneed to add MX, TXT, or CNAME record sets to example.com.

As shown in Table 4-1, if the record set names are the same, the CNAME recordset conflicts with MX and TXT record sets in the same resolution line. In this case,you can add a CNAME record set with a different name.

For detailed operations, see Table 4-2.

For detailed operations, see Configuring Record Sets for Email Servers.

Table 4-2 Email resolution records

RecordSetType

RecordSetName

Value Description

MX - 5 mx01.mailserver.com10mx02.mailserver.com

Email server address, which isobtained from the email serviceprovider




RecordSetType

RecordSetName

Value Description

TXT - "v=spf1include:spf.mailserver.com -all"

SPF records used to preventspam

CNAME

mail mailserver.com Use domain namemail.example.com to log in tothe mailbox.

CNAME

smtp smtp.mailserver.com Use smtp.example.com as thealias of smtp.mailserver.com.

CNAME

imap imap.mailserver.com Use imap.example.com as thealias of imap.mailserver.com.

CNAME

pop pop.mailserver.com Use pop.example.com as thealias of pop.mailserver.com.

4.2 How Do I Add Record Sets for Subdomains?The procedure for adding record sets for a subdomain is the same as that for aprimary domain name. You only need to enter a prefix of the domain name whenadding record sets.

The following uses the public domain name example.com to describe how to addan A record set its subdomain 123.example.com. The value of the record set is192.168.1.2.

Procedure1. Log in to the management console.2. In the Network category, click Domain Name Service.

The DNS console is displayed.

3. In the navigation pane, choose DNS Resolution > Public Zones.The zone list is displayed.

4. Click the name of the zone example.com.5. Click Add Record Set.

The Add Record Set dialog box is displayed.



Figure 4-3 Adding an A record set

6. Set required parameters based on Table 4-3.

Table 4-3 Parameters for adding an A record set

Parameter Description ExampleValue

Name Domain name (You do not need to manuallyadd the suffix.)The default value is the zone name.

123

Type Type of the record set A – Mapdomains toIPv4addresses

Alias Whether to associate the record set with acloud resource name● Yes: The record set will be associated with

a cloud resource. For details, seeConfiguring Domain Name Aliases.

● No: The record set will not be associatedwith a cloud resource.

No




Parameter Description ExampleValue

Line Resolution lineThe DNS server will return the IP address ofthe specified line based on the source ofvisitors.● Default: returns the default resolution

result irrespective of where the visitorscome from.

● ISP: returns the resolution result based onvisitors' carrier networks. For details, seeConfiguring ISP Lines for Record Sets.

● Region: returns the resolution result basedon visitors' geographical locations. Fordetails, see Configuring Region Lines forRecord Sets.

● Custom: returns the resolution resultbased on the specified IP address range.For details, see Configuring Custom Lines.

Default

TTL (s) Cache duration of the record set, in seconds The defaultvalue is 300,that is, 5minutes.

Value IPv4 addresses mapped to the domain nameEnter each IPv4 address on a separate line.

192.168.1.2

Weight (Optional) Weight of a record setThe value ranges from 0 to 1000, and thedefault is 1.This parameter is supported only for publicdomain names.If a resolution line in a zone contains multiplerecord sets of the same type, you can setdifferent weights to each record set.

1

Tag (Optional) Identifier of a resourceEach tag contains a key and a value. You canadd a maximum of 10 tags to a record set.This parameter is displayed when you enableOther Settings.For details about tag key and valuerequirements, see Table 4-4.

example_key1example_value1

Description

(Optional) Supplementary information aboutthe record setThis parameter is displayed when you enableOther Settings.

-







Table 4-4 Tag key and value requirements

Parameter Requirements Example Value

Key ● Cannot be left blank.● Must be unique for each resource.● Consists of at most 36 characters.● Cannot start or end with a space

or contain special characters =*<>\,|/

example_key1

Value ● Cannot be left blank.● Can contain a maximum of 43

characters.● Cannot start or end with a space

or contain special characters =*<>\,|/

example_value1

7. Click OK.

The record set you added is displayed in the list. Ensure that the status of therecord set is Normal.

4.3 How Is a Domain Name Resolved When a RecordSet Has Multiple Values?

You can set multiple values only when you add A or AAAA record sets.

If a record set has multiple values, all IP addresses are returned for each query in arandom sequence. The browser will consider the first IP address that is returned.

