Edge DNS

Edge DNS is a domain hosting service that is part of Azion’s traffic routing solution. By using it, your domains will be hosted on Azion distributed infrastructure using the same performance and security solutions built for other Azion products, combining techniques to optimize requests with protection against Distributed Denial of Service (DDoS) attacks.

Edge DNS works as an authoritative DNS solution that allows the customers to manage their domains, zones, and records through a friendly and intuitive interface. It’s designed for those that want high performance and high availability for their hosting and their domain.

ScopeSource
Edge DNSHow to look up DNS servers with the dig command
Edge DNSHow to diagnose performance and delivery issues with the traceroute command

As the name implies, it’s a domain name resolution system. It translates your site’s domain name into an Internet Protocol (IP) address so a connection can be established with the destination that will provide the requested content.

It’s the DNS that allows you to type in a domain name instead of a string of numbers. In other words, DNS translates the string of numbers (IP) of the domain you want to access into words that form the URL you know.

After configuring Edge DNS, you can test if your zone is processing your information.

go to test zone guide

Identifier for the newly created Record.

This description is the domain that you want to create. For example: manager in console.azion.com.

This is the type of record that is being added, such as types A, AAAA, MX, or CNAME, among other examples. You can create ANAME type entries, which allow you to host and use naked domains with other Azion products.

See the type options and descriptions below:

TypeDescription
A (IPv4 Address)Address Mapping record (A Record), also known as a DNS host record, stores a hostname and its corresponding IPv4 address.
AAAA (IPv6 Address)IP Version 6 Address record (AAAA Record) stores a hostname and its corresponding IPv6 address.
ANAME (Maps a name to another name)ALIAS record is a virtual record type created to provide CNAME, like behavior on apex domains.
CAA (Certification Authority Authorization)A CAA record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain or subdomain.
CNAME (Canonical name)Canonical Name record (CNAME Record) can be used to alias a hostname to another hostname. When a DNS client requests a record that contains a CNAME, which points to another hostname, the DNS resolution process is repeated with the new hostname.
MX (Mail exchange)Mail exchanger record (MX Record) specifies an SMTP email server for the domain, used to route outgoing emails to an email server.
NS (Name Servers)NS-records identify the DNS servers responsible (authoritative) for a zone. A zone should contain one NS-record for each of its own DNS servers (primary and secondaries).
PTR (Reverse DNS lookup)PTR records are used for the Reverse DNS (Domain Name System) lookup. Using the IP address, you can get the associated domain/hostname. An A record should exist for every PTR record. The usage of a reverse DNS setup for a mail server is a good solution.
SRV (Location of server or service)A Service record (SRV record) is a specification of data in the Domain Name System defining the location. For example: the hostname and port number, of servers for specified services. It’s defined in RFC 2782, and its type code is 33.
TXT (Text)A TXT record (short for text record) is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information.

This is the DNS response to the registered record, such as an IPv4 address for example.

This is the time a response can be cached for on a resolver server. Time-to-live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been on the network too long and should be discarded.

It allows you to specify which policy Edge DNS should consider while resolving requests answered by this record entry.

You can select either Simple Policy (to use the standard DNS functionality) or Weighted Policy (to specify the amount of traffic to send to each Record).

By choosing the Weighted Policy, there’ll be two more fields to be completed, which are:

  • Weight: you can choose a number between 0 and 255 to specify the weight for each record. When you choose 0, Edge DNS stops using this record.
  • Description: used to differentiate records with the same Name and Type.

Click the Save button to finish creating your record.

From this point on, this set of information will be synchronized with the Edge DNS service. Your settings are saved and distributed to the Azion network practically in real time.

Your domain is now set up and ready to be served by Azion Edge DNS. To make sure everything is working well, run some of the tests described in the section Testing my zone.

While you are adding or modifying a record on Edge DNS, you will find the “Policy“ field. This field is enabled just when you are configuring either A, AAAA, CNAME, ANAME or MX type records. This field lets you to choose between two policies to specify how Edge DNS should deal with requests answered by this record.

