everythingpossible - Fotolia


How to work with Azure DNS zones

Microsoft's hosting service for DNS domains is an option for organizations with a heavy Azure investment that want the benefits associated with a cloud service.

Although domain registries typically provide their own DNS servers that registrants can use to resolve queries to their domains, Microsoft offers to do this in the Azure cloud.

Azure DNS zones hold the DNS entries for domains. To host a domain in the Azure infrastructure requires configuring the DNS zone. One advantage to using Microsoft for DNS is consolidation, which has a certain appeal for an organization already using Azure.

In addition, external DNS servers require close attention and regular patching, which is imperative for an infrastructure that faces the internet; using Azure DNS lifts part of the security burden from the admin. Through PowerShell, administrators can easily control configuration and management of Azure DNS zones and other facets of this cloud service with automation through scripts. Lastly, there may be scenarios where it is necessary to use Azure DNS, such as situations in which private name resolution is required on an individual Azure virtual network.

Creating an Azure DNS Zone

Access Azure's DNS management tools by logging into the Azure portal, clicking the All Services link, selecting the Networking tab and then clicking on the DNS Zones option, shown in Figure 1.

Azure DNS Zone settings
Figure 1. Click on the DNS Zones option to access the Azure DNS Zone settings.

Next, create the Azure DNS zone. Click on the link to create a DNS zone, then follow the prompts to specify your Azure subscription, the resource group in which to create the zone and the name of the zone. Figure 2 shows all these menu options. When you are done, click the Review and Create button.

Azure DNS zone menu
Figure 2. When creating Azure DNS zones, you need to specify your Azure subscription, the name of the resource group to use and the name of the zone.

How to address Azure DNS zone propagation time

Azure DNS zones generally propagate quickly. In most cases, DNS zone propagation occurs within 60 seconds, but there are external factors -- such as client DNS caching -- that give the illusion that the process is taking longer to finish.

In a Windows environment, you can flush a client's DNS resolver cache by opening a command prompt window and entering the following command:

IPConfig /FlushDNS

How to execute an Azure DNS zone transfer

If you want to transfer a DNS zone from another DNS service into Azure, it is generally a three-step process -- not including the creation of a resource group, if necessary.

First, create a DNS zone file using the tools provided by the current host. Most DNS providers enable you to export a zone file, which is a text file with the list of the DNS records.

Next, import the zone file into Azure. This has to be done from the Azure CLI command line environment using the following example:

az network dns zone import -g myresourcegroup -n contoso.com -f contoso.com.txt

Lastly, configure your domain to use Azure for DNS name resolution. The specific steps vary depending on your domain registry. The general steps are to log into the domain registry, click on your domain and then link it to the Azure DNS servers. You can find instructions for this process here.

Azure private DNS zone considerations

While one use of DNS zones is to make domain names resolvable over the internet, there are scenarios that require the use of a private DNS zone when employing one or more virtual networks within Azure. You can use any domain name that you wish in a private zone. Additionally, VMs on the private network can be automatically registered with a private DNS zone, freeing the administrator from having to complete the task manually.

You cannot create a private DNS zone through the Azure admin portal. This job requires PowerShell. The Az.PrivateDNS PowerShell module provides the cmdlets required to create and manage private Azure DNS zones.

You can find instructions to create a private DNS zone at this Microsoft site.

What to do if an Azure private DNS zone does not resolve

Azure private DNS zones tend to require little maintenance. The client registration and removal process occur automatically, but there are times when resources within a private DNS zone do not resolve properly.

To troubleshoot this problem, make sure the DNS records have had time to propagate. After that, verify the resource's fully qualified domain name. When you add a VM to a private DNS zone, that VM's DNS suffix will not match the private zone and will require a correction to manually change to the VM's DNS suffix. Until this change occurs, name resolution problems can happen if queries are made under the assumption that the VM's DNS suffix has been updated.

Third-party options for Azure DNS zone management

In addition to PowerShell and the Azure admin portal, you can use a third-party utility such as Ansible, Salt or Terraform to work with Azure DNS zones.

Administrators can use Terraform to manage and configure infrastructure components, such as DNS, by defining the infrastructure as code. A deep dive into how to use Terraform to its fullest on Azure is beyond the scope of this article, but the following short example illustrates how it works.

Code entered into Terraform is divided into sections. The first portion declares Azure as a provider using the following command:

provider "azurerm" {

From there, you establish a resource block of code to define a resource group. You can use subsequent blocks of code to create DNS zones and DNS records. Here is the zone configuration example provided by Terraform.

resource "azurerm_resource_group" "example" {
  name     = "acceptanceTestResourceGroup1"
  location = "West US"
resource "azurerm_dns_zone" "example-public" {
  name                = "mydomain.com"
  resource_group_name = azurerm_resource_group.example.name
resource "azurerm_private_dns_zone" "example-private" {
  name                = "mydomain.com"
  resource_group_name = azurerm_resource_group.example.name

Dig Deeper on IT operations and infrastructure management

Cloud Computing
Enterprise Desktop
Virtual Desktop