Huawei Cloud
Dotnify connects to Huawei Cloud DNS using an Access Key ID (AK) and Secret Access Key (SK) pair. Requests are signed using the HMAC-SHA256 signing algorithm (similar to AWS SigV4) — no SDK dependency is needed.
Creating an AK/SK Pair
- Log in to the Huawei Cloud console
- Go to My Credentials → Access Keys
- Click Create Access Key
- Download the CSV file containing the AK and SK — save this securely, you won't be able to view the SK again
Required Permissions
The AK/SK user needs the following policy permissions:
| Service | Action | Description |
|---|---|---|
| DNS | dns:zone:list | List public zones |
| DNS | dns:recordset:list | List record sets in a zone |
| DNS | dns:recordset:create | Create record sets |
| DNS | dns:recordset:update | Update record sets |
| DNS | dns:recordset:delete | Delete record sets |
You can assign these through a custom policy in IAM → Policies → Create Custom Policy.
Example custom policy (JSON):
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dns:zone:list",
"dns:recordset:list",
"dns:recordset:create",
"dns:recordset:update",
"dns:recordset:delete"
]
}
]
}Adding the Provider in Dotnify
- Go to Providers → Add provider
- Select Huawei Cloud as the provider type
- Enter a Display name (e.g. "Production Huawei Cloud")
- Enter the Access Key ID and Secret Access Key
- Optionally select a Region (see below)
- Click Verify & continue
Dotnify will attempt to list zones using the provided credentials. If verification fails, check that:
- The AK and SK were copied correctly
- The IAM user has the required DNS permissions
- The account has public zones configured
Region Selection
Huawei Cloud DNS is a global service — the endpoint is dns.myhuaweicloud.com by default. In most cases, you don't need to select a region.
If you do select a region, the endpoint becomes dns.{region}.myhuaweicloud.com (e.g. dns.cn-north-1.myhuaweicloud.com).
Common region codes:
| Region | Code |
|---|---|
| CN North 1 (Beijing) | cn-north-1 |
| CN East 2 (Shanghai) | cn-east-2 |
| CN South 1 (Guangzhou) | cn-south-1 |
| AP Southeast 1 (Hong Kong) | ap-southeast-1 |
Selecting Zones
After verification, Dotnify shows all public zones accessible with the credentials. You can:
- Check specific zones to manage only those domains
- Leave all unchecked to manage every accessible zone
How Dotnify Uses the AK/SK
Dotnify implements the Huawei Cloud API signing directly in Node.js (no SDK). The signing process:
- Constructs a canonical request from the HTTP method, URI, query string, headers, and payload hash
- Creates a string to sign using the signing algorithm (
SDK-HMAC-SHA256) and datetime - Computes the HMAC-SHA256 signature using the SK
- Adds the
Authorizationheader:SDK-HMAC-SHA256 Access={AK}, SignedHeaders=..., Signature=...
| Operation | Huawei Cloud Endpoint |
|---|---|
| List zones | GET /v2/zones |
| List record sets | GET /v2.1/zones/{zoneId}/recordsets |
| Create record set | POST /v2.1/zones/{zoneId}/recordsets |
| Update record set | PUT /v2.1/zones/{zoneId}/recordsets/{recordSetId} |
| Delete record set | DELETE /v2.1/zones/{zoneId}/recordsets/{recordSetId} |
Note: Dotnify uses the v2.1 API for record sets to access the line (resolution line) field.
Huawei Cloud-Specific Features
Resolution Lines
Huawei Cloud DNS supports resolution lines — you can set different records for different ISPs or regions (e.g. default, telecom, unicom, mobile). When creating or editing a record in Dotnify, you can select a resolution line from a dropdown.
The available lines are loaded from a static JSON file bundled with Dotnify (src/huawei_line.json). This data includes line IDs, display names, and parent categories (e.g. carrier lines like "Telecom", "Unicom", "Mobile" under the "Carrier" category).
Record Set Model
Huawei Cloud uses a Record Set model rather than individual records. A record set has a name, type, TTL, and an array of record values. This means:
- Multiple values for the same name/type are stored as a single record set
- When editing, Dotnify sends the full
recordsarray (not PATCH semantics) - In the Dotnify UI, multiple values are displayed comma-separated
Host Name Format
Huawei Cloud requires fully qualified domain names with a trailing dot (e.g. www.example.com.). Dotnify automatically converts short names:
| Input | Stored as |
|---|---|
@ | example.com. |
www | www.example.com. |
mail.example.com. | mail.example.com. (unchanged) |
Security Notes
- The AK and SK are stored in plaintext in Redis (current MVP design). Protect your Redis instance with strong credentials.
- When the provider list is returned via the API, keys are masked — only the last 4 characters are visible.
- When editing a provider, you can leave the AK/SK fields blank to keep the current values unchanged.
- All Huawei Cloud API calls are made server-side — the AK/SK are never exposed to the browser.