The resolution process is as follows:

1. A visitor sends a request to the local DNS server through a browser.2. The local DNS server forwards the request to the authoritative DNS server.3. After receiving the request, the authoritative DNS server returns all IP

addresses to the local DNS server in a random sequence.4. The local DNS server returns all IP addresses to the browser.5. The browser randomly accesses one of the IP addresses. Generally, the first

returned IP address is selected.

According to statistics, the probability for returning each IP address is technicallythe same.

For example, you have a website deployed on three servers, and the domain nameof your website is example.com. The IP addresses of the three servers are192.168.1.1, 192.168.1.2, and 192.168.1.3.

Configure an A record set for the domain name and set the record set value to thethree IP addresses.



Figure 4-4 Record set (multiple IP addresses)

Table 4-5 describes the resolution results returned when different visitors accessthe website.

Table 4-5 Example resolution results

Visitor Returned Result Resolution Result

Visitor A 192.168.1.1192.168.1.2192.168.1.3

192.168.1.1

Visitor B 192.168.1.2192.168.1.1192.168.1.3

192.168.1.2

Visitor C 192.168.1.3192.168.1.1192.168.1.2

192.168.1.3

4.4 Can I Modify a Zone?After a zone is created, you cannot change its name, but you can update its emailaddress and description.

4.5 Can I Resolve a Domain Name to Addresses ofServers in an On-premise Data Center or Servers ofAnother Cloud Service Provider?

Yes.

You can add record sets for a domain name to resolve it into any server addresseswithin HUAWEI CLOUD, on another cloud, or in an offline equipment room. Aslong as the record set values are correct, the domain name can be successfullyresolved.

For example, if you add an A record set, the record set value must be correct IPv4addresses.



4.6 How Do I Access the Same Website Using MultipleDomain Names?

To access a website using a domain name, you need to host the domain name inthe DNS service and configure an A record set to map the domain name to the IPaddress of the website.

To access the same website using other domain names, you need to configure anA record set with the same value for each domain name. Table 4-6 provides anexample.

For details about how to add an A record set, see Configuring Record Sets for aWebsite.

Table 4-6 Example record sets

Domain Record Set Type Value

example1.com A 192.168.1.1

example2.com

example3.com

4.7 Configuring Weighted Resolution

Scenarios

A large web application is usually deployed on multiple servers. To balance theworkloads of each server, you can use weights to control the proportion ofrequests to each server.

The DNS service allows you to set weights to record sets to poll the requests todifferent servers based on the specified weights.

When your site has multiple servers and each server has an independent IPaddress, consider weighted polling to distribute requests to different servers basedon a certain proportion.

For example, you have a website deployed on three servers, and the domain nameof your website is example.com. The IP addresses of the three servers are192.168.1.1, 192.168.1.2, and 192.168.1.3.

● If weights are not set, you can add an A record set and set its value to threeIP addresses.In this case, requests are randomly routed an IP address. For details, see HowIs a Domain Name Resolved When a Record Set Has Multiple Values?

● When weights are specified, you can configure three A record sets, with eachhaving an IP address as its value.





https://support.huaweicloud.com/en-us/dns_faq/dns_faq_023.html

https://support.huaweicloud.com/en-us/dns_faq/dns_faq_023.html

In this case, you can set different weights for the three record sets. In this way,requests are routed to each server according to the proportion of requeststhat each server can receive.

Weighted resolution can better distribute requests and balance server workloads.Perform the following steps to set the weights:

PreparationsIn the following table, there are three web servers, and three A record sets havebeen added, each mapping to an IP address. You can set different weights tocontrol the proportion of requests to each server.

Table 4-7 Data planning

Solution

Domain

Record SetType

Line Value Weight

Description

1 example.com

A Default

192.168.1.1

1 Requests are evenlydistributed to three servers(that is, the proportion ofrequests is 1:1:1).192.16

8.1.21

192.168.1.3

1

2 example.com

A Default

192.168.1.1

2 Requests are distributed tothree servers in a proportionof 2:3:1.For example, if there are sixrequests, two are routed tothe server whose IP addressis 192.168.1.1, three arerouted to the server whoseIP address is 192.168.1.2, andone is routed to the serverwhose IP address is192.168.1.3.

192.168.1.2

3

192.168.1.3

1

PrerequisitesThe domain name of the website has been hosted on the DNS service.

ProcedureThe following describes how to set three A record sets for domain nameexample.com, and the weight ratio of the three record sets is 1:1:1.

