Private DNS

DNS

  • API Reference
    • API function release records
    • API Service Domain Name
    • Appendix
    • Common Headers and Error Responses
    • General Description
    • Interface Overview
    • Overview
    • Private DNS Related Interfaces
      • Add resolution record
      • Associate VPC
      • Create a PrivateZone
      • Delete PrivateZone
      • Delete resolution record
      • Disassociate VPC
      • Modify resolution record
      • Query details of a PrivateZone
      • Query PrivateZone list
      • Query resolution record list
      • Set Resolution Record Status
    • Public DNS Related Interfaces
      • Domain Name Related Interfaces
      • Line Group Related Interfaces
      • Resolution Records Related Interfaces
  • FAQs
    • General FAQs
  • Function Release Records
  • Operation guide
    • Identity and access management
    • Local DNS service
      • Add Private Zone
      • Add resolution record
      • Associate VPC
      • Delete Private Zone
      • Resolver
    • Public DNS service
      • Add domain name
      • Add resolution
      • Enable Resolution Service
      • Line Grouping Function
      • Manage Resolution
      • Resolution Line Selection
      • Upgrade Domain Name to Enterprise Edition Operation Guide
    • Resolution Logging Management
  • Product Description
    • Application scenarios
    • Product advantages
    • Product functions
    • Product overview
    • Usage restrictions
  • Product pricing
  • Quick Start
    • Activate Service
    • Use Resolution Service
  • SDK
    • Golang-SDK
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Private DNS
      • Version history
    • Java-SDK
      • Install the SDK Package
      • Overview
      • Private DNS
      • Public DNS
      • Version history
    • Python-SDK
      • Initialization
      • Install the SDK Package
      • Overview
      • Private DNS
      • Public DNS
      • Version history
  • Service Level Agreement (SLA)
    • Internal DNS Service Level Agreement SLA
    • Public DNS Service Level Agreement SLA
  • Typical Practices
    • Implement URL Forwarding via Nginx
    • Local IDC Interconnection with Cloud DNS Service via Resolver
    • Quickly Set Up Private Domain Name Resolution Service Using Terraform
All documents
menu
No results found, please re-enter

DNS

  • API Reference
    • API function release records
    • API Service Domain Name
    • Appendix
    • Common Headers and Error Responses
    • General Description
    • Interface Overview
    • Overview
    • Private DNS Related Interfaces
      • Add resolution record
      • Associate VPC
      • Create a PrivateZone
      • Delete PrivateZone
      • Delete resolution record
      • Disassociate VPC
      • Modify resolution record
      • Query details of a PrivateZone
      • Query PrivateZone list
      • Query resolution record list
      • Set Resolution Record Status
    • Public DNS Related Interfaces
      • Domain Name Related Interfaces
      • Line Group Related Interfaces
      • Resolution Records Related Interfaces
  • FAQs
    • General FAQs
  • Function Release Records
  • Operation guide
    • Identity and access management
    • Local DNS service
      • Add Private Zone
      • Add resolution record
      • Associate VPC
      • Delete Private Zone
      • Resolver
    • Public DNS service
      • Add domain name
      • Add resolution
      • Enable Resolution Service
      • Line Grouping Function
      • Manage Resolution
      • Resolution Line Selection
      • Upgrade Domain Name to Enterprise Edition Operation Guide
    • Resolution Logging Management
  • Product Description
    • Application scenarios
    • Product advantages
    • Product functions
    • Product overview
    • Usage restrictions
  • Product pricing
  • Quick Start
    • Activate Service
    • Use Resolution Service
  • SDK
    • Golang-SDK
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Private DNS
      • Version history
    • Java-SDK
      • Install the SDK Package
      • Overview
      • Private DNS
      • Public DNS
      • Version history
    • Python-SDK
      • Initialization
      • Install the SDK Package
      • Overview
      • Private DNS
      • Public DNS
      • Version history
  • Service Level Agreement (SLA)
    • Internal DNS Service Level Agreement SLA
    • Public DNS Service Level Agreement SLA
  • Typical Practices
    • Implement URL Forwarding via Nginx
    • Local IDC Interconnection with Cloud DNS Service via Resolver
    • Quickly Set Up Private Domain Name Resolution Service Using Terraform
  • Document center
  • arrow
  • DNS
  • arrow
  • SDK
  • arrow
  • Golang-SDK
  • arrow
  • Private DNS
Table of contents on this page
  • Confirm Endpoint
  • Retrieve access key
  • Create a new LD client
  • Create a new LD client with AK/SK
  • Create a LD client with STS
  • Configure the LD client
  • Use a proxy
  • Set network parameters
  • Configure options for generating signature strings
  • Create a PrivateZone
  • Delete PrivateZone
  • Query PrivateZone list
  • Query details of a PrivateZone
  • Associate VPC
  • Disassociate VPC
  • Add resolution record
  • Modify resolution record
  • Delete resolution record
  • Query resolution record list
  • Enable resolution record
  • Disable the resolution record

