• Web Application Firewall

  1. Help Center
  2. Web Application Firewall
  3. User Guide
  4. FAQs
  5. Operation-related
  6. What Should I Do If the DNS Status Is Unconfigured?

What Should I Do If the DNS Status Is Unconfigured?

If DNS is Unconfigured, domain name resolution fails, that is, the domain name is not connected to WAF. In this case, perform the following steps to connect the domain name again:

  • If a proxy such as CDN or AAD is used, you need to configure the back-to-source IP address, subdomain name, and TXT record. Figure 1 displays the configurations.
    Figure 1 Connecting a domain name
    1. Configure the back-to-source IP address of the proxy on the website.

      For example, change the back-to-source IP address of CDN or AAD to the WAF IP address as shown in Figure 1.

    2. Configure Subdomain Name and TXT Record.

      Add a subdomain name and TXT record to the DNS records of your DNS provider.

  • If no proxy is used, the CNAME record must be configured. Figure 2 displays the configuration.
    Figure 2 Connecting a domain name (CNAME record)
    1. Go to your DNS provider and configure the CNAME record. For details, contact your DNS provider.

      The CNAME binding method of some common DNS providers is listed for your reference. If the following configuration is inconsistent with the actual configuration, rely on information provided by the DNS providers.

      1. Log in to the management console of the DNS provider.
      2. Go to the domain resolution record page.
      3. Set the CNAME resolution record.
        • Set the record type to CNAME.
        • Generally, enter the domain name prefix in the host record. For example, if the protected domain name is admin.demo.com, enter admin in the host record.
        • The record value is the CNAME generated by WAF.
        • Resolution line: keep the default value TTL.
      4. Click Save.

      The preceding resolution methods are provided by third parties. This document does not control or assume responsibility for any third party content, including but not limited to its accuracy, compatibility, reliability, availability, legitimacy, appropriateness, performance, non-infringement, or status update, unless otherwise specified in this document.

    2. Verify that the CNAME has been configured.
      1. In Windows, choose Start > Run. Then enter cmd and press Enter.
      2. Run the following command to query the CNAME. If the configured CNAME is displayed, the configuration is successful.

        nslookup www.domain.com