2015-06-08_17-21-13

25/03/2016 – Updated with Resource Manager CMDLETs

Moving to Azure DNS

In preparation for my next blog post, I decided to move the domain name server (DNS) records for alexandrebrisebois.com to the Microsoft Azure DNS.

Why?

Over the years, I’ve been very happy with the DNS services that I’ve used to host my DNS Records. Since, I rarely needed to log into these services, I’ve come accustomed to resetting my credentials. A recent need to make changes to these DNS Records, has pushed me to think about ways to streamline this process.

Along the way, I realized that there’s just something very appealing about centralizing everything to my Microsoft Azure environments. From compute to storage to networking, being capable of manipulating everything through PowerShell has turned out to be useful. The idea of being able to manipulate my DNS Records from this same environment felt like the right thing to do. Plus you get the added benefit of performance and availability.

Getting Ready

The first step consists of registering the Network Azure provider. Then we need to either create or use an existing Resource Group.

Login-AzureRmAccount

New-AzureRmResourceGroup -Name "BriseboisDNS" `
                         -Location "North Central US"

Creating a DNS Zone

The selected Resource Group will contain the DNS Zones that we will create in this post. A DNS Zone represents your domain and supports all common DNS record types: A, AAAA, CNAME, MX, NS, SOA, SRV and TXT.

# Create a Azure DNS Zone

$zone = New-AzureRmDnsZone -Name "alexandrebrisebois.com" `
                           -ResourceGroupName "BriseboisDNS"

The new DNS Zone is automatically configured with a @ Record set and is populated with a Start of Authority (SOA) and the authoritative name server (NS) Records. To retrieve the list of Name Servers needed to configure the registrar, get the DNS Record set associated with the NS Record.

$recordSet = Get-AzureRmDnsRecordSet -Name '@' `
                                     -Zone $zone `
                                     -RecordType NS

$recordSet.Records | Format-Table

Nsdname
-------
ns1-02.azure-dns.com
ns2-02.azure-dns.net
ns3-02.azure-dns.org
ns4-02.azure-dns.info

note: Record sets at the root (or ‘apex’) of a DNS Zone use “@” as the record set name.

Creating a CNAME Record

Once the Registrar is updated to point to the Azure Name Servers, it’s time to set up the CNAME Record. In Azure DNS, records are specified using relative names. Therefore, our DNS Record Set will be named ‘www‘ instead of ‘www.alexandrebrisebois.com’.

$recordSet = New-AzureRmDnsRecordSet -Name 'www' `
                                     -RecordType CNAME `
                                     -ZoneName 'alexandrebrisebois.com' `
                                     -ResourceGroupName 'BriseboisDNS' `
                                     -Ttl 3600

Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
                           -Cname "alexandrebrisebois.com"

Set-AzureRmDnsRecordSet -RecordSet $recordSet

note : CNAME record sets cannot co-exist with other record sets with the same name. For example, you cannot create a CNAME with the relative name ‘www’ and an A record with the relative name ‘www’ at the same time. Since the zone apex (name = ‘@’) always contains the NS and SOA record sets created when the zone is created, this means you cannot create a CNAME record set at the zone apex. These constraints arise from the DNS standards, they are not limitations of Azure DNS. Furthermore, DNS standards do not permit multiple records with the same name for Record sets of type SOA and CNAME.

Pointing a Naked Domain to an Azure Web App

Azure Web Apps support custom domains. To map a naked domain to an App, we must navigate to the ‘Bring External Domains‘ blade. This will provide us with a public IP that we can use to create the A Record. This Record type maps a name to a set of IPv4 addresses.

A Record set can contain a maximum of 100 entries.

Before we add the domain to the Web App, we need to add an extra CNAME Record that Azure will use to confirm that we own the domain. If we forget to add this Record, Azure will throw an error that prevents us from completing the configuration. Review the official documentation for a complete walk through.

The following script, walks us through the steps required to reach the target state, that allows us to add the domain to the Azure Web App.

# We cannot use a CNAME on @
# Therefore, we must use A Records to map
# a naked domain to an Azure Web App

$recordSet = New-AzureRmDnsRecordSet -Name '@' `
                                     -Zone $zone `
                                     -Ttl 60 `
                                     -RecordType A

# Find the IP Address to use from the
# Bring External Domains blade.

Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
                           -Ipv4Address '104.43.142.33'

Set-AzureRmDnsRecordSet -RecordSet $recordSet

# Create a CNAME that maps WWW
# to the naked domain 

$recordSet = New-AzureRmDnsRecordSet -Name 'www' `
                                     -Zone $zone `
                                     -Ttl 60 `
                                     -RecordType CNAME

Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
                           -Cname 'alexandrebrisebois.com'

Set-AzureRmDnsRecordSet -RecordSet $recordSet

# Microsoft Azure must verify that you
# are authorized to configure the custom
# domain name to point to your web app.
# To verify authorization, create a CNAME
# resource record with your DNS provider
# that points from awverify.www.yourdomain.com
# to awverify.brisebois.azurewebsites.net. 

