Tutorial: Host your domain in Azure DNS

You can use Azure DNS to host your DNS domain and manage your DNS records. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Suppose you buy the domain contoso.net from a domain name registrar and then create a zone with the name contoso.net in Azure DNS. Because you’re the owner of the domain, your registrar offers you the option to configure the name server (NS) records for your domain. The registrar stores the NS records in the .NET parent zone. Internet users around the world are then directed to your domain in your Azure DNS zone when they try to resolve DNS records in contoso.net.

In this tutorial, you learn how to:

• Create a DNS zone.
• Retrieve a list of name servers.
• Delegate the domain.
• Verify the delegation is working.

If you don’t have an Azure subscription, create a free account before you begin.

Prerequisites

You must have a domain name available to test with that you can host in Azure DNS. You must have full control of this domain. Full control includes the ability to set the name server (NS) records for the domain.

In this example, we will reference the parent domain as contoso.net

Create a DNS zone

Go to the Azure portal to create a DNS zone. Search for and select DNS zones.

Select Create DNS zone.

On the Create DNS zone page, enter the following values, and then select Create: for example, contoso.net

If the new zone that you are creating is a child zone (e.g. Parent zone = contoso.net Child zone = child.contoso.net), please refer to our Creating a new Child DNS zone tutorial

Setting	Value	Details
Project details:
Resource group	ContosoRG	Create a resource group. The resource group name must be unique within the subscription that you selected. The location of the resource group has no impact on the DNS zone. The DNS zone location is always «global,» and isn’t shown.
Instance details:
Zone child	leave unchecked	Since this zone is not a child zone you should leave this unchecked
Name	contoso.net	Field for your parent zone name
Location	East US	This field is based on the location selected as part of Resource group creation

Retrieve name servers

Before you can delegate your DNS zone to Azure DNS, you need to know the name servers for your zone. Azure DNS allocates name servers from a pool each time a zone is created.

With the DNS zone created, in the Azure portal Favorites pane, select All resources. On the All resources page, select your DNS zone. If the subscription that you selected already has several resources in it, you can enter your domain name in the Filter by name box to easily access the application gateway.

Retrieve the name servers from the DNS zone page. In this example, the zone contoso.net has been assigned name servers ns1-01.azure-dns.com, ns2-01.azure-dns.net, ns3-01.azure-dns.org, and ns4-01.azure-dns.info:

Azure DNS automatically creates authoritative NS records in your zone for the assigned name servers.

Delegate the domain

Now that the DNS zone is created and you have the name servers, you need to update the parent domain with the Azure DNS name servers. Each registrar has its own DNS management tools to change the name server records for a domain.

In the registrar’s DNS management page, edit the NS records and replace the NS records with the Azure DNS name servers.

When you delegate a domain to Azure DNS, you must use the name servers that Azure DNS provides. Use all four name servers, regardless of the name of your domain. Domain delegation doesn’t require a name server to use the same top-level domain as your domain.

When you copy each name server address, make sure you copy the trailing period at the end of the address. The trailing period indicates the end of a fully qualified domain name. Some registrars append the period if the NS name doesn’t have it at the end. To be compliant with the DNS RFC, include the trailing period.

Delegations that use name servers in your own zone, sometimes called vanity name servers, aren’t currently supported in Azure DNS.

Verify the delegation

After you complete the delegation, you can verify that it’s working by using a tool such as nslookup to query the Start of Authority (SOA) record for your zone. The SOA record is automatically created when the zone is created. You might need to wait 10 minutes or more after you complete the delegation, before you can successfully verify that it’s working. It can take a while for changes to propagate through the DNS system.

You don’t have to specify the Azure DNS name servers. If the delegation is set up correctly, the normal DNS resolution process finds the name servers automatically.

From a command prompt, enter a nslookup command similar to the following example:

Verify that your response looks similar to the following nslookup output:

Clean up resources

You can keep the contosoRG resource group if you intend to do the next tutorial. Otherwise, delete the contosoRG resource group to delete the resources created in this tutorial.

• Select the contosoRG resource group, and then select Delete resource group.