Private DNS

Updated at:2025-11-11

Initialization

Confirm Endpoint

The service domain name of the local DNS API is privatezone.baidubce.com

The API supports both HTTP and HTTPS call methods. For enhanced data security, it is advised to use HTTPS for communication.

Retrieve access key

To use LD, you must have a valid AK (Access Key ID) and SK (Secret Access Key) for signature authentication. AK and SK are system-generated strings used to identify users and authenticate signatures for LD.

Your AK/SK information can be obtained and understood through the following steps:

Register a Baidu AI Cloud account

Create AK/SK

Create a new LD client

An LD client functions as the client interface for LD services, offering developers a variety of methods to interact with LD services.

Create a new LD client with AK/SK

Users can refer to the following code to create a new LD Client to access LD with AK/SK:

Go 
1import (
2	"github.com/baidubce/bce-sdk-go/services/localDns"
3)
4func main() {
5 // User’s Access Key ID and Secret Access Key
6	ACCESS_KEY_ID, SECRET_ACCESS_KEY := <your-access-key-id>, <your-secret-access-key>
7	
8 // User-specified Endpoint
9	ENDPOINT := <domain-name>
10 // Initialize a LDClient
11	ldClient, err := ld.NewClient(AK, SK, ENDPOINT)
12}

In the code above, ACCESS_KEY_ID corresponds to “Access Key ID” in the console. SECRET_ACCESS_KEY corresponds to “Access Key Secret” in the console. Refer to the Guide - How to Retrieve AKSK. The third parameter ENDPOINT is a user-specified domain name. If left empty, the default domain name will be used as the LD service address.

Create a LD client with STS

Request STS Token

LD enables temporary third-party access authorization through the STS mechanism. STS (Security Token Service) is a temporary authorization service provided by Baidu AI Cloud. Using STS, you can issue access credentials with customized validity periods and permissions for third-party users. These credentials enable third-party users to directly call Baidu AI Cloud APIs or SDKs to access cloud resources.

To access LD through STS, users must first request an authentication string using the STS client.

Create LD Client with STS Token

Once the STS token is obtained, configure it in the LD Client to enable STS-based client creation for LD.

Code example

The GO SDK implements the STS service API. Below is a complete example for requesting an STS Token and creating an LD Client object:

