Azure DNS was first announced at the Microsoft Ignite conference in Chicago in May of 2015. I was there in the conference session when it was announced, because I confess – I love DNS. In this blog post I will provide some criteria that can help you determine whether Azure DNS is right for your external DNS zones. Warning: This is a 300 level article – if you do not have an intermediate understanding of DNS, I recommend first reading this article (here).
Since Azure DNS was announced almost 12 months ago, the only administration interface for Azure DNS was PowerShell. This limited the early adoption of Azure DNS to hyper enthusiasts (like myself) or people who look for any excuse to use PowerShell (you know who you are!). Microsoft announced today that Azure DNS can now be managed in the new Azure Portal, which is now sure to increase interest and adoption of this service. So if you are managing your DNS today, why switch to Azure DNS? Here are a few principles that I suggest for guiding this decision:
- Are your external DNS zones hosted on an unsupported version of Windows Server? If so, then this would be an opportunity to migrate to a supported solution. I have witnessed many environments where external DNS is running on Windows 2003 and even Windows 2000. The scary thing is these are internet-facing services, and since these operating systems are no longer receiving security updates, this could be an open door for hackers or worms to infiltrate into the environment.
- Are all of your external DNS servers in the same physical location? If so, then Azure DNS provides an opportunity to migrate to a more resilient solution since Azure DNS is automatically load balanced across multiple regions.
- Have you heard of a routing technique called Anycast? Unless you have deployed your own external DNS infrastructure across the world, it will be hard to beat the performance that Azure DNS offers because of its implementation of “Anycast.” DNS queries automatically route to the closest name servers for the best possible performance. And this translates into better application performance since application latency won’t be waiting on DNS responses. For a nice PDF of how Anycast works (click here).
- Does the idea or need to programmatically create DNS records in PowerShell downright excite you? Then Azure DNS is for you. Get your geek on with this nice walkthrough by Alexandre Brisebois. Just. Because. You. Can. https://alexandrebrisebois.wordpress.com/2015/06/11/moving-to-azure-dns/
- Do you need very short TTL values? Some DNS providers like Network Solutions will not allow you to create a record with anything less than a 60 minute TTL. They do this because they do not charge you by query, so they would prefer to have less DNS traffic hitting their network. Microsoft, on the other hand, charges by individual query, so it benefits them to offer low TTL values, since every time the record expires from DNS cache, that results in another query and therefore more $$ to MSFT. Smart.
Azure DNS is currently in preview and prices below reflect a 50% preview discount
- Use DNSStuff.com to create a baseline of your current DNS performance before considering switching to Azure DNS. Then run the same report after you switch to see if performance improved favorably.
- Configure TTL values of 3600 (60 minutes) to keep the DNS queries low and therefore your price low. Lower TTL values will give you greater flexibility to quickly redirect traffic to another host, with the tradeoff of increased cost.
Contact Support if you need the limits below increased. These are the limits during preview, so they may change when Azure DNS reaches general availability.
– A record set is two records with the same name. For example, two A records with the name ‘WWW’ pointing to two separate IP addresses is a single record set. You can have up to 20 ‘WWW’ records in a single record set.
– A record is a type of DNS entry such as ‘A’ ‘MX’ ‘CNAME’ ‘TXT’ ‘SRV’ and so on. You can have up to 1000 records per Azure DNS zone.
Getting started with Azure DNS
Disclaimer: DO not proceed on a production DNS zone –> this service is in Beta and the information below is for educational purposes only for LAB/Testing environments. Use at your own risk.
1. Create your new Zone in Azure DNS first.
2. Create DNS Records in your new zone
You can use the new GUI method when you have just a single record to update, but when you want to do bulk administration, . First, you have to have the right PowerShell modules installed and then logon to your Azure Tenant: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-dnszone/
Then once you have powershell connected, a minimum of three lines of code are required to create a single record in your DNS zone. For example, to create an A record for WWW to point to 18.104.22.168, you would run these three commands:
$rs = New-AzureRmDnsRecordSet -Name “www” -RecordType “A” -ZoneName “contoso.com” -ResourceGroupName “Website” -Ttl 3600
Add-AzureRmDnsRecordConfig -RecordSet $rs -Ipv4Address 22.214.171.124
Set-AzureRmDnsRecordSet -RecordSet $rs
For more information on the PowerShell syntax, see: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset/
TIP: If you were previously hosting your DNS zone on Godaddy, you can export your zone to a file for easy importing into Azure.
5. When you are happy with your Zone then you are ready to point the world at it. This is done through Delegation. Read: “Delegate your domain to Azure” here for more info:
For example, in Godaddy, this is done in the Manage DNS and Settings tab > Manage.
These name servers can be found in your new Azure DNS settings here:
Azure DNS is still in preview, so Microsoft’s official recommendation is to wait until it reaches the generally available milestone before migrating production zones onto it. However, if you think you would benefit from it, you can begin experimenting with it now to gain familiarity with it.
Often, hosting external DNS with your DNS registrar is free, but it may not always have the best performance. For example, when I queried the authoritative name servers for my DNS records, I received a 100ms TCP response. After switching to Azure DNS, queries against my DNS zone improved to 50ms! Therefore, Azure DNS might be worth the price when you consider the reduced latency in DNS lookups for your domain name, or the increase high availability compared to hosting it yourself.