In a cloud environment, different tenants may have different DNS configurations. The configurations may include tenant-specific Virtual Private Zones(VPZ), DNS Response Policy Zones(RPZ), Response Rate Limiting(RRL) or Access Control List(ACL) etc. This talk will describe a best practice on how Alibaba provision the DNS infrastructure for Tenant in Cloud Environment. The “VNI” EDNS option (or EDNS VNI) is proposed to enable the DNS to signal and identify the tenant virtual network from which a DNS query is generated. Based on EDNS VNI information, the DNS server can respond according to the configuration of that tenant.