Go 
1import (
2	"fmt"
3 "github.com/baidubce/bce-sdk-go/auth"                    //Import the authentication module
4 "github.com/baidubce/bce-sdk-go/services/" //Import LD service module
5 "github.com/baidubce/bce-sdk-go/services/sts"            //Import the Baige service module
6)
7func main() {
8 //Create a Client object for the STS service, using the default Endpoint
9	AK, SK := <your-access-key-id>, <your-secret-access-key>
10	stsClient, err := sts.NewClient(AK, SK)
11	if err != nil {
12		fmt.Println("create sts client object :", err)
13		return
14	}
15 //Obtain a temporary authentication token with a validity period of 60 seconds and an empty ACL
16	stsObj, err := stsClient.GetSessionToken(60, "")
17	if err != nil {
18		fmt.Println("get session token failed:", err)
19		return
20    }
21	fmt.Println("GetSessionToken result:")
22	fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
23	fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
24	fmt.Println("  sessionToken:", stsObj.SessionToken)
25	fmt.Println("  createTime:", stsObj.CreateTime)
26	fmt.Println("  expiration:", stsObj.Expiration)
27	fmt.Println("  userId:", stsObj.UserId)
28 //Create a LD Client object using the requested temporary STS, with the default endpoint
29	ldClient, err := ld.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "privatezone.baidubce.com")
30	if err != nil {
31		fmt.Println("create localDns client failed:", err)
32		return
33	}
34	stsCredential, err := auth.NewSessionBceCredentials(
35		stsObj.AccessKeyId,
36		stsObj.SecretAccessKey,
37		stsObj.SessionToken)
38	if err != nil {
39		fmt.Println("create sts credential object failed:", err)
40		return
41	}
42	ldClient.Config.Credentials = stsCredential
43}

Note: Currently, when configuring a LD Client using STS, the endpoint of STS must be configured as http://sts.bj.baidubce.com.

Configure HTTPS access to LD

LD supports the HTTPS transport protocol. To use HTTPS to access LD services with the LD Go SDK, specify HTTPS in the endpoint when creating the LD client object.

Go 
1// import "github.com/baidubce/bce-sdk-go/services/localDns"
2 ENDPOINT := "https://privatezone.baidubce.com " //Specify the use of HTTPS protocol
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4ldClient, _ := ld.NewClient(AK, SK, ENDPOINT)

Configure the LD client

If users need to configure specific parameters for the LD Client, they can customize the configuration using the exported Config field of the LD Client object after its creation. This allows for configuring parameters such as proxy and maximum number of connections for the client.

Use a proxy

The following code snippet enables the client to access LD service using a proxy:

Go 
1// import "github.com/baidubce/bce-sdk-go/services/localDns"
2 // Create an LD Client object
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4ENDPOINT := "privatezone.baidubce.com"
5client, _ := ld.NewClient(AK, SK, ENDPOINT)
6 // Use the local port 8080 for the proxy
7client.Config.ProxyUrl = "127.0.0.1:8080"

Set network parameters

Users can configure network parameters using the following example code:

Go 
1// import "github.com/baidubce/bce-sdk-go/services/localDns"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "privatezone.baidubce.com"
4client, _ := ld.NewClient(AK, SK, ENDPOINT)
5 // Configure to not retry, default: Back Off retry
6client.Config.Retry = bce.NewNoRetryPolicy()
7 // Configure connection timeout to 30 seconds
8client.Config.ConnectionTimeoutInMillis = 30 * 1000

Configure options for generating signature strings

Go 
1// import "github.com/baidubce/bce-sdk-go/services/localDns"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "privatezone.baidubce.com"
4client, _ := ld.NewClient(AK, SK, ENDPOINT)
5 // Configure the HTTP request header Host for signing
6headersToSign := map[string]struct{}{"Host": struct{}{}}
7client.Config.SignOption.HeadersToSign = HeadersToSign
8 // Configure the validity period of the signature to 30 seconds
9client.Config.SignOption.ExpireSeconds = 30

Parameter description

When using the GO SDK to access LD, the Config field of the created LD Client object supports the following parameters, as shown in the table below:

ConfigMap name Types Meaning
Endpoint string Domain name for service requests
ProxyUrl string The proxy address for client requests
Region string Region for resource requests
UserAgent string User name, HTTP request’s User-Agent header
Credentials *auth.BceCredentials Authentication object for requests, divided into regular AK/SK and STS
SignOption *auth.SignOptions Options for authentication string signing
Retry RetryPolicy Retry policy for connections
ConnectionTimeoutInMillis int Connection timeout, in milliseconds, defaulting to 20 minutes

Description:

