Delegate a Domain to Azure DNS
In today’s Ask the Admin, I’ll explain how to delegate a domain name that you own to Azure DNS.
In Microsoft Azure: A First Look at Azure DNS and Configure a DNS Zone Using Azure DNS on the Petri IT Knowledgebase, I explained what Microsoft’s new Azure DNS is and what it has to offer, plus how to set up a DNS zone using Microsoft Azure PowerShell.
Azure DNS doesn’t allow you to purchase domain names from Microsoft, so you’ll still need to pay a domain registrar a yearly fee for your own custom domain name, and delegate the domain to Azure DNS if you want your application to be accessible from the public Internet. Although, owning a domain name is not a prerequisite for using Azure DNS.
What Is Delegation?
When a local DNS server receives a request from a client to resolve a domain name, such as petri.com, it finds the name server hosting the petri.com zone by starting at the Internet root name servers, where there is a record for the .com zone. The .com name servers are then queried to find the name servers hosting the petri.com zone, which know where to find petri.com.
Two copies of the name server (NS) records are made. An authoritative record is held in the child zone, and another in the parent zone that points to the child. If you want to make your application available on the Internet, you’ll need to register an NS record for your Azure DNS zone in the parent zone, such as .com or .net.
Delegating a Domain to Azure
Azure DNS automatically creates authoritative NS records in zones you create. If you own petri.com, then the domain registrar needs to create an NS record in the .com zone that points to Microsoft’s name servers. To find the name servers for your Azure DNS zone, use the Get-AzureRmDnsRecordSet PowerShell cmdlet as shown below, replacing the values for the -ZoneName and -ResourceGroupName parameters as needed:
Get-AzureRmDnsRecordSet -ZoneName contoso.com -ResourceGroupName DNSZoneResourceGroup
For more detailed information about working with Azure DNS and PowerShell, see the instructions in Configure a DNS Zone Using Azure DNS on Petri IT Knowledgebase.
Each domain registrar has its own management system for changing DNS records, so you will need to contact them to find out how to log in and manage your domain’s NS records. The only rule is that when delegating a domain to Azure, you must use all the four name servers provided in the output of Get-AzureRmDnsRecordSet.
Once the NS records have been configured, you can check that name resolution is working by using a tool such as nslookup:
nslookup -type=SOA contoso.com
Delegating a Sub-Domain
If you want to delegate a sub-domain, such as sharepoint.contoso.com, you’ll need to configure the NS records in the parent zone, contoso.com, instead of in .com. First, create objects for the child domain and parent zones:
$parent = Get-AzureRmDnsZone -Name contoso.com -ResourceGroupName DNSZoneResourceGroup $child = Get-AzureRmDnsZone -Name sharepoint.contoso.com -ResourceGroupName DNSZoneResourceGroup
Now get the NS records for the child zone:
$child_ns_recordset = Get-AzureRmDnsRecordSet -Zone $child -Name '@' -RecordType NS
Finally, create an NS record for the child zone in the parent zone. The command that follows copies the NS record that’s automatically created in the child zone, and pastes it into the parent zone:
$parent_ns_recordset = New-AzureRmDnsRecordSet -Zone $parent -Name 'sharepoint' -RecordType NS -Ttl 3600 $parent_ns_recordset.Records = $child_ns_recordset.Records Set-AzureRmDnsRecordSet -RecordSet $parent_ns_recordset
Use Get-AzureRmDnsRecordSet to check that the NS records for the child zone have been created in the parent:
Get-AzureRmDnsRecordSet -Zone $parent
In this article, I showed you how to delegate an Azure DNS domain, and how to delegate a sub-domain created in Azure.