Estimated Reading time: 5 minutes | Last modified: 2026-01-19, 11:10:36 am

DNS workflow

OpenResty Edge can be used as authoritative DNS servers.

As show in the following diagram:

Without considering DNS caching, the client resolves example.com in two stages.

querying the root DNS server for the authoritative server address of example.com.
querying the authoritative server of example.com for the address of example.com.

If you wish to use the OpenResty Edge gateway nodes as the authoritative servers, you need to resolve the authoritative server to the gateway node.

Enable DNS

Configure the firewall to allow port 53. Please refer to your cloud provider’s documentation for specific configuration methods.
Ensure that UDP port 53 and TCP port 53 are not occupied by other programs on the OpenResty Edge Node.
```
sudo netstat -tupln | grep ":53"
```
In some cases, port 53 may be used by systemd-resolved. If so, stop this service and modify the configuration.
```
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo tee /etc/resolv.conf > /dev/null <<EOF
nameserver 223.5.5.5
nameserver 8.8.8.8
EOF
```
Modify the nameserver addresses as needed.
Enable the authoritative DNS server on the Global Configuration > DNS page.
To enable DNS over TCP, switch the option to Enable.
Release the changes after enabling the authoritative DNS server.

Verify the listening status of the OpenResty Edge Node.

$ sudo netstat -tupln | grep ":53"
udp        0      0 0.0.0.0:53              0.0.0.0:*                           69705/nginx: master 
udp        0      0 0.0.0.0:53              0.0.0.0:*                           69705/nginx: master

Run netstat -tupln | grep ":53" on the OpenResty Edge Node machine to verify that the port is being listened to by the OpenResty Edge Node.

Create DNS applications

Select and click on the DNS tab to create a new DNS application.

Enter the domain name to be resolved and the domain name server as instructed, e.g. example.com and ns1.example.com/ns2.example.com, respectively.

As shown in the figure below, create a new DNS application and set up the domain name resolution server.

As shown in the figure below, add an A record to the domain name resolution server. Note that the IP address set here will be used later to modify the domain’s authoritative DNS server with your domain provider.

The IP addresses are the IP of the OpenResty Edge Node. You can choose a name from OR Gateway, the name will be resolved as the IP address of the OpenResty Edge Node automatically.

Here you can add more DNS records, such as www domain records, or @ records that resolve to the main domain.

Resolve to gateway node

Go to admin console of your domain name providers. Resolve the name of domain name server (e.g. n1s.example.com above) to the gateway node.

Add DNS records

Choose the created DNS application in the DNS application list, and click it to add a DNS record.

The following types of DNS records are permitted: A, AAAA, CNAME, MX, TXT, and NS. Besides, the resolve can be pointed to different gateway nodes depending on the network types for users,

The currently optional network types are Country, Region and Operator.

Automatically select proper DNS records

When creating a DNS record, users may choose the network segment corresponding to that record, and Edge will return the matching DNS record via the requested IP address

or via cidr

Calculate recommended configuration

Calculating the recommended configuration is an alternative to manually configuring each DNS record

Type in the configuration and a proper DNS record will be generated fit for that configuration

DNS Record Priorities

OpenResty Edge can be configured with different DNS resolution records for different network sources. For example, the following two DNS records are configured.

DNS request from California resolves to the IP 1.1.1.1
DNS request from the USA to the IP 2.2.2.2.

For such DNS records with inclusion relationships, OpenResty Edge resolves them on a precision first basis. For example

if the client is from California, rule 1 will be applied and resolve to 1.1.1.1.
if the client is from a non-California region of the US, rule 2 will be applied and resolve to 2.2.2.2.

Active-standby settings supported for DNS records

DNS records having totally the same type + record + network type can mutually act as active and standby records

The default setting is using the active DNS record only, but the backup DNS record will also be used in the following situations:

There is no active DNS record
After the health check is enabled, the active DNS record is found unhealthy

Bind DNS to k8s cluster

You can bind a DNS to a k8s cluster.

Edge will manage DNS record automatically.

Switch map to kubernetes on, select k8s cluster, click Create Button.

Troubleshooting

First, execute dig @127.0.0.1 your.domain.name on the OpenResty Edge Node to ensure that the DNS service of the OpenResty Edge Node is running as expected.
Second, execute dig @xx.xx.xx.xx your.domain.name on another machine, where xx.xx.xx.xx is the public IP address of the OpenResty Edge Node from the previous step, to ensure that accessing the DNS service of the OpenResty Edge Node through the public network is working properly.
Finally, execute dig your.domain.name to ensure that recursive resolution through public DNS servers is working correctly.

DNS workflow

# Enable DNS

# Create DNS applications

# Resolve to gateway node

# Add DNS records

# Automatically select proper DNS records

# Calculate recommended configuration

# DNS Record Priorities

# Active-standby settings supported for DNS records

# Bind DNS to k8s cluster

# Troubleshooting

Love to hear from you, Get in touch 👋

Message was sent successfully!