1. Log in to the management console.2. In the Network category, click Domain Name Service.

The DNS console is displayed.



3. In the navigation pane, choose DNS Resolution > Public Zones.The Public Zones page is displayed.

4. In the zone list on the Public Zones page, click the name of the public zoneexample.com.The Record Sets page is displayed.

5. Click Add Record Set.

Figure 4-5 Setting weights

6. In the displayed dialog box, enter the following information for the A recordset:– Name: Leave this parameter blank. The system automatically considers

example.com as the name, and requests are routed to example.com.– Type: Set it to A – Map domains to IPv4 addresses.– Line Type: Select Default.– Value: Set it to 192.168.1.1, the IP address of the first server.– Weight: Set it to 1.

7. Click OK.8. Repeat 5 to 7 to add the second and third record sets.

Set the record set value to 192.168.1.2 and 192.168.1.3, respectively.Requests will be evenly distributed to the three servers.



5 Private Zones

5.1 How Do I Switch to a Private DNS Server?Private DNS servers are configured for VPC subnets by default. ECSs in the subnetscan use private DNS servers to access internal addresses of other cloud services,such as OBS and SMN, without going through the Internet, and to request domainnames on the Internet.

For VPCs created earlier, a public DNS server (114.114.114.114) is configured. Toallow ECSs in these VPCs to access private domain names, you need to change thepublic DNS server to a private DNS server for the VPCs' subnets. For detailedaddresses of private DNS servers, see What Are the Private DNS ServerAddresses Provided by the DNS Service?

To switch the DNS server of an ECS to a private DNS server, you need to check theDNS server addresses of the ECS, change the DNS servers for the VPC subnetwhere the ECS resides, and update the DNS server addresses of ECS.

Checking the DNS Server Addresses of an ECS1. Log in to the management console.2. In the Computing category, click Elastic Cloud Server.

The Elastic Cloud Server page is displayed.3. In the ECS list, click the ECS name.4. On the ECS details page, click the VPC name.

The Virtual Private Cloud page is displayed.5. Locate the target VPC and click the number in the Subnets column.

The Subnets page is displayed.6. Click the name of the target subnet.

In the Gateway and DNS Information area, view the DNS server addressesused by the ECS.

Domain Name ServiceFAQs 5 Private Zones


Changing the DNS Server Addresses for a VPC SubnetIf the subnet of the ECS is not using a private DNS server address, you need to doas follows:

1. In the Gateway and DNS Information area, click next to DNS ServerAddress.

2. Change the DNS server addresses of the subnet to private DNS serveraddresses.For example, in the CN North-Beijing1 region, you need to change the DNSserver addresses of a VPC subnet to 100.125.1.250 and 100.125.21.250.

Updating the DNS Server Addresses for the ECSAfter you change the DNS server addresses of the subnet, the DNS serveraddresses of the ECS are not updated immediately.

You can use either of the following methods to update the DNS server address:● Restart the OS. The ECS will then obtain the new DNS server addresses from

the DHCP server.

NO TICE

Restarting the OS will interrupt services on the ECS. Therefore, perform thisoperation during off-peak hours.

Alternatively, wait for the DHCP lease time to end, which lasts for 24 hours bydefault. The ECS will then update the IP address and DNS server addresseswith the DHCP server.

● Manually change DNS configurations of the ECS.If the DHCP function is disabled on the ECS, you need to manually updateDNS configurations.For example, in a Linux OS, change DNS configurations in the /etc/resolv.conf file.

5.2 How Can I Access an ECS Using Its Host Name?The DNS service allows you to create private zones for any top-level domainnames in VPCs except .com.

When you buy an ECS, you set a name for it, for example, ecs01. Then, you cancreate a private zone named ecs01 and add an A record to map domain nameecs01 to the private IP address of the ECS so that the ECS can be accessed usingits host name.

Procedure1. Log in to the management console.2. In the Network category, click Domain Name Service.



The DNS console is displayed.3. In the navigation pane, choose DNS Resolution > Private Zones.

The Private Zones page is displayed.

4. Click in the upper left corner and select the desired region and project.

5. Click Create Private Zone. In the displayed dialog box, set the zone name toecs01.

6. Click OK.You can view information about the private zone you created on the PrivateZones page.

7. In the zone list on the Private Zones page, click the name of the private zonethat you have created.The Record Sets page is displayed.