  1. The Credentials is created using the auth.NewBceCredentials and auth.NewSessionBceCredentials functions. The former is used by default, while the latter is used for STS certification. See "Create an LD client with STS" for details.
  2. The SignOption field represents options when generating a signature string, as detailed in the table below:
Name Types Meaning
HeadersToSign map[string]struct{} HTTP headers used when generating the signature string
Timestamp int64 Timestamp used in the generated signature string, defaulting to the value at the time of sending request
ExpireSeconds int Validity period of the signature string

Among them, HeadersToSign defaults to Host, Content-Type, Content-Length and Content-MD5. TimeStamp is generally set to zero, indicating that the timestamp when generating the authentication string is used. Users should not explicitly specify this field’s value. ExpireSeconds defaults to 1,800 seconds (30 minutes).

  1. The Retry field specifies the retry policy, currently supporting two types: NoRetryPolicy and BackOffRetryPolicy. By default, the latter is used. This retry policy specifies the maximum number of retries, the maximum retry duration, and the retry base. Retries increase exponentially based on the retry base multiplied by 2 until the maximum number of retries or the maximum retry duration is reached.

Create a PrivateZone

Function declaration

Go 
1type CreatePrivateZoneRequest struct {
2	ClientToken string `json:"-"`
3	ZoneName    string `json:"zoneName"`
4}
5type CreatePrivateZoneResponse struct {
6	ZoneId string `json:"zoneId"`
7}
8func (c *Client) CreatePrivateZone(body *CreatePrivateZoneRequest) (*CreatePrivateZoneResponse, error)

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/jkk6kkh7x

Response Value
Operation succeeded:

Go 
1{
2   "zoneId":"zone-jkgdns3h"
3}

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_create_private_zone.go

Delete PrivateZone

Function declaration

Go 
1func (c *Client) DeletePrivateZone(zoneId string, clientToken string) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Kkk6kpur9

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_delete_private_zone.go

Query PrivateZone list

Function declaration

Go 
1type ListPrivateZoneRequest struct {
2	Marker  string
3	MaxKeys int
4}
5type ListPrivateZoneResponse struct {
6	Marker      string `json:"marker"`
7	IsTruncated bool   `json:"isTruncated"`
8	NextMarker  string `json:"nextMarker"`
9	MaxKeys     int32  `json:"maxKeys"`
10	Zones       []Zone `json:"zones"`
11}
12func (c *Client) ListPrivateZone(request *ListPrivateZoneRequest) (*ListPrivateZoneResponse, error)

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Bkk6l42dl

Response Value
Operation succeeded:

Go 
1{
2    "nextMarker": "zone-xktdeMSf",
3    "marker": "zone-IyWRnII7",
4    "maxKeys": 1,
5    "isTruncated": true,
6    "zones": [{
7        "zoneId": "zone-IyWRnII7",
8        "zoneName": "baidu.com",
9        "recordCount": 2,
10        "createTime": "2018-12-26 20:30:45",
11        "updateTime": "2018-12-28 21:35:40"
12    }]
13}

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_list_private_zone.go

Query details of a PrivateZone

Function declaration

Go 
1type GetPrivateZoneResponse struct {
2	ZoneId      string `json:"zoneId"`
3	ZoneName    string `json:"zoneName"`
4	RecordCount int32  `json:"recordCount"`
5	CreateTime  string `json:"createTime"`
6	UpdateTime  string `json:"updateTime"`
7	BindVpcs    []Vpc  `json:"bindVpcs"`
8}
9func (c *Client) GetPrivateZone(zoneId string) (*GetPrivateZoneResponse, error)

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Jkk6lc8li

Response Value
Operation succeeded:

Go 
1{
2    "zoneId": "zone-xktdeMSf",
3    "zoneName": "baidu1.com",
4    "recordCount": 2,
5    "createTime": "2018-12-26 20:30:45",
6    "updateTime": "2018-12-28 21:35:40"
7    "bindVpcs": [{
8        "vpcId": "vpc-jikh8hds",
9        "vpcName": "vpcTest",
10        "vpcRegion": "bj"
11    }]
12}