$recordSet = New-AzureRmDnsRecordSet -Name 'awverify' `
                                     -Zone $zone `
                                     -Ttl 60 `
                                     -RecordType CNAME

Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
                           -Cname 'awverify.brisebois.azurewebsites.net'

Set-AzureRmDnsRecordSet -RecordSet $recordSet

Verification

It’s always nice to be able to verify that we’ve actually accomplished our goals. Using the Resolve-DnsName cmdlet allows us to do just that.

Resolve-DnsName -Name 'alexandrebrisebois.com' -Type ALL -DnsOnly

Name                        Type TTL   Section    PrimaryServer               NameAdministrator           SerialNumber
----                        ---- ---   -------    -------------               -----------------           ------------
alexandrebrisebois.com      SOA  3493  Answer     edge1.azuredns-cloud.net    msnhst.microsoft.com        9           

Name      : alexandrebrisebois.com
QueryType : NS
TTL       : 3493
Section   : Answer
NameHost  : ns2-05.azure-dns.net

Name      : alexandrebrisebois.com
QueryType : NS
TTL       : 3493
Section   : Answer
NameHost  : sn1clddns01

Name      : alexandrebrisebois.com
QueryType : NS
TTL       : 3493
Section   : Answer
NameHost  : ns1-05.azure-dns.com

Name      : alexandrebrisebois.com
QueryType : NS
TTL       : 3493
Section   : Answer
NameHost  : ns4-05.azure-dns.info

Name      : alexandrebrisebois.com
QueryType : NS
TTL       : 3493
Section   : Answer
NameHost  : ns3-05.azure-dns.org

Azure DNS Resources

17 responses to Moving to Azure DNS

  1. 

    The Resolve-DnsName cmdlet isn’t present on older systems, even if they have WMF 4.0 installed. Instead you can use this:

    Like

  2. 

    Hi John,

    Thanks for your article. I used it to get my first domain setup. But I noticed I needed a bit more of a visual tool. And decided to write one!

    Hopefully of interest to others as well: I just put it up on GitHub: https://github.com/sandercox/AzureDNSManager and a binary can be found here: http://scox.nl/azure_dns_manager_v0.1.zip

    Cheers!

    Like

  3. 

    Name : alexandrebrisebois.com
    QueryType : NS
    TTL : 3493
    Section : Answer
    NameHost : sn1clddns01

    NameHost are not FQDN ?????

    Like

  4. 

    Alexandre, thanks for your post, far far better from MS documentation.
    Although this processes (Azure) is the worse method I’ve ever worked do manage DNS configuration.
    A regular task that could consume just few minutes, I’ve already spent 6 hours and not seem be corrected configured.

    Like

  5. 

    Any thoughts on RESOLVE DNS results?
    Thanks,

    Resolve-DnsName : businessmind.com.br : DNS server failure
    At line:1 char:1
    + Resolve-DnsName -Name ‘businessmind.com.br’ -Type ALL -DnsOnly
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ResourceUnavailable: (businessmind.com.br:String) [Resolve-DnsNam
    + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName

    Like

  6. 

    Alexandre, the creation of A record seems missing the final command to add it.
    My script that worked is:
    $recordSet = New-AzureDnsRecordSet -Name ‘@’ -Zone $zone -Ttl 60 -RecordType A
    Add-AzureDnsRecordConfig -RecordSet $recordSet -Ipv4Address ‘137.117.xxx.xxx’
    Set-AzureDnsRecordSet -RecordSet $recordSet

    Liked by 1 person

  7. 

    Is there a UI for this? .. know of anyone that has done anything against the API to produce one maybe?

    Like

  8. 

    Alexandre,

    Do you have any thought about subdomain configuration?

    I created I new zone like “mysub.mydomain.com” but when I test it using
    Resolve-DnsName -Name “mysub.mydomain.com” -Type ALL -DnsOnly
    It shows “DNS name does not exist”

    I need this subdomain to manage MX record only (for SendGrid parsing).

    Like

    • 

      Never mind, I found the correct way for subdomain MX:
      $rs = New-AzureDnsRecordSet -Name “mysubdomain” -RecordType MX -Zone $zone -Ttl 60
      Add-AzureDnsRecordConfig -RecordSet $rs -Exchange “mx.sendgrid.net” -Preference 5
      Set-AzureDnsRecordSet -RecordSet $rs

      Like

      • 

        Hi,
        I created a zone on last thursday evening. If I try to relsove my zone with NS of Microsoft Server it resolves. Its a free trial subcription. But not with 8.8.8.8 and 4.4.2.2. How much time does it takes to reflect.

        Like

        • 

          Hi, the inside Azure is pretty fast. Then from the outside world, it depends on many different variables. Essentially DNS propagation can take up to 48 hours. Have you checked from a VM hosted on Azure?

          Like

Trackbacks and Pingbacks:

  1. Luper's Learnings - Azure Technical Community for Partners (August 2015) - Luper’s Learnings - Site Home - TechNet Blogs - September 4, 2015

    […] Brisebois posted Moving to Azure DNS which details his experience using Microsoft Azure DNS. This prompted me to find a couple other […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s