Managed DNS for China

IBM® NS1 Connect® offers the only managed DNS network designed for application delivery to audiences in mainland China with full support for the advanced traffic steering configurations and other platform features.

The solution improves DNS response times and application performance for users and clients primarily in mainland China. The network also improves reliability by removing the need for DNS queries originating in China to traverse the Great Firewall of China, which can slow down or block DNS queries.

When implementation is complete, the new network appears in the options when creating or editing a zone. You can publish one zone to multiple DNS networks without duplicating resources or maintaining multiple sets of identical DNS data and traffic steering configurations.

Overview

There are two primary use cases for the NS1 Connect Managed DNS for China solution:

  • Scenario 1: You have a domain intended for the mainland China market only, that is, a domain that only or primarily receives DNS queries from within mainland China. In this case, you would use the default Managed DNS for China nameservers for your domain delegation.
  • Scenario 2: You have a domain intended for both mainland China and other regions worldwide, that is, a domain that receives DNS queries from both within and outside mainland China. In this case, you would use nameserver acceleration for China nameservers.
Note: Work with IBM support throughout the implementation process. The implementation steps may vary depending on your specific use case.

Like a Dedicated DNS network deployment, NS1 Connect's China-based DNS nameservers form an independent DNS network and do not participate in the global anycast Managed DNS network. To comply with regulatory restrictions, nameservers from all DNS providers deployed in mainland China are unicast. To mitigate the negative impact on DNS performance, most DNS resolvers in mainland China support smoothed round trip time (SRTT), which prioritizes the nameserver with the lowest latency measurements for most routing decisions but still routes some requests to alternative nameservers. This results in sub-50ms response times to DNS queries originating in the region. Additionally, by publishing zones to both the anycast Managed DNS network (network 0) and the Managed DNS for China network (network 5), you establish resiliency to ensure your domains are accessible in the event of an outage in mainland China.

The Managed DNS for China includes four points of presence (PoPs) located in Shanghai, Beijing, Qingdao, and Shenzhen, with connectivity to top-tier providers such as China Telecom, China Unicom, and China Mobile.

Nameserver acceleration

Global companies serving the China market are often forced to deploy a domain specifically for the market—typically a .cn domain for China and a .com or .net for the rest of the world. NS1 Connect’s exclusive Nameserver Acceleration for China solution obviates the need for global enterprises to deploy a separate domain for their China-based users.

Nameserver Acceleration is a technology that allows end-users to leverage multiple independent DNS networks simultaneously, intelligently routing users to the most performant network based on their location and ISP. By leveraging NS1 Connect’s Managed DNS for China, DNS queries from users in the region are served by NS1 Connect’s mainland China network while users outside of the Great Firewall will reach our Managed global network dynamically, all on the same global domain (.com, for example). This means the performance of any domain can be significantly accelerated for users in China without impacting performance negatively for users outside the region.

To configure a domain to use nameserver acceleration for China, the zone must be enabled on both NS1 Connect's Managed DNS network and the Managed DNS for China. This can be configured within NS1 Connect on the Zone settings page within the relevant zone. The registrar for the domain will then need to be updated to reflect a new set of nameservers. Your customer success representative will supply these nameservers when your account has enabled nameserver acceleration.

Step 1 - Add the NS1 Connect Managed DNS for China network to your NS1 Connect account

The Managed DNS for China network is available for an additional cost. To learn more or enable the solution on your NS1 Connect plan, refer to the IBM NS1 Connect product page.

Step 2 - Publish your zone(s) to the Managed DNS for China network

To publish a zone to the Managed DNS for China network, select the checkbox next to the network listed during zone creation or by editing the zone.

Attention: Do not deselect the shared Managed DNS network (0) option. We strongly recommend that you always publish your zones to the shared Managed DNS network (network 0) when publishing to the Managed DNS for China network. Publishing your zones only to the Managed DNS for China network might cause some queries to fail and increase the risk of failure in the event of an outage. Also, zone transfers are only supported if the zone is published to both networks.
Attention: Ignore the nameservers listed under the Nameservers tab as these might not be the final nameservers to which you should delegate the domain.

Step 3 - Update the nameserver (NS) record for each zone

The specific nameservers to which you must delegate the domain varies based on your specific use case.

  • Refer to Option A to use the default Managed DNS for China nameservers for resolving queries originating in mainland China.
  • Refer to Option B to leverage nameserver acceleration where one set of nameservers is used to resolve global queries, including mainland China.

Scenario A: Configure Managed DNS for China for mainland China queries only.

  1. Within the zone, navigate to the NS record and click the record name to view and edit record details.
  2. Remove only the following four answers representing Managed DNS nameservers (dns[1-4].nsone.p##.net):
    • dns1.nsone.p##.net
    • dns2.nsone.p##.net
    • dns3.nsone.p##.net
    • dns4.nsone.p##.net
    Attention: Do not delete the Managed DNS for China nameservers (dns[1-5].c01.nsone.net.cn).
  3. At the registrar, update the delegation for this domain to add the five Managed DNS for China nameservers:
    • dns1.c01.nsone.net.cn
    • dns2.c01.nsone.net.cn
    • dns3.c01.nsone.net.cn
    • dns4.c01.nsone.net.cn
    • dns5.c01.nsone.net.cn

Scenario B: Configure nameserver acceleration to resolve global queries, including those from mainland China.

  1. Within the zone, locate the NS record and click the record name to drill into record details.
  2. Remove all nine of the following answers representing auto-assigned nameservers for Managed DNS and Managed DNS for China networks:
    • dns1.nsone.p0X.net
    • dns2.nsone.p0X.net
    • dns3.nsone.p0X.net
    • dns4.nsone.p0X.net
    • dns1.c01.nsone.net.cn
    • dns2.c01.nsone.net.cn
    • dns3.c01.nsone.net.cn
    • dns4.c01.nsone.net.cn
    • dns5.c01.nsone.net.cn
  3. Next, add an answer for each of the nameserver acceleration endpoints as shown below. The specific nameserver set you add depends on whether your domain is a t, .org, or something else.

    For domains ending in .net or .com, add each of the following hostnames representing the relevant nameservers for nameserver acceleration:

    • dns1.g01.ns1global.org
    • dns2.g01.ns1global.org
    • dns3.g01.ns1global.org
    • dns4.g01.ns1global.org

    For all other domains, add each of the following hostnames:

    • dns1.g01.ns1global.com
    • dns2.g01.ns1global.com
    • dns3.g01.ns1global.com
    • dns4.g01.ns1global.com
    Note: When complete, there should be four nameservers listed within the NS record.
  4. At the registrar, update the domain delegation to use the four nameservers you just added to the NS record.
Note: In the past, the platform also provided dns[1-4].g01.ns1global.net as nameservers for nameserver acceleration. While, this is still supported, it is preferable to use the .org or .com delegation shown previously.