How to create DNS zone and an A record by using Azure DNS

Below is a step-by-step guide for creating a DNS zone and adding an A (Address) Record using the Azure Portal.

Prerequisites

• An active Azure subscription.

• A domain name (optional, for public zones).

Step 1: Create a DNS Zone

1. Sign in to Azure Portal:

2. Navigate to DNS Zones:

   • In the search bar, type "DNS Zones" and select it from the search results.

3. Create a New DNS Zone:

   • Click + Create to open the DNS Zone creation wizard.

4. Provide the Zone Details:

   • Resource Group: Select an existing resource group or create a new one.

   • Name: Enter the domain name for the DNS zone (e.g., example.com for public zones or example.local for private zones).

   • Type: Choose between:

     • Public: For domains that resolve publicly.

     • Private: For internal resolution within VNets (requires VNet linking).

   • Click Review + Create, then click Create after validation.

Step 2: Add an A Record

1. Open the DNS Zone:

   • Once the DNS zone is created, navigate to the resource by clicking its name.

2. Add a Record Set:

   • On the DNS Zone page, click + Record set at the top.

3. Configure the A Record:

   • Name: Enter the subdomain (e.g., www for www.example.com).

   • Type: Select A from the dropdown menu.

   • TTL (Time-to-Live): Specify the cache duration for DNS queries (e.g., 3600 seconds = 1 hour).

   • IP Address: Enter the IPv4 address of the resource (e.g., 192.168.1.10).

   • Click OK to save.

Step 3: Test the Configuration

1. If it’s a public DNS zone:

   • Use tools like nslookup or dig to query the domain:

   xxxxxxxxxx
   1
   1
   nslookup www.example.com
   

2. If it’s a private DNS zone:

   • Ensure the virtual network is linked to the private DNS zone.

   • Log in to a virtual machine within the linked VNet and test name resolution using nslookup:

   xxxxxxxxxx
   1
   1
   nslookup www.example.local
   

Example:

• DNS Zone: example.com

• A Record:

  • Name: www

  • TTL: 3600

  • IP Address: 192.168.1.10

• Resulting Fully Qualified Domain Name (FQDN): www.example.com

Optional: Managing DNS Zone Settings

Azure DNS also allows you to:

1. Add additional record types (e.g., CNAME, MX, TXT).

2. Delete or modify records as needed.

3. Use role-based access control (RBAC) to manage access to DNS zones.

Automating using Azure CLI

Azure CLI is a powerful tool for managing Azure resources from the command line.

Step 1: Install Azure CLI

Step 2: Sign in to Azure

Log in to your Azure account:

xxxxxxxxxx
1
1
az login

Step 3: Create a Resource Group

Create a resource group where the DNS zone will be hosted:

xxxxxxxxxx
3
1
az group create \
2
--name MyResourceGroup \
3
--location eastus

Step 4: Create a DNS Zone

Create a DNS zone for your domain:

xxxxxxxxxx
3
1
az network dns zone create \
2
--resource-group MyResourceGroup \
3
--name example.com

Step 5: Add an A Record

Add an A record to the DNS zone:

xxxxxxxxxx
5
1
az network dns record-set a add-record \
2
--resource-group MyResourceGroup \
3
--zone-name example.com \
4
--record-set-name www \
5
--ipv4-address 192.168.1.10

Step 6: Verify DNS Records

List all DNS records in the zone:

xxxxxxxxxx
3
1
az network dns record-set list \
2
--resource-group MyResourceGroup \
3
--zone-name example.com

Automating using ARM Templates

Azure Resource Manager (ARM) templates allow you to define infrastructure as code.

Step 1: Create an ARM Template

Here's an example JSON template to create a DNS Zone and an A Record:

xxxxxxxxxx
30
1
{
2
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
3
  "contentVersion": "1.0.0.0",
4
  "resources": [
5
    {
6
      "type": "Microsoft.Network/dnsZones",
7
      "apiVersion": "2020-06-01",
8
      "name": "example.com",
9
      "location": "global",
10
      "properties": {}
11
    },
12
    {
13
      "type": "Microsoft.Network/dnsZones/A",
14
      "apiVersion": "2020-06-01",
15
      "name": "example.com/www",
16
      "location": "global",
17
      "properties": {
18
        "TTL": 3600,
19
        "ARecords": [
20
          {
21
            "ipv4Address": "192.168.1.10"
22
          }
23
        ]
24
      },
25
      "dependsOn": [
26
        "[resourceId('Microsoft.Network/dnsZones', 'example.com')]"
27
      ]
28
    }
29
  ]
30
}

Step 2: Deploy the ARM Template

Save the template as dns-zone-template.json, then deploy it using the Azure CLI:

xxxxxxxxxx
3
1
az deployment group create \
2
--resource-group MyResourceGroup \
3
--template-file dns-zone-template.json

3. Key Differences

Using Bicep or Terraform to automate further

To automate deployments further, consider integrating these scripts/templates into Azure DevOps or GitHub Actions workflows.