8. Click Add Record Set.Add an A record set in the ecs01 zone.– Set Type to A – Map domains to IPv4 addresses.– Leave the Name parameter blank.– Set Value to the private IP address of the ECS, for example, 192.168.1.10.

9. Click OK.After the record set is created, you can use domain name ecs01 to access theECS whose private IP address is 192.168.1.10 from the associated VPC.

5.3 How Can I Configure a PTR Record for the PrivateIP Address of an ECS?

PTR records enable visitors to query domain names based on IP addresses.

If you want to set PTR records for an ECS, you need to create a private zone andcreate PTR records in the zone.

For details about how to set PTR records for an EIP, see Creating a PTR Record.

NO TE

The domain name in a PTR record is specified in the x.x.x.x.in-addr.arpa format. in-addr.arpa is the domain name suffix for reverse resolution.

For example, if the private IP address is 192.168.1.10, the domain name in the PTR record is10.1.168.192.in-addr.arpa.

In this case, you need to create a private zone 192.in-addr.arpa and add a PTR record10.1.168.192.in-addr.arpa.

Creating a Private Zone1. Log in to the management console.2. In the Network category, click Domain Name Service.

The DNS console is displayed.3. In the navigation pane, choose DNS Resolution > Private Zones.




The Private Zones page is displayed.

4. Click in the upper left corner and select the desired region and project.5. Click Create Private Zone.

Figure 5-1 Creating a private zone

6. Set the parameters based on Table 5-1.

Table 5-1 Parameters for creating a private zone

Parameter Description Example Value

Name Domain nameSet the domain name suffix to in-addr.arpa.

192.in-addr.arpa

VPC VPC to be associated with the privatezoneSelect the VPC you want to associatewith the private zone.

N/A




Email (Optional) Email address of theadministrator managing the privatezoneIt is recommended that you set theemail address toHOSTMASTER@Domain name.For more information about the emailaddress format, see Why Is the EmailAddress Format Changed in the SOARecord?

[email protected]

EnterpriseProject

Enterprise project associated with theprivate zoneYou can manage private zones byenterprise project.NOTE

This parameter is available and mandatoryonly when Account Type is set toEnterprise Account.

When setting this parameter, note thefollowing:● If you do not manage zones by

enterprise project, select the defaultenterprise project.

● If you manage zones by enterpriseproject, select an existing enterpriseproject.Before setting this parameter, youneed to create an enterpriseproject.For more information, seeEnterprise Management UserGuide.

default

Tag (Optional) Identifier of a resourceEach tag contains a key and a value.You can add a maximum of 10 tags toa zone.For details about tag key and valuerequirements, see Table 5-2.


Description (Optional)Supplementary information about thezoneYou can enter a maximum of 255characters.

This is a privatezone.



https://support.huaweicloud.com/en-us/usermanual-em/en-us_topic_0108763964.html

https://support.huaweicloud.com/en-us/usermanual-em/en-us_topic_0108763964.html

https://support.huaweicloud.com/en-us/usermanual-em/em_am_0006.html

https://support.huaweicloud.com/en-us/usermanual-em/em_am_0006.html

Table 5-2 Tag key and value requirements

Item Requirements Example Value

Key ● Cannot be left blank.● Must be unique for each resource.● Can contain a maximum of 36

characters.● Cannot start or end with a space or

contain special characters =*<>\,|/

example_key1

Value ● Cannot be left blank.● Can contain a maximum of 43

characters.● Cannot start or end with a space or

contain special characters =*<>\,|/

example_value1

7. Click OK.8. Switch back to the Private Zones page.

You can view the created private zone in the zone list on the Private Zonespage.

NO TE

Click the zone name to view detailed zone information. You can view SOA and NSrecord sets created by the system.● The SOA record set defines the DNS server that is the authoritative information

source for a particular domain name.● The NS record set defines authoritative DNS servers for a zone.

Adding a PTR Record1. In the zone list on the Private Zones page, click the name of the private zone

that you have created.The Record Sets page is displayed.

2. Click Add Record Set.The Add Record Set dialog box is displayed.



Figure 5-2 Adding an A record set

3. Set the parameters based on Table 5-3.

Table 5-3 Parameters for adding a PTR record


Name IP address in the PTR record (typedin reverse order)

10.1.168For example, if the IPaddress is192.168.1.10, thedomain name in thePTR record is10.1.168.192.in-addr.arpa.● If the private zone

name is 192.in-addr.arpa, enter10.1.168 in the box.

● If the private zonename is1.168.192.in-addr.arpa, enter 10in the box.

