25/03/2016 – Updated with Resource Manager CMDLETs
Moving to Azure DNS
In preparation for my next blog post, I decided to move the domain name server (DNS) records for alexandrebrisebois.com to the Microsoft Azure DNS.
Why?
Over the years, I’ve been very happy with the DNS services that I’ve used to host my DNS Records. Since, I rarely needed to log into these services, I’ve come accustomed to resetting my credentials. A recent need to make changes to these DNS Records, has pushed me to think about ways to streamline this process.
Along the way, I realized that there’s just something very appealing about centralizing everything to my Microsoft Azure environments. From compute to storage to networking, being capable of manipulating everything through PowerShell has turned out to be useful. The idea of being able to manipulate my DNS Records from this same environment felt like the right thing to do. Plus you get the added benefit of performance and availability.
Getting Ready
The first step consists of registering the Network Azure provider. Then we need to either create or use an existing Resource Group.
Login-AzureRmAccount
New-AzureRmResourceGroup -Name "BriseboisDNS" `
-Location "North Central US"
Creating a DNS Zone
The selected Resource Group will contain the DNS Zones that we will create in this post. A DNS Zone represents your domain and supports all common DNS record types: A, AAAA, CNAME, MX, NS, SOA, SRV and TXT.
# Create a Azure DNS Zone
$zone = New-AzureRmDnsZone -Name "alexandrebrisebois.com" `
-ResourceGroupName "BriseboisDNS"
The new DNS Zone is automatically configured with a @ Record set and is populated with a Start of Authority (SOA) and the authoritative name server (NS) Records. To retrieve the list of Name Servers needed to configure the registrar, get the DNS Record set associated with the NS Record.
$recordSet = Get-AzureRmDnsRecordSet -Name '@' `
-Zone $zone `
-RecordType NS
$recordSet.Records | Format-Table
Nsdname
-------
ns1-02.azure-dns.com
ns2-02.azure-dns.net
ns3-02.azure-dns.org
ns4-02.azure-dns.info
note: Record sets at the root (or ‘apex’) of a DNS Zone use “@” as the record set name.
Creating a CNAME Record
Once the Registrar is updated to point to the Azure Name Servers, it’s time to set up the CNAME Record. In Azure DNS, records are specified using relative names. Therefore, our DNS Record Set will be named ‘www‘ instead of ‘www.alexandrebrisebois.com’.
$recordSet = New-AzureRmDnsRecordSet -Name 'www' `
-RecordType CNAME `
-ZoneName 'alexandrebrisebois.com' `
-ResourceGroupName 'BriseboisDNS' `
-Ttl 3600
Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
-Cname "alexandrebrisebois.com"
Set-AzureRmDnsRecordSet -RecordSet $recordSet
note : CNAME record sets cannot co-exist with other record sets with the same name. For example, you cannot create a CNAME with the relative name ‘www’ and an A record with the relative name ‘www’ at the same time. Since the zone apex (name = ‘@’) always contains the NS and SOA record sets created when the zone is created, this means you cannot create a CNAME record set at the zone apex. These constraints arise from the DNS standards, they are not limitations of Azure DNS. Furthermore, DNS standards do not permit multiple records with the same name for Record sets of type SOA and CNAME.
Pointing a Naked Domain to an Azure Web App
Azure Web Apps support custom domains. To map a naked domain to an App, we must navigate to the ‘Bring External Domains‘ blade. This will provide us with a public IP that we can use to create the A Record. This Record type maps a name to a set of IPv4 addresses.
A Record set can contain a maximum of 100 entries.
Before we add the domain to the Web App, we need to add an extra CNAME Record that Azure will use to confirm that we own the domain. If we forget to add this Record, Azure will throw an error that prevents us from completing the configuration. Review the official documentation for a complete walk through.
The following script, walks us through the steps required to reach the target state, that allows us to add the domain to the Azure Web App.
# We cannot use a CNAME on @
# Therefore, we must use A Records to map
# a naked domain to an Azure Web App
$recordSet = New-AzureRmDnsRecordSet -Name '@' `
-Zone $zone `
-Ttl 60 `
-RecordType A
# Find the IP Address to use from the
# Bring External Domains blade.
Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
-Ipv4Address '104.43.142.33'
Set-AzureRmDnsRecordSet -RecordSet $recordSet
# Create a CNAME that maps WWW
# to the naked domain
$recordSet = New-AzureRmDnsRecordSet -Name 'www' `
-Zone $zone `
-Ttl 60 `
-RecordType CNAME
Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
-Cname 'alexandrebrisebois.com'
Set-AzureRmDnsRecordSet -RecordSet $recordSet
# Microsoft Azure must verify that you
# are authorized to configure the custom
# domain name to point to your web app.
# To verify authorization, create a CNAME
# resource record with your DNS provider
# that points from awverify.www.yourdomain.com
# to awverify.brisebois.azurewebsites.net.
$recordSet = New-AzureRmDnsRecordSet -Name 'awverify' `
-Zone $zone `
-Ttl 60 `
-RecordType CNAME
Add-AzureRmDnsRecordConfig -RecordSet $recordSet `
-Cname 'awverify.brisebois.azurewebsites.net'
Set-AzureRmDnsRecordSet -RecordSet $recordSet
Verification
It’s always nice to be able to verify that we’ve actually accomplished our goals. Using the Resolve-DnsName cmdlet allows us to do just that.