Use Azure Bicep (a simpler declarative language) for writing ARM templates.

Here’s how to create a DNS Zone and an A Record using Azure Bicep, a simpler and more readable alternative to ARM templates.

1. Introduction to Azure Bicep

Azure Bicep is an Infrastructure as Code (IaC) tool designed to simplify resource deployment on Azure. It is:

• Declarative: Describe "what" you want, not "how" to do it.

• Simplified Syntax: Easier to write and read compared to JSON-based ARM templates.

• Azure-Native: Fully integrated with Azure Resource Manager (ARM).

2. Prerequisites

• Install Azure CLI

• Install Bicep CLI: Use the following Azure CLI command to install Bicep:

xxxxxxxxxx
1
1
az bicep install

• Access to Azure Portal: Ensure you have an active Azure subscription and the required permissions.

3. Create a Bicep File

Bicep Template for DNS Zone and A Record

Save the following as dns-zone.bicep:

xxxxxxxxxx
27
1
@description('Name of the DNS zone')
2
param dnsZoneName string = 'example.com'
3
@description('Resource group location')
4
param location string = 'global'
5
@description('TTL for the A record in seconds')
6
param ttl int = 3600
7
@description('Subdomain for the A record')
8
param recordSetName string = 'www'
9
@description('IPv4 address for the A record')
10
param ipv4Address string = '192.168.1.10'
11
resource dnsZone 'Microsoft.Network/dnsZones@2020-06-01' = {
12
  name: dnsZoneName
13
  location: location
14
  properties: {}
15
}
16
resource aRecord 'Microsoft.Network/dnsZones/A@2020-06-01' = {
17
  name: '${dnsZoneName}/${recordSetName}'
18
  location: location
19
  properties: {
20
    TTL: ttl
21
    ARecords: [
22
      {
23
        ipv4Address: ipv4Address
24
      }
25
    ]
26
  }
27
}

Explanation:

1. dnsZone Resource:

   • Creates the DNS zone with the domain name example.com.

2. aRecord Resource:

   • Creates an A Record (www.example.com) with an IPv4 address.

4. Deploy the Bicep Template

Step 1: Deploy with Azure CLI

Run the following commands to deploy the Bicep file:

1. Create a Resource Group:

xxxxxxxxxx
3
1
az group create \
2
--name MyResourceGroup \
3
--location eastus

2. Deploy the Bicep Template:

xxxxxxxxxx
4
1
az deployment group create \
2
--resource-group MyResourceGroup \
3
--template-file dns-zone.bicep \
4
--parameters dnsZoneName=example.com recordSetName=www ipv4Address=192.168.1.10

Step 2: Verify the Deployment

1. Go to the Azure Portal.

2. Navigate to the DNS Zones blade.

3. Open the created DNS Zone (example.com) and verify that the A Record (www.example.com) is present.

5. Key Benefits of Using Bicep

6. Automate with Azure DevOps or GitHub Actions

Example Azure DevOps Pipeline:

1. Pipeline YAML:

xxxxxxxxxx
15
1
trigger:
2
- main
3
pool:
4
  vmImage: 'ubuntu-latest'
5
steps:
6
- task: AzureCLI@2
7
  inputs:
8
    azureSubscription: 'Your-Azure-Subscription'
9
    scriptType: bash
10
    scriptLocation: inlineScript
11
    inlineScript: |
12
      az deployment group create \
13
        --resource-group MyResourceGroup \
14
        --template-file dns-zone.bicep \
15
        --parameters dnsZoneName=example.com recordSetName=www ipv4Address=192.168.1.10

Example GitHub Actions Workflow:

1. Workflow YAML:

xxxxxxxxxx
21
1
    name: Deploy Bicep Template
2
    on:
3
      push:
4
        branches:
5
          - main
6
    jobs:
7
      deploy:
8
        runs-on: ubuntu-latest
9
        steps:
10
        - name: Checkout Repository
11
          uses: actions/checkout@v2
12
        - name: Log in to Azure
13
          uses: azure/login@v1
14
          with:
15
            creds: ${{ secrets.AZURE_CREDENTIALS }}
16
        - name: Deploy Bicep Template
17
          run: |
18
            az deployment group create \
19
              --resource-group MyResourceGroup \
20
              --template-file dns-zone.bicep \
21
              --parameters dnsZoneName=example.com recordSetName=www ipv4Address=192.168.1.10

Summary

By using Azure Bicep, you gain:

• Simplicity: Cleaner and more intuitive templates.

• Reusability: Modular and easy-to-parameterize templates.

• Integration: Seamless deployment through Azure CLI, DevOps pipelines, or GitHub Actions.

Let me know if you'd like help setting up any of these automation methods!