Type Type of the record set PTR – Map IP addressesto domains




TTL (s) Cache duration of the record set, inseconds

The default value is300, which is, 5minutes.

Value Domain name mapped to the IPaddressYou can enter only one name.

mail.example.com

Tag (Optional) Identifier of a resourceEach tag contains a key and avalue. You can add a maximum of10 tags to a record set. Thisparameter is displayed when youenable Other Settings.For details about tag key and valuerequirements, see Table 5-2.


Description (Optional) Supplementaryinformation about the PTR recordsetThis parameter is displayed whenyou enable Other Settings.

The PTR record is forreverse resolution.

4. Click OK.5. Switch back to the Record Sets page.

The added record set is displayed in the list. Ensure that the status of therecord set is Normal.

5.4 How Do I Configure the Same Public and PrivateDomain Name for My Website?

You can configure the same public and private domain name for your website sothat both intranet and Internet users can access the website with the same name.

The private DNS server resolves private domain names in VPCs and forwardsrequests of public domain names to a public DNS server. For example, you accessa website from an ECS on HUAWEI CLOUD.

1. If the ECS requests a private domain name or a domain name of a service onHUAWEI CLOUD, the private DNS server directly returns the resolution result.

2. If the ECS requests a public domain name, the private DNS server forwardsthe request to a public DNS server, (for example, 114.114.114.114) andreturns the resolution result to the ECS.

However, if the public domain name registered for the website is the same as theprivate domain name, the private DNS server resolves it as a private domainname. If the resolution fails, the private DNS server returns a message indicatingthat no record set is found and does not forward the request to the public DNSserver.



To resolve this issue, you need to create a private zone using a subdomain of thepublic domain name and add record sets for the subdomain.

If the public domain name is example.com, you create a private zone123.example.com and configure record sets for it. In this way, requests to123.example.com and all its subdomains (*.123.example.com) are processed by theprivate DNS server, and requests to example.com and other subdomains areforwarded to the public DNS server.

NO TE

● If you want to host your domain name in the DNS service, configure a public zone byreferring to Configuring a Public Zone.

● If you select another DNS service provider, see the help document of the provider.● For details about how to configure a private zone for subdomain 123.example.com on

the DNS console, see Configuring a Private Zone.

5.5 Can Private Domain Names Be Used AcrossRegions?

Private zones are region-level resources. They are created in specified regions andprojects. A private zone can be associated with one or more VPCs in the sameregion.

If a private zone is associated with multiple VPCs, the private domain name takeseffect in the VPCs but cannot be used across them. A private domain name canonly be used across two VPCs connected by a peering connection.

For example, create a private zone example.com, associate it with VPC A and VPCB, and add the following record sets.

Table 5-4 Private zone record sets

Name Type Value

ecs1.example.com A 192.168.1.3

ecs3.example.com A 192.168.2.3

Figure 5-3 shows how the private domain name is resolved.





Figure 5-3 Process for resolving a private domain name

All ECSs in VPC A and VPC B can access the domain name example.com.

If ECS 2 in VPC A accesses ecs3.example.com, the private DNS server returns192.168.2.3, the IP address of ECS 3 in VPC B. However, no VPC peering connectionis established between VPC A and VPC B. Therefore, ECS 2 cannot access ECS 3 inVPC B using this IP address.

5.6 Do I Need to Register Private Domain Names?Private domain names take effect only in associated VPCs. Therefore, you do notneed to register them or apply for an ICP license for them.

You can customize any private domain names (except .com) as long as theycomply with domain name specifications. All private domain names are free ofcharge.

5.7 Will a VPC Be Automatically Disassociated from aPublic Zone If I Delete the VPC?

No.

If you delete a VPC that is associated with a private zone, you need to manuallydisassociate it from the private zone.

5.8 Are Private DNS Server Addresses the Same for AllUsers?

Private DNS server addresses are the same for all users in the same AZ, andprivate domain names of each user are logically isolated.



5.9 What Are the Restrictions on Concurrent PrivateDNS Requests?

To ensure the lookup efficiency of private domain names, the private DNS serverswill limit traffic issued from a single source IP address to 2000 QPS. If a serverinitiates DNS query requests with an overwhelmingly high frequency that exceedsnormal service demands, and the QPS reaches 2000, extra requests will not beprocessed.

If your services generate enormous concurrent requests, we recommend that youenable DNS caching to improve lookup efficiency.



