How to Use Alibaba Cloud DNS’s Private Zone and GTM Features

By Victor Mak, Solutions Architect

In this article, we’ll show you how to use Alibaba Cloud DNS’s Private Zone to quickly build a DNS in one or more specified VPCs and resolve private domain names to IP addresses. We’ll also use Global Traffic Manager (GTM) to route users’ access traffic of an application service to different regional IP addresses.

After successfully building your website or mobile app, you may want to use DNS instead of IP Address for private access across VPCs. For public access, you may want to route the users’ access traffic to the nearest servers based on their geolocation IP addresses.

In this tutorial, we will be combining several Alibaba Cloud products, including Elastic Compute Service (ECS), Alibaba Cloud DNS and Global Traffic Manager (GTM).

The following will be a step-by-step explanation about how to configure the whole setup in under 30 minutes.

We have set up and internet accessible website, hosted on an Alibaba Cloud ECS server (Hong Kong Region):

We’ll add an ECS Nginx proxy in Alibaba Cloud (Shenzhen Region) to proxy Mainland China visitors and route back the traffics to original ECS server by use private domain name.

The following figure illustrates the solution architecture:

Setting Up Alibaba Cloud DNS Private Zone

Navigate to Private Zone under Alibaba Cloud DNS console, Click Add Zone in right side and give a zone name. In this tutorial, we will use aliyun.local as the zone name.

We need to add at least one DNS entry before we can bind to VPC. Click the zone name then you can add DNS entry by click Add Record in the right side. In this tutorial, we will add an “A Record” and point to website public IP address.

We are now able to bind VPC correctly. In this tutorial, bind Shenzhen VPC to this private zone. The Bind VPC status will be changed to Bind afterward.

Setting ECS reversed proxy in Shenzhen Region

We’ll add one ECS in Shenzhen Region to proxy Mainland China visitor traffic. Linux ECS server with Nginx are recommended.

Login to the proxy server. We are able to communicate with ECS (HK region) using DNS now.

Modify proxy server Nginx configuration. Use Nginx upstream module to proxy all the Mainland China traffic to original server. For more details, see Nginx reverse proxy configuration.

upstream backend {
server original-website.aliyun.local;
location / {
proxy_pass http://backend;

After restarting the Nginx service, we should see original website through ECS (Shenzhen Region) public IP address

Setting Up Alibaba Cloud DNS Private Zone

Navigate to Global Traffic Manager under Alibaba Cloud DNS console, Click Authorize Now to enable GTM feature.

Click Confirm Authorization Policy

We are now ready to Create Instance in Global Traffic Manager console. GTM instance is currently in public beta and is still available free of charge.

The system will give us a CNAME address after we purchase a GTM instance. The CNAME address will be used to configure DNS CNAME record later. Click Configure in right side

In Global Settings, we need to first configure Instance Name, Primary Domain and Alert Group. Click Edit in right side. We use as Primary Domain.

Next, we need to define two Address pools in Address Pool Configurations.

  1. oversea-dns: use HK ECS public IP address
  1. china-dns: use SZ ECS public IP address
  1. Go to Access policy, select Add Access Policy in right side and configure DNS routing based on access region.
  2. oversea-policy configuration:
  3. Default Address Pool use oversea-dns we created before.
  4. Select all oversea regions in access region list.
  1. china-policy configuration:
  2. Default Address Pool use china-dns we created before.
  3. Select all Mainland China regions in access region list.
  1. Add DNS record in Alibaba Cloud DNS Service

Navigate to Domains under Alibaba Cloud DNS console. click on the domain name and click Add Record in right side.

Add a CNAME record and bind to GTM instance CNAME address.

Verifying the Results from Oversea and Mainland China

We can find any machines located in Oversea and China. Ping the hostname and DNS will return different IP addresses.

  1. Machine in Hong Kong:
  1. Machine in China:

Now the website is able to route users to different web servers based on the visitor’s geolocation.