Resolve-DnsName -Name 'alexandrebrisebois.com' -Type ALL -DnsOnly Name Type TTL Section PrimaryServer NameAdministrator SerialNumber ---- ---- --- ------- ------------- ----------------- ------------ alexandrebrisebois.com SOA 3493 Answer edge1.azuredns-cloud.net msnhst.microsoft.com 9 Name : alexandrebrisebois.com QueryType : NS TTL : 3493 Section : Answer NameHost : ns2-05.azure-dns.net Name : alexandrebrisebois.com QueryType : NS TTL : 3493 Section : Answer NameHost : sn1clddns01 Name : alexandrebrisebois.com QueryType : NS TTL : 3493 Section : Answer NameHost : ns1-05.azure-dns.com Name : alexandrebrisebois.com QueryType : NS TTL : 3493 Section : Answer NameHost : ns4-05.azure-dns.info Name : alexandrebrisebois.com QueryType : NS TTL : 3493 Section : Answer NameHost : ns3-05.azure-dns.org
Alexandre Brisebois ☁ 
The Resolve-DnsName cmdlet isn’t present on older systems, even if they have WMF 4.0 installed. Instead you can use this:
LikeLike
Hi John, I think your comment got cut in half. could you repost?
LikeLike
Hi John,
Thanks for your article. I used it to get my first domain setup. But I noticed I needed a bit more of a visual tool. And decided to write one!
Hopefully of interest to others as well: I just put it up on GitHub: https://github.com/sandercox/AzureDNSManager and a binary can be found here: http://scox.nl/azure_dns_manager_v0.1.zip
Cheers!
LikeLike
I have set up a few zones using powershell and have such a session active. However your dnsmanager does not find a subscription. It compiles fine, goes thru the authentication steps and then does nothing. The subscriptions variable shows zero.
LikeLike
This feedback definitely should go on the project’s GitHub repo.
LikeLike
Name : alexandrebrisebois.com
QueryType : NS
TTL : 3493
Section : Answer
NameHost : sn1clddns01
NameHost are not FQDN ?????
LikeLike
Alexandre, thanks for your post, far far better from MS documentation.
Although this processes (Azure) is the worse method I’ve ever worked do manage DNS configuration.
A regular task that could consume just few minutes, I’ve already spent 6 hours and not seem be corrected configured.
LikeLike
Any thoughts on RESOLVE DNS results?
Thanks,
Resolve-DnsName : businessmind.com.br : DNS server failure
At line:1 char:1
+ Resolve-DnsName -Name ‘businessmind.com.br’ -Type ALL -DnsOnly
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (businessmind.com.br:String) [Resolve-DnsNam
+ FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
LikeLike
Seems that the DNS servers are updated and now the RESOLVE DNS is working.
Thank you Alexandre for your post.
LikeLiked by 1 person
Alexandre, the creation of A record seems missing the final command to add it.
My script that worked is:
$recordSet = New-AzureDnsRecordSet -Name ‘@’ -Zone $zone -Ttl 60 -RecordType A
Add-AzureDnsRecordConfig -RecordSet $recordSet -Ipv4Address ‘137.117.xxx.xxx’
Set-AzureDnsRecordSet -RecordSet $recordSet
LikeLiked by 1 person
Thanks, I updated my post :)
LikeLike
Is there a UI for this? .. know of anyone that has done anything against the API to produce one maybe?
LikeLike
Alexandre,
Do you have any thought about subdomain configuration?
I created I new zone like “mysub.mydomain.com” but when I test it using
Resolve-DnsName -Name “mysub.mydomain.com” -Type ALL -DnsOnly
It shows “DNS name does not exist”
I need this subdomain to manage MX record only (for SendGrid parsing).
LikeLike
Never mind, I found the correct way for subdomain MX:
$rs = New-AzureDnsRecordSet -Name “mysubdomain” -RecordType MX -Zone $zone -Ttl 60
Add-AzureDnsRecordConfig -RecordSet $rs -Exchange “mx.sendgrid.net” -Preference 5
Set-AzureDnsRecordSet -RecordSet $rs
LikeLike
Hi,
I created a zone on last thursday evening. If I try to relsove my zone with NS of Microsoft Server it resolves. Its a free trial subcription. But not with 8.8.8.8 and 4.4.2.2. How much time does it takes to reflect.
LikeLike
Hi, the inside Azure is pretty fast. Then from the outside world, it depends on many different variables. Essentially DNS propagation can take up to 48 hours. Have you checked from a VM hosted on Azure?
LikeLike