6 Domain Transfer

6.1 Can I Transfer a Hosted Domain Name fromAccount A to Account B?

No. The DNS service does not support domain name transfer from one account toanother.

A hosted domain name is one resolved using the DNS service. You have created apublic zone and added record sets to the public zone.

Domain names registered with HUAWEI CLOUD can be transferred betweenaccounts. This is irrelevant to domain resolution and is to transfer the domainname ownership.

NO TE

If you want to move a hosted domain name to another account, you need to delete thepublic zone created under the current account, create a public zone under the newaccount, and add record sets to the public zone. This operation will interrupt the resolution.Therefore, exercise caution when performing this operation.

6.2 Will Domain Name Resolution Be Affected AfterDomain Names Are Transferred or Migrated?

Domain name transfer refers to the transfer of domain name ownership or themigration of a domain name and all its records. This FAQ provides some scenariosto describe whether resolution will be affected if a domain name is transfer ormigrated.

Transferring Domain Name OwnershipTransferring the ownership of a domain name will not affect its resolution.

Domain name ownership transfer refers to the change of the user type and ownerof a domain name, which does not change the DNS server addresses or records ofthe domain name. Therefore, the domain name resolution will not be affected.

Domain Name ServiceFAQs 6 Domain Transfer







Transferring a Domain Name Across Accounts

Transferring a domain name from one account to another will not affect thedomain name resolution.

Cross-account domain name transfer indicates that the management permissionsof a domain name are transferred from one HUAWEI CLOUD account to anotherHUAWEI CLOUD account without changing the DNS server settings and records ofthe domain name. Therefore, the domain name resolution will not be affected.

Transferring a Domain Name to or out of HUAWEI CLOUD

A domain name can be transferred to or out of HUAWEI CLOUD.

This operation does not change the DNS server settings or records of the domainname. Therefore, the domain name resolution will not be affected.

NO TE

● Some domain name registrars do not provide independent DNS services, for example,GoDaddy. If a domain name is transferred to HUAWEI CLOUD from GoDaddy, alldomain name resolution data is deleted. Therefore, its records will become invalid, andthe domain name cannot be resolved.

● During domain name transfer, you cannot change the DNS server addresses of thedomain name.

To ensure that resolution of a domain name is not affected when it is transferred toHUAWEI CLOUD, you are advised to migrate the records to HUAWEI CLOUD beforetransferring the domain name. For details, see Migrating a Domain Name.

Migrating a Domain Name

You can migrate all records of a domain name to HUAWEI CLOUD and change theDNS server addresses of the domain name to the DNS server addresses providedby HUAWEI CLOUD.

During the migration, the time when new DNS server addresses will take effect isaffected by the TTL value of the domain name and the cache duration of the localDNS server. Sometimes, it may need 48 hours for the new DNS server addresses totake effect. Therefore, domain name resolution may be interrupted during themigration.

To smoothly migrate a domain name to HUAWEI CLOUD without interrupting theresolution, perform the following steps:

1. Export all records of the domain name from the original DNS service provider.

2. Create a zone for the domain name and add all record sets on the HUAWEICLOUD DNS console.

3. Test whether the record sets take effect.

4. Change the DNS server addresses of the domain name to the HUAWEICLOUD DNS server addresses.

For details, see Migrating a Domain Name.





6.3 How Do I Migrate My Domain from Another DNSService Provider to HUAWEI CLOUD DNS?

You can migrate a domain name to HUAWEI CLOUD DNS from another DNSservice provider.

Procedure1. Create a public zone.

Before you migrate your domain, you need to create a public zone in the DNSservice to host domain name records.For details, see Configuring a Public Zone.

NO TE

After you create a public zone, the system automatically creates the NS and SOArecord sets, which are used to query information about the authoritative DNS servers.

2. Add record sets.

NO TE

Migrate record sets of the domain name to the DNS service. You can export themfrom your current DNS service provider and import them to the DNS service.

For details, see Managing Record Sets.3. Run the following command to check whether a DNS record has taken effect:

– For Window OSnslookup [-qt= Type] Domain name Authoritative DNS server

– For Linux OSdig Type Domain name @Authoritative DNS server

4. Change the DNS server address of the domain name service provider. Fordetails, see the operation guide on the official website of the domain nameservice provider.

