How to Use Alibaba Cloud DNS’s Private Zone and GTM Features

By Victor Mak, Solutions Architect

In this article, we’ll show you how to use Alibaba Cloud DNS’s Private Zone to quickly build a DNS in one or more specified VPCs and resolve private domain names to IP addresses. We’ll also use Global Traffic Manager (GTM) to route users’ access traffic of an application service to different regional IP addresses.

After successfully building your website or mobile app, you may want to use DNS instead of IP Address for private access across VPCs. For public access, you may want to route the users’ access traffic to the nearest servers based on their geolocation IP addresses.

In this tutorial, we will be combining several Alibaba Cloud products, including Elastic Compute Service (ECS), Alibaba Cloud DNS and Global Traffic Manager (GTM).

The following will be a step-by-step explanation about how to configure the whole setup in under 30 minutes.

We have set up and internet accessible website, hosted on an Alibaba Cloud ECS server (Hong Kong Region): http://47.52.230.124

Image for post
Image for post

We’ll add an ECS Nginx proxy in Alibaba Cloud (Shenzhen Region) to proxy Mainland China visitors and route back the traffics to original ECS server by use private domain name.

The following figure illustrates the solution architecture:

Image for post
Image for post

Setting Up Alibaba Cloud DNS Private Zone

Navigate to Private Zone under Alibaba Cloud DNS console, Click Add Zone in right side and give a zone name. In this tutorial, we will use aliyun.local as the zone name.

Image for post
Image for post

We need to add at least one DNS entry before we can bind to VPC. Click the zone name then you can add DNS entry by click Add Record in the right side. In this tutorial, we will add an “A Record” and point to website public IP address.

Image for post
Image for post
Image for post
Image for post

We are now able to bind VPC correctly. In this tutorial, bind Shenzhen VPC to this private zone. The Bind VPC status will be changed to Bind afterward.

Image for post
Image for post
Image for post
Image for post

Setting ECS reversed proxy in Shenzhen Region

We’ll add one ECS in Shenzhen Region to proxy Mainland China visitor traffic. Linux ECS server with Nginx are recommended.

Image for post
Image for post

Login to the proxy server. We are able to communicate with ECS (HK region) using DNS now.

Image for post
Image for post

Modify proxy server Nginx configuration. Use Nginx upstream module to proxy all the Mainland China traffic to original server. For more details, see Nginx reverse proxy configuration.

upstream backend {
server original-website.aliyun.local;
}
location / {
proxy_pass http://backend;
}

After restarting the Nginx service, we should see original website through ECS (Shenzhen Region) public IP address http://120.79.239.228

Image for post
Image for post

Setting Up Alibaba Cloud DNS Private Zone

Navigate to Global Traffic Manager under Alibaba Cloud DNS console, Click Authorize Now to enable GTM feature.

Image for post
Image for post

Click Confirm Authorization Policy

Image for post
Image for post

We are now ready to Create Instance in Global Traffic Manager console. GTM instance is currently in public beta and is still available free of charge.

Image for post
Image for post
Image for post
Image for post

The system will give us a CNAME address after we purchase a GTM instance. The CNAME address will be used to configure DNS CNAME record later. Click Configure in right side

Image for post
Image for post

In Global Settings, we need to first configure Instance Name, Primary Domain and Alert Group. Click Edit in right side. We use website.alibabacloudhk.com as Primary Domain.

Image for post
Image for post

Next, we need to define two Address pools in Address Pool Configurations.

  1. oversea-dns: use HK ECS public IP address
Image for post
Image for post
  1. china-dns: use SZ ECS public IP address
Image for post
Image for post
  1. Go to Access policy, select Add Access Policy in right side and configure DNS routing based on access region.
  2. oversea-policy configuration:
  3. Default Address Pool use oversea-dns we created before.
  4. Select all oversea regions in access region list.
Image for post
Image for post
  1. china-policy configuration:
  2. Default Address Pool use china-dns we created before.
  3. Select all Mainland China regions in access region list.
  1. Add DNS record in Alibaba Cloud DNS Service

Navigate to Domains under Alibaba Cloud DNS console. click on the domain name and click Add Record in right side.

Image for post
Image for post

Add a CNAME record and bind website.alibabacloudhk.com to GTM instance CNAME address.

Image for post
Image for post

Verifying the Results from Oversea and Mainland China

We can find any machines located in Oversea and China. Ping the hostname and DNS will return different IP addresses.

  1. Machine in Hong Kong:
Image for post
Image for post
  1. Machine in China:
Image for post
Image for post

Now the website is able to route users to different web servers based on the visitor’s geolocation.

Reference:https://www.alibabacloud.com/blog/how-to-use-alibaba-cloud-dnss-private-zone-and-gtm-features_594430?spm=a2c41.12548506.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store