Server in China and non-Chinese Domain pointing to it?

domain-name-system domain-name geodns china

I'm working for a startup and we're expanding into mainland China, hosting client data in a Chinese datacenter through a partner company in China. We have a website and backend API that mobile apps talk to.

Here's the thing:

Let's say we operate example.com, which is registered in the US. We use Route53 DNS to do geo-DNS, so that customers in China are automatically sent to an IP in the Chinese datacenter when asking for example.com. The Chinese IP resolves to a Chinese domain in reverse DNS.

Now our partner in China is telling us that we can't have example.com forward-DNS resolve to the IP in China. They say that a non-Chinese domain may not be served by an IP in mainland China. Is this true?

If so, what are workarounds?

I'm guessing it wouldn't be enough to just use CNAME so that srv55.example.com -> srv55.example.cn, because the DNS request would still be for srv55.example.com. Is the only solution to modify our applications / mobile app that if a phone is in China, it talks to example.cn while outside China it talks to example.com?


This answer above is technically correct, however you need to understand the risks with this solution.

Public facing websites in China require an ICP recordal and to register a recordal, the domain needs to be registered via a local DNS registrar - Hence the requirement not to use your .com domain which is likely registered with a non-Chinese DNS registrar.

By directing a non ICP'ed domain to a Chinese IP address, you are risking the IP address getting blocked.


About a year ago I tried using a .com CNAME pointing to a CloudFront dist in CN. This worked for a few hours, and then just didn't. IIRC AWS CN now does an ICP check themselves, so they possibly preemptively disable it. This puts a thorn in

  1. Users inside China accessing www.example.com

https://aws.amazon.com/blogs/networking-and-content-delivery/optimizing-performance-for-users-in-china-with-amazon-route-53-and-amazon-cloudfront/

Also, cross-boundry DNS still happens here:( and since it does anyway, the suggestion above of managing the CN domain in global R53 and just using that (perhaps with geo-DNS) is interesting.

This may raise questions to users seeing a .cn used globally, though should resolve to global CF endpoints anyway. Alternatively, native application logic could solve this, more challenging for a web-app though..

Related

PHP: No mapping for the Unicode character..., for specific greek characters
How is the SQL Server Folder "C:\Program Files\Microsoft SQL Server\" organized?
bash commands to print file name and contents
Can I bridge IPv4 while routing IPv6 on the same two interfaces?
IKEV2 IPSEC Autostart, restart, daemon
Sudden system time jumps on VM
psql asks for password despite configuring trust authentication from localhost
TC Corruption of Packets Ingress
VLAN and DHCP conflicts. /renew and release only works temporarily [closed]
boot option to set MTU during RHEL install
grep range of dates - apache log
DDOS attack - How to prevent [duplicate]