5. Wait for the change to take effect.Usually, the DNS server change can be quickly updated to the top-level DNSservers and take effect on the Internet. However, some DNS service providersusually set the TTL value of the NS record to 48 hours. In this case, if the NSrecord is cached, the change will take effect in 48 hours.You can check the accurate time on the DNS service provider's website. Donot delete the original record sets until the change takes effect. In this case,even if the change does not take effect, your services will not be interrupted.





7 Mailbox Resolution

7.1 What Are Common Record Sets for DomainResolution of a Mailbox?

The DNS service provides domain name resolution for email servers. For details,see Configuring Record Sets for Email Servers.

The following types of record sets allow you to specify the mail servers responsiblefor accepting email messages:

● MX: sets the IP addresses for email servers.● TXT: sets the anti-spam policy for mailboxes.● CNAME: used to log in to web mailboxes through mail and access email

servers using different mail transfer protocols.

NO TE

● The email service provider determines whether to allow users to log in to themailbox through Webmail.

● Mail transfer protocols include SMTP, IMAP, POP, and POP3. Mail transfer protocolssupported by an email server are determined by its settings.

In this FAQ, we provide procedures for configuring record sets for some commonmailboxes.

● Cloud Speedy Mail● Alibaba Cloud Enterprise Mailbox● Free NetEase Mailbox● NetEase enterprise mailbox● Tencent Enterprise Mailbox

Before the configuration, you must ensure that:

1. You have registered a domain name example.com.2. You have created a public zone example.com on the DNS console.

Next, you can add record sets by referring to Configuring Record Sets for EmailServers.

Domain Name ServiceFAQs 7 Mailbox Resolution






Cloud Speedy Mail

If you have a Cloud Speedy Mail, configure record sets by referring to Table 7-1.

Table 7-1 Example record sets for a Cloud Speedy Mail

Type Name Value Description

MX Leavethisparameterblank.

10mx1.saas.huaweicloud.com20mx2.saas.huaweicloud.com

The following are email serveraddresses:● mx1.saas.huaweicloud.com● mx2.saas.huaweicloud.comThe addresses are provided by theemail service provider.mx1.saas.huaweicloud.com has ahigher priority in receiving emails.

TXT Leavethisparameterblank.

"v=spf1include:spf.saas.huaweicloud.com ~all"

SPF records are used to prevent spams.The record values are described asfollows:● spf1 indicates the SPF version.● Emails sent from the address

specified byspf.saas.huaweicloud.com are notspams.

CNAME

mail mail.saas.huaweicloud.com

The domain name mail.example.com isused to log in to the web mailbox(mail.saas.huaweicloud.com).

CNAME

smtp smtp.saas.huaweicloud.com

The domain name smtp.example.comserves as the address for accessing theemail server(smtp.saas.huaweicloud.com) overSMTP.

CNAME

imap imap.saas.huaweicloud.com

The domain name imap.example.comserves as the address for accessing theemail server(imap.saas.huaweicloud.com) overIMAP.

CNAME

pop pop.saas.huaweicloud.com

The domain name pop.example.comserves as the address for accessing theemail server(pop.saas.huaweicloud.com) over POP.

CNAME

pop3 pop3.saas.huaweicloud.com

The domain name pop3.example.comserves as the address for accessing theemail server(pop3.saas.huaweicloud.com) overPOP3.



Alibaba Cloud Enterprise MailboxIf you have an Alibaba Cloud enterprise mailbox, configure record sets by referringto Table 7-2.

Table 7-2 Example record sets for an Alibaba Cloud enterprise mailbox



5 mx1.qiye.aliyun.com10 mx2.qiye.aliyun.com15 mx3.qiye.aliyun.com

Email server addresses are asfollows:● mx1.qiye.aliyun.com● mx2.qiye.aliyun.com● mx3.qiye.aliyun.comThe addresses are provided bythe email service provider. Whenthe email servers receive emails,mx1.qiye.aliyun.com enjoys thehighest priority, followed bymx2.qiye.aliyun.com, andmx3.qiye.aliyun.com is the lastone to receive emails.


"v=spf1include:spf.qiye.aliyun.com-all"

SPF records are used to preventspams. The record values aredescribed as follows:● spf1 indicates the SPF

version.● Emails sent from the address

specified byspf.qiye.aliyun.com are notspams.

CNAME

mail qiye.aliyun.com The domain namemail.example.com is used to login to the web mailbox(qiye.aliyun.com).

CNAME

smtp smtp.qiye.aliyun.com The domain namesmtp.example.com serves as theaddress for accessing the emailserver (smtp.qiye.aliyun.com)over SMTP.