Next steps

In this tutorial, you created a DNS zone for your domain and delegated it to Azure DNS. To learn about Azure DNS and web apps, continue with the tutorial for web apps.

What is Azure DNS?

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

You can’t use Azure DNS to buy a domain name. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Your domains then can be hosted in Azure DNS for record management. For more information, see Delegate a domain to Azure DNS.

The following features are included with Azure DNS.

Reliability and performance

DNS domains in Azure DNS are hosted on Azure’s global network of DNS name servers. Azure DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

Security

Azure DNS is based on Azure Resource Manager, which provides features such as:

Azure role-based access control (Azure RBAC) to control who has access to specific actions for your organization.

Activity logs to monitor how a user in your organization modified a resource or to find an error when troubleshooting.

Resource locking to lock a subscription, resource group, or resource. Locking prevents other users in your organization from accidentally deleting or modifying critical resources.

DNSSEC

Azure DNS does not currently support DNSSEC. In most cases, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications. If DNSSEC is a critical requirement for your DNS zones, you can host these zones with third-party DNS hosting providers.

Ease of use

Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.

DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. To learn more about pricing, see Azure DNS pricing.

Your domains and records can be managed by using the Azure portal, Azure PowerShell cmdlets, and the cross-platform Azure CLI. Applications that require automated DNS management can integrate with the service by using the REST API and SDKs.

Customizable virtual networks with private domains

Azure DNS also supports private DNS domains. This feature allows you to use your own custom domain names in your private virtual networks rather than the Azure-provided names available today.

Alias records

Azure DNS supports alias record sets. You can use an alias record set to refer to an Azure resource, such as an Azure public IP address, an Azure Traffic Manager profile, or an Azure Content Delivery Network (CDN) endpoint. If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution. The alias record set points to the service instance, and the service instance is associated with an IP address.

Also, you can now point your apex or naked domain to a Traffic Manager profile or CDN endpoint using an alias record. An example is contoso.com.

Next steps

To learn about DNS zones and records, see DNS zones and records overview.

To learn how to create a zone in Azure DNS, see Create a DNS zone.

For frequently asked questions about Azure DNS, see the Azure DNS FAQ.

Что такое Azure DNS? What is Azure DNS?

Azure DNS является службой размещения доменов DNS, осуществляющей разрешение имен на базе инфраструктуры Microsoft Azure. Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. Размещая домены в Azure, вы можете управлять своими записями DNS с помощью тех же учетных данных, API и инструментов и оплачивать использование, как и другие службы Azure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

Невозможно использовать Azure DNS для приобретения имени домена. You can’t use Azure DNS to buy a domain name. Уплатив ежегодный сбор, можно приобрести имя домена, используя домены Службы приложений Azure или регистратор сторонних доменных имен. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Затем можно разместить домены в Azure DNS, чтобы управлять записями. Your domains then can be hosted in Azure DNS for record management. Дополнительные сведения см. в статье Делегирование домена в Azure DNS. For more information, see Delegate a domain to Azure DNS.

Azure DNS включает следующие функции. The following features are included with Azure DNS.

Надежность и производительность Reliability and performance

Домены DNS в Azure DNS размещаются в глобальной сети DNS-серверов Azure. DNS domains in Azure DNS are hosted on Azure’s global network of DNS name servers. Azure DNS использует произвольную адресацию в сети. Azure DNS uses anycast networking. На каждый запрос DNS отвечает ближайший доступный DNS-сервер. Это обеспечивает высокую скорость обработки запросов и высокую доступность для вашего домена. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

безопасность Security

В основе Azure DNS лежит Azure Resource Manager, благодаря чему служба предлагает такие функции: Azure DNS is based on Azure Resource Manager, which provides features such as:

Управление доступом Azure на основе ролей (Azure RBAC). Позволяет управлять доступом к определенным действиям для организации. Azure role-based access control (Azure RBAC) to control who has access to specific actions for your organization.

Журналы действий. Используются для наблюдения за тем, как пользователь организации изменяет ресурс, а также для поиска ошибки при устранении неполадок. Activity logs to monitor how a user in your organization modified a resource or to find an error when troubleshooting.