By selecting simple policy, Edge DNS uses the standard DNS records behavior, routing all the traffic to the specified addresses in the “Value” field.

By selecting weighted policy, Edge DNS allows you to create multiple records with the same Name and Type, enabling you to specify a Weight that defines how much traffic should be routed to each record. This configuration allows you to load balance your applications or even gradually test new configurations.

By selecting weighted policy, different fields options are displayed:

FieldDescription
Weight
*required
You need to specify a weight value between 0 and 255. Higher values increase the chances of a specific record to be used. Setting 0 disables the record.
Description
*optional
You may add a description up to 45 characters to distinguish between records with same Name and Type.
Example: Florida Load Balancer

Given a set of Weighted Records, with same Name and Type, the chances of a specific record to be chosen by Edge DNS is defined by the following formula:

Weight of the record / Sum of all Weights

Types of supported entries and the respective recommendations of Edge DNS

Section titled Types of supported entries and the respective recommendations of Edge DNS

To provide record creation, Edge DNS supports the following types of DNS entries.

TypeReference
ARFC1035
AAAARFC3596
ANAMEdraft-ietf-dnsop-aname-04
CAARFC8659
CNAMERFC1035
MXRFC1035 e RFC7505
NSRFC2782
PTRRFC1035
SRVRFC2782
TXTRFC1035 e RFC1464

Each type of entry needs to respect its rules:

TypeRestriction ruleExample
AIt must be in IPv4 format

Maximum of 10 IP addresses (one per line).

Only valid IPv4 addresses are accepted as a response.
Name of zone: azion.com

Name of record: @ (or blank)

Value(s) of response:

192.209.210.67

198.199.105.93
AAAAIt must be in IPv6 format

Maximum of 10 IP addresses (one per line).

Only valid IPv6 addresses are accepted as a response.
Name of zone: azion.com

Name of record: www

Value(s) of response:

2800:3f0:4001:815::2004
ANAMEIt must be in FQDN format

Only one domain for each ANAME type record.

Only the domains below from ‘azioncdn.net’, ‘azionedge.net’ e ‘azionedge.com’ are accepted.

It can coexist with records of the same name but of different types (MX, TXT etc.)
Name of zone: azion.com

Name of record: @

Value of response:

32082s.ha.azioncdn.net
CAAThe value of the response must follow the format [FLAG] [TAG] “[VALUE]”.
Example: 0 issue “ca.example.net”.

It won’t be possible to register a CAA type record when the zone already has a CNAME type record.

N.B. the tool SSLmate can help when creating and querying.
Flag:
If the flag has a value of 0 (zero), all flags will be switched off. If the flag has a value of 1, the 0 bit (Issuer Critical Flag) is on, i.e. A CA must not send certificates for any FQDN, if the relevant record for that FQDN contains a CAA.

Tag:
The tags must be in lower case and must follow the naming convention in the RFC. Example: issue, issuewild, iodef.

Issue: it indicates that the CA of the ACM specified in the value field can send a certificate to your domain or sub-domain.
Issuewild: it indicates that the CA of the ACM specified in the value field can send a wildcard certificate to your domain or sub-domain.

iodef: it indicates that should the CA receive an invalid request for a certificate, it should send a notification to the domain owner. Use url (http/https) or mailto. For example: “mailto
@domain.com”, “https://url” and “http://url”.

Value:
The value must always be between double quotes. For example: “ca.example.com”, and the content will depend on the tag you use.
Issue: url or a sequence. For example: “ca.example.net; account=123456” or “ca.example.com”
Issuewild: must use a domain with a wildcard. For example: “*.example.com”
iodef: a url callback or an email address. For example: “mailto
@domain”, “https://example.com/callback” and “http://example.com/callback”.
CNAMEIt must be in FQDN format

Only point it to another domain name, never an IP address.

It can’t be added at the level of the root domain.

Only one domain is allowed for each CNAME type record.

A defined host name in a CNAME record must not include records from other types of resources (MX, A, etc.)

CNAME records can point to other CNAME records, but this isn’t considered good practice, as it is inefficient.

