DNS Zone delegation for your development environment on Azure
In this little guide we are going to see how to configure our DNS so we can delegate DNS zones to be managed by Azure Cloud DNS. This is a requirement for a dev team to have the possibility to create as much environment they need.
We may need temporary environment as well, environment that would be destroyed once we are done with them. Handling the DNS configuration for all these environments can become extremely annoying and cumbersome. What about automating this process ?
Our setup
I will use the domain: domain.ltd as an exemple for my demonstration. And I will delegate the subdomain sub.domain.tld to be managed by Azure Cloud DNS. Each environment would have their own DNS child zone, in the form of env-name.sub.domain.tld.
Create the DNS zone on Azure
First of all, let’s create a new DNS zone in Cloud DNS with the CLI
az network dns zone create -g MyResourceGroup -n sub.domain.tldNow we have to retrieve the name server for this new zone with
az network dns zone show -n sub.domain.tld -g MyResourceGroup --query "nameServers"Which returns
[
"ns1-08.azure-dns.com.",
"ns2-08.azure-dns.net.",
"ns3-08.azure-dns.org.",
"ns4-08.azure-dns.info."
]Be careful these values may be different for you.
Delegating the zone management to Azure Cloud DNS
Now to effectively delegate the DNS zone to be managed by Azure Cloud DNS. We have to configure the DNS for our base domain. This step is to be done on your domain provider page, not on Azure. We have to add the following entries
sub.domain.tld NS ns1-08.azure-dns.com.
sub.domain.tld NS ns1-08.azure-dns.net.
sub.domain.tld NS ns1-08.azure-dns.org.
sub.domain.tld NS ns1-08.azure-dns.info.We can test our setup with dig
dig sub.domain.ltd NSWhich return
;; ANSWER SECTION:
sub.domain.ltd. 60 IN NS ns4-08.azure-dns.info.
sub.domain.ltd. 60 IN NS ns2-08.azure-dns.net.
sub.domain.ltd. 60 IN NS ns3-08.azure-dns.org.
sub.domain.ltd. 60 IN NS ns1-08.azure-dns.com.Perfect but we are not done yet :).
Create a child zone per environment
Now we want the possibility to create multiple environnement for our project. Also we want each environment to have their own DNS zone. We can terraform this part for example. Luckily, a child zone is pretty straightforward to configure. For that we will create a new child zone for each environment. We can use this command for exemple to create a staging environment
az network dns zone create -g MyResourceGroup -n staging.sub.domain.ltd -p sub.domain.ltdOnce again, we can test our configuration with dig
dig staging.sub.domain.ltd NSWhich return
;; ANSWER SECTION:
staging.sub.domain.ltd. 3600 IN NS ns3-09.azure-dns.org.
staging.sub.domain.ltd. 3600 IN NS ns4-09.azure-dns.info.
staging.sub.domain.ltd. 3600 IN NS ns1-09.azure-dns.com.
staging.sub.domain.ltd. 3600 IN NS ns2-09.azure-dns.net.Let’s route traffic
Perfect :). Everything’s fine. Now we have an empty child zone. We can now create a DNS entry to route some traffic to an IP. Here’s below an exemple to route traffic to an imaginary nginx server living at 1.1.1.1.
az network dns record-set a add-record -g MyResourceGroup -z staging.sub.domain.tld -n nginx -a 1.1.1.1nginx.staging.sub.domain.ltd will now resolve to ip 1.1.1.1.
Let’s verify this configuration, once again with dig :
dig nginx.staging.sub.domain.ltdWhich return
;; ANSWER SECTION:
nginx.staging.sub.domain.ltd. 3600 IN A 1.1.1.1Bonus: Kubernetes
If you have services running inside an AKS cluster and you want to expose them. You need to create a new wilcard A entry like so :
az network dns record-set a add-record -g MyResourceGroup -z staging.sub.domain.tld -n * -a <public_ip>Conclusion
There you go. We have delegated a DNS zone management to Azure Cloud DNS. Now that we have this resource inside Azure, we have the flexibility to configure it as much as we want through Infra-as-code tool like Terraform for exemple. Our dev teams is autonomous regarding the number of environment they need.