Блокировка ресурсов. Позволяет заблокировать подписку, группу ресурсов или ресурс. Resource locking to lock a subscription, resource group, or resource. Блокировка не позволяет пользователям в организации случайно удалить или изменить критически важные ресурсы. Locking prevents other users in your organization from accidentally deleting or modifying critical resources.

Дополнительные сведения см. в разделе Как защитить зоны и записи DNS. For more information, see How to protect DNS zones and records.

DNSSEC DNSSEC

Сейчас Azure DNS не поддерживает DNSSEC. Azure DNS does not currently support DNSSEC. В большинстве случаев можно сократить необходимость в DNSSEC, последовательно реализуя поддержку HTTPS/TLS в приложениях. In most cases, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications. Если поддержка DNSSEC критична для ваших зон DNS, можно разместить эти зоны у сторонних поставщиков размещения DNS. If DNSSEC is a critical requirement for your DNS zones, you can host these zones with third-party DNS hosting providers.

Простота использования Ease of use

Azure DNS может управлять записями DNS для ваших служб Azure, а также предоставлять для внешних ресурсов услуги DNS. Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS интегрирована в портал Azure и использует те же учетные данные, данные для выставления счетов и контракты поддержки, что и другие службы Azure. Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.

Стоимость услуг DNS зависит от количества размещенных в Azure зон DNS, а также количества полученных запросов DNS. DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. Дополнительные сведения о ценах на Azure DNS см. на этой странице. To learn more about pricing, see Azure DNS pricing.

Доменами и записями можно управлять с помощью портала Azure, командлетов Azure PowerShell и кроссплатформенного Azure CLI. Your domains and records can be managed by using the Azure portal, Azure PowerShell cmdlets, and the cross-platform Azure CLI. Приложения, для которых необходимо автоматическое управление DNS, можно интегрировать со службой с помощью REST API и пакетов SDK. Applications that require automated DNS management can integrate with the service by using the REST API and SDKs.

Настраиваемые виртуальные сети с частными доменами Customizable virtual networks with private domains

Azure DNS также поддерживает частные домены DNS. Azure DNS also supports private DNS domains. Эта функция позволяет использовать имена личных доменов в частных виртуальных сетях, а не только имена, предоставленные Azure, как ранее. This feature allows you to use your own custom domain names in your private virtual networks rather than the Azure-provided names available today.

Записи псевдонимов Alias records

Azure DNS поддерживает наборы записей псевдонимов. Azure DNS supports alias record sets. Вы можете использовать набор записей псевдонимов, чтобы указать на ресурс Azure, например общедоступный IP-адрес Azure, профиль диспетчера трафика Azure или конечную точку сети доставки содержимого (CDN) Azure. You can use an alias record set to refer to an Azure resource, such as an Azure public IP address, an Azure Traffic Manager profile, or an Azure Content Delivery Network (CDN) endpoint. При изменении IP-адреса базового ресурса набор записей псевдонимов самостоятельно обновляется во время разрешения DNS. If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution. Набор записей псевдонимов указывает на экземпляр службы, а экземпляр службы связан с IP-адресом. The alias record set points to the service instance, and the service instance is associated with an IP address.

Кроме того, теперь вы можете направить домен apex или незащищенный домен на профиль диспетчера трафика или в конечную точку CDN с помощью записи псевдонима. Also, you can now point your apex or naked domain to a Traffic Manager profile or CDN endpoint using an alias record. Например, contoso.com. An example is contoso.com.

Дальнейшие действия Next steps

Дополнительные сведения о записях и зонах DNS см. в статье Обзор зон и записей DNS. To learn about DNS zones and records, see DNS zones and records overview.

Дополнительные сведения о том, как создать зону DNS в Azure DNS, см. в этой статье. To learn how to create a zone in Azure DNS, see Create a DNS zone.

Часто задаваемые вопросы о DNS см. в статье Вопросы и ответы о Azure DNS. For frequently asked questions about Azure DNS, see the Azure DNS FAQ.