If a CNAME record is pointing to a record in the same zone, Edge DNS will respond to all of them in just one query.
MXIt must be in the format [PRIORITY] [ADDRESS].

Maximum of 10 IP addresses (one per line).
Name of zone: azion.com

Name of record: mail

Value(s) of response:

10 mailserver.example.com

20 mailserver2.example.com
NSIt must be in FQDN format or an IP address.

Maximum of 10 addresses (one per line).

An NS can’t be configured by the main domain of the zone (naked domain).

It must point to the servers that have authority over that record.
Name of zone: azion.com

Name of records: ns

Value(s) of response:

ns1.aziondns.net

ns2.aziondns.net
PTRReverse zones lined to IPv6 addresses follow other rules.1- Create a new zone, add the following information for DOMAIN:
0.168.192.in-addr.arpa

2 - After creating the zone, you must create a type PTR record associated with it, with the following settings:

Name of record: 1

Value of response: www.exemplo.com
SRVThe record name must have the following format: ‘_service._protocol.name’. Example: “_ldap._tcp.azionsrv”.

The response values must be in the format [priority] [weight] [port] [target].

Maximum of 10 records (one per line).

It must point to the host name that has an A or AAAA record.

Note: You must pay special attention to this, because Edge DNS will not validate this automatically.
Name of zone: azion.com

Name of record: _ldap._tcp.azionsrv

Value(s) of response:

0 60 5060 bigbox.example.com
TXTLimited to 100 characters.

Text that is separated by ENTER is considered as different responses by Edge DNS
Name of zone: azion.com

Name of record: txt

Value(s) of response:

This domain name is reserved for use in documentation

“printer=lpr5”

“favorite drink=orange juice”

You can set up a domain, such as www.domain.com, to be used as a naked domain, that is, only domain.com. There are two ways to configure this:

  • Create an A-type entry pointing to your webserver. Then, it’ll be redirected to Azion. This option may impact your Google ranking.
  • Create an ANAME entry in your DNS and point it to Azion. If you’re using a DNS service outside Azion or a domain pointing to another platform, this option may not be supported.

A wildcard record is a record that responds to DNS requests by domains that you haven’t defined yet. You can create them for any type, inserting an asterisk (*) in the record name. For example, imagine that you have the following configuration for a zone whose domain is “example.com”:

NameTypeValue
wwwA192.168.0.1

192.168.0.2

192.168.0.3
*A1.1.1.1
*.wildcardA2.2.2.2

This means that:

  • If the query is made by www.example.com, the response will consist of 3 IP addresses: 192.168.0.1, 192.168.0.2, and 192.168.0. N.B. It isn’t a wildcard, but it’s given priority for the response because it correctly meets the record that is queried.
  • If the query is made by ghost.example.com, the response will be according to the wildcard it found. The response will be: 1.1.1.1.
  • If the query is made by another.wildcard.example.com, the response will be according to the wildcard it found this time. The response will be: 2.2.2.2.
  • If the query is made by wrong.record.example.com, the response will have no value, because there’s nothing that corresponds to this structure.

Only the left-most asterisk followed by a dot will be considered a wildcard. All other asterisks, if any, will be considered as valid characters.

It isn’t allowed to use wildcard characters in SRV type records because it requires a standard format in its name.

In order for Edge DNS to become the authority over your zones, you must point it at your DNS registry. For example: registro.br, GoDaddy, AWS.

To point to your DNS registration, use one of the nameservers listed in the Main Settings tab of your Azion registered zones.

Domain Name System Security Extensions (DNSSEC)

Section titled Domain Name System Security Extensions (DNSSEC)

The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It doesn’t provide privacy protections for those lookups but prevents attackers from manipulating or poisoning the responses to DNS requests.

go to DNSSEC compatibility reference

Massive redirect for domain migration

Section titled Massive redirect for domain migration

Edge Function Massive Redirect is Azion’s serverless solution for processing many simultaneous redirects. It can be used where there is a need to change a significant number of addresses, for example, in domain migrations.

To configure massive redirection for domain migration, access the Massive Redirect documentation.


Contributors