CNAME

imap imap.qiye.aliyun.com The domain nameimap.example.com serves as theaddress for accessing the emailserver (imap.qiye.aliyun.com)over IMAP.




CNAME

pop3 pop3.qiye.aliyun.com The domain namepop3.example.com serves as theaddress for accessing the emailserver (pop3.qiye.aliyun.com)over POP3.

Free NetEase MailboxIf you have a free NetEase mailbox, you can configure record sets by referring toTable 7-3.

Table 7-3 Example record sets for a free NetEase mailbox



10 mx.ym.163.com The email server address is10mx.ym.163.com.The addresses are provided bythe email service provider.


"v=spf1 include:spf.163.com ~all"



specified by spf.163.com arenot spams.

CNAME

mail ym.163.com The domain namemail.example.com is used to login to the web mailbox (ym.163.com).

CNAME

smtp smtp.ym.163.com The domain namesmtp.example.com serves as theaddress for accessing the emailserver (smtp.ym.163.com) overSMTP.

CNAME

imap imap.ym.163.com The domain nameimap.example.com serves as theaddress for accessing the emailserver (imap.ym.163.com) overIMAP.




CNAME

pop3 pop3.ym.163.com The domain namepop3.example.com serves as theaddress for accessing the emailserver (pop3.ym.163.com) overPOP3.

NetEase enterprise mailboxIf you have a paid NetEase mailbox, you can configure record sets by referring toTable 7-4.

Table 7-4 Example record sets for a paid NetEase mailbox



5qiye163mx01.mxmail.netease.com10qiye163mx02.mxmail.netease.com

Email server addresses are asfollows:● 5

qiye163mx01.mxmail.netease.com

● 10qiye163mx02.mxmail.netease.com

The addresses are provided bythe email service provider.qiye163mx01.mxmail.netease.com has a higher priority inreceiving emails.

TXT _dmarc

"v=DMARC1; p=none;fo=1;ruf=mailto:[email protected];rua=mailto:[email protected] "

DMARC records are used toprevent spams. The recordvalues are described as follows:● DMARC1 is the DMARC

version.● Notify the recipient of

ignoring the emails when thesender is deleted forged.

● When detecting a forgedemail, the recipient sends thedetection result [email protected].

● The DMARC comprehensivedetection report is sent [email protected].




CNAME

mail ym.163.com The domain namemail.example.com is used to login to the web mailbox (ym.163.com).

CNAME

smtp smtp.ym.163.com The domain namesmtp.example.com serves as theaddress for accessing the emailserver (smtp.ym.163.com) overSMTP.

CNAME

imap imap.ym.163.com The domain nameimap.example.com serves as theaddress for accessing the emailserver (imap.ym.163.com) overIMAP.

CNAME

pop pop.ym.163.com The domain namepop.example.com serves as theaddress for accessing the emailserver (pop.ym.163.com) overPOP.

Tencent Enterprise MailboxIf you have a Tencent enterprise mailbox, configure record sets by referring toTable 7-5.

Table 7-5 Example record sets for a Tencent enterprise mailbox



5 mxbiz1.qq.com10 mxbiz2.qq.com

Email server addresses are asfollows:● 5 mxbiz1.qq.com● 10 mxbiz2.qq.comThe addresses are provided bythe email service provider.mxbiz1.qq.com has a higherpriority in receiving emails.





"v=spf1include:spf.mail.qq.com~all"



specified by spf.mail.qq.comare not spams.

CNAME

mail exmail.qq.com The domain namemail.example.com is used to login to the web mailbox(exmail.qq.com).

CNAME

smtp smtp.exmail.qq.com The domain namesmtp.example.com serves as theaddress for accessing the emailserver (smtp.exmail.qq.com)over SMTP.

CNAME

imap imap.exmail.qq.com The domain nameimap.example.com serves as theaddress for accessing the emailserver (imap.exmail.qq.com)over IMAP.

CNAME

pop3 pop.exmail.qq.com The domain namepop.example.com serves as theaddress for accessing the emailserver (pop.exmail.qq.com) overPOP.

NO TE

Users outside China can use the following email server addresses:● Email receiving server: hwpop.exmail.qq.com● Email receiving server: hwpop.exmail.qq.com● Email sending server: hwsmtp.exmail.qq.com



Documents

FAQs - HuaweiDomain Name Service FAQs Issue 13 Date 2020-02-21 HUAWEI TECHNOLOGIES CO., LTD