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_get_private_zone.go

Associate VPC

Function declaration

Go 
1type BindVpcRequest struct {
2	ClientToken string   `json:"-"`
3	Region      string   `json:"region"`
4	VpcIds      []string `json:"vpcIds"`
5}
6func (c *Client) BindVpc(zoneId string, body *BindVpcRequest) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/qkk6lg1af

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_bind_vpc.go

Disassociate VPC

Function declaration

Go 
1type UnbindVpcRequest struct {
2	ClientToken string   `json:"-"`
3	Region      string   `json:"region"`
4	VpcIds      []string `json:"vpcIds"`
5}
6func (c *Client) UnbindVpc(zoneId string, body *UnbindVpcRequest) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Dkk6lkyy1

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_unbind_vpc.go

Add resolution record

Function declaration

Go 
1type AddRecordRequest struct {
2	ClientToken string `json:"-"`
3	Rr          string `json:"rr"`
4	Value       string `json:"value"`
5	Type        string `json:"type"`
6	Ttl         int32  `json:"ttl,omitempty"`
7	Priority    int32  `json:"priority,omitempty"`
8	Description string `json:"description,omitempty"`
9}
10type AddRecordResponse struct {
11	RecordId string `json:"recordId"`
12}
13func (c *Client) AddRecord(zoneId string, body *AddRecordRequest) (*AddRecordResponse, error)

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Pkk6lpe4e

Response Value
Operation succeeded:

Go 
1{
2  "recordId":"rc-jih8hd5s"
3}

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_add_record.go

Modify resolution record

Function declaration

Go 
1type UpdateRecordRequest struct {
2	ClientToken string `json:"-"`
3	Rr          string `json:"rr"`
4	Value       string `json:"value"`
5	Type        string `json:"type"`
6	Ttl         int32  `json:"ttl,omitempty"`
7	Priority    int32  `json:"priority,omitempty"`
8	Description string `json:"description,omitempty"`
9}
10func (c *Client) UpdateRecord(recordId string, body *UpdateRecordRequest) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Dkk6lu5ds

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_update_record.go

Delete resolution record

Function declaration

Go 
1func (c *Client) DeleteRecord(recordId string, clientToken string) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Lkk6lx4f1

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_delete_record.go

Query resolution record list

Function declaration

Go 
1type ListRecordResponse struct {
2	Marker      string   `json:"marker"`
3	IsTruncated bool     `json:"isTruncated"`
4	NextMarker  string   `json:"nextMarker"`
5	MaxKeys     int32    `json:"maxKeys"`
6	Records     []Record `json:"records"`
7}
8func (c *Client) ListRecord(zoneId string) (*ListRecordResponse, error)

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Ckk6m3d7a

Response Value
Operation succeeded:

Go 
1{
2    "nextMarker": "rc-Iy8p6arqenI7",
3    "marker": "rc-ik9p9zq6u5ry",
4    "maxKeys": 1,
5    "isTruncated": true,
6    "records": [{
7        "recordId": "rc-djkf8hf9",
8        "rr": "ip",
9        "value": "192.184.18.233",
10        "status": "enable",
11        "type": "A",
12        "ttl": 60,
13        "description": "desc"
14    }]
15}

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_list_record.go

Enable resolution record

Function declaration

Go 
1func (c *Client) EnableRecord(recordId string, clientToken string) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Bkk6m60y1

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_enable_record.go

Disable the resolution record

Function declaration

Go 
1func (c *Client) DisableRecord(recordId string, clientToken string) error

Parameter Meaning
Refer to the OpenAPI documentation: https://cloud.baidu.com/doc/DNS/s/Bkk6m60y1

Response Value
Operation succeeded:

Go 
1// No return body

Operation failed:

Throw an exception. For the exception list, refer to: Local DNS Exception List

Code example
For specific code examples, please refer to: example_disable_record.go

Previous
Overview
Next
Version history