Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Support Cisco Umbrella/OpenDNS SAML integeration

      Add support for Cisco Umbrella/OpenDNS SAML integeration to Azure AD (existing open DNS enterprise app does not work)

      36 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      6 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Allow upload of DNS zone via portal.

      Allow admins to upload a saved DNS zone via the portal instead of the CLI only.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    3. Allow Private DNS zones to have IP address from a vNet assigned rather than use Azure DNS Its

      This would allow for on-prem resolution for Private DNS. This would avoid having to stand up DNS proxy servers in each vNet all pointing to the same IP address

      27 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. Microsoft could be a provider of domain registrations.

      Currently we use Registro.br, Godaddy, 101Domain, Amazon Route 53, Google Domains among others for domain registrations. Microsoft could be a provider of domain registrations. It would be another service that would add to the cloud services already offered by Microsoft. Having everything centralized would be ideal, all in one invoice and customer loyalty.

      26 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    5. Avoiding subdomain takeover

      The main concern is that when creating an Azure resource, attaching it to a subdomain in our DNS, and then later deleting that same Azure resource, we must never forget to delete the corresponding subdomain in our DNS because otherwise, since the affinity between Azure and the subdomain is still present, someone can create an Azure resource with the same name as one of our forgotten subdomains and use it to its own advantage.

      I understand that this is the way it works in Azure, but some resources in AWS work with generated CNAME, which is automatically deleted when the…

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    6. Allow option to choose the SSL endpoint to target for Azure Web App endpoints in Traffic Manager

      There is a limitation with using Traffic Manager with Azure Web Apps/App Services right now.

      See this article: https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate#step-3-change-your-domain-name-mapping-ip-based-ssl-only

      When a user combines both IP-based SSL and SNI-based SSL bindings in their app service, SNI-based bindings need to have different DNS configurations in order to work properly. The SNI-based bindings need to target "sni.<appname>.azurewebsites.net" instead of just <appname>.azurewebsites.net.
      It's not possible to directly get to the site at "sni.<appname>.azurewebsites.net" as it's only used for SSL routing in the App Service infrastructure, so you cannot use this URL when adding the App Service as an external endpoint (pinging fails and it…

      23 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    7. Azure DNSSEC

      Please add DNSSEC to Azure DNS. This is a must-have in today's security oriented world

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    8. Provide dyndns protocols

      Provide dyndns2 and other dynamic DNS protocols for Azure DNS to allow updating from network devices and such.

      21 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Thank you for your suggestion on feedback.azure.com for Dynamic DNS support in Azure DNS.

      Please can you clarify a couple of points about your suggestion for us:
      1. Are you looking for Dynamic DNS support for Internet-facing domains, or for internal domains?
      2. In the case of Internet domains, how would you expect requests to be secured?

      Thanks!

    9. Support edns-client-subnet extension in Traffic Manager

      I'm surprised to learn the Traffic Manager does not support the client-subnet feature. Most major CDNs & DNS providers seem to support it.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. Enable Internal Facing Traffic Manager profile

      As of today, Azure Traffic manager supports only Internet facing applications. However, it does allow routing traffic to external end points (DNS/IP) which could be used to route traffic to on-prem resources.

      It would be an essential feature if we could leverage the same features on a vnet.

      Eg. Route internal traffic to multiple on-prem resources (via Express route) based on the service health check.

      Features to support
      1. Enable Internal facing with custom domains (internal domains) & SSL

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    11. Allow the creation of null MX records for domains that accept no mail

      As per RFC7505, allow the creation of a NULL MX record by entering a single period '.' for the MX Record's Mail Exchange field.

      Currently, attempting to create one raises the following error: "Each label must contain at least one character. You may not input consecutive period '.' characters"

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    12. Allow custom DNS servers by subnet.

      Currently, we use a single vnet for each Azure subscription. We provide segmentation of business units by subnets/NSGs. We can set vnets and nics to custom DNS, but there is no way to do this at the subnet level.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. Azure Secure DNS for protection against malware and other unwanted content

      Create a Secure DNS service that can be used by Enterprise DNS servers and report and block suspect activity from clients. The solution should be based in Microsoft Azure, but should also be integrated with either Microsoft OMS og Windows ATP service.

      All log files collected from Enterprise DNS servers should be forwarded to the Azure Secure DNS service (https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/)

      Examples:
      http://www.computerworld.com/article/2872700/6-dns-services-protect-against-malware-and-other-unwanted-content.html

      17 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    14. Enable validation of DNSSEC domains on Azure recursive resolver service (IP 168.63.129.16)

      The default Azure recursive DNS resolver service on virtual IP 168.63.129.16 does not validate DNSSEC as far as I can tell.

      These days I expect a recursive resolver to enable DNSSEC validation by default.

      Please consider enabling DNSSEC validation in the default Azure Recursive Resolver.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    15. Add Support for Secondary DNS

      Given events of late concerning DNS outages and DDoS attacks, it would be advantageous if we could configure custom NS records in Azure DNS to use Secondary DNS.

      At the same time, support for AXFR records should be added to allow outbound zone transfers to be configured so that the Secondary DNS zone can be kept in sync automatically.

      This would then allow us to point to a Secondary DNS service like BuddyNS or DNSMadyEasy.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    16. DNSSEC support on Azure DNS servers

      DNSSEC support on Azure DNS servers

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    17. Support DNS URI records

      Hello,

      I would like to get support for URI DNS Resource Record. It would allow Azure DNS to host DNS zones using new features, e.g. autodiscovery for Kerberos KDC Proxy Protocol (aka MS-KKDCP).

      For example this use-case enables configuration-less Kerberos clients, which is a big win for certain types of deployments.

      Example of use can be found in RFC draft
      https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery

      Thank you!

      URI record RFC: https://tools.ietf.org/html/rfc7553
      Petr Spacek

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    18. custom domain verification for Azure users is a hassle and blocker

      We are setting up an Azure tenant which we want to link to VSTS in order to create a Devops infrastructure.

      To do so we need to add a custom domain in the Azure tenant's AD, but this is impossible because the domain is already listed in another AD (the one used by our Office365 tenant).

      So now we need to use a separate domain, and change all users in VSTS???

      Please remove this barrier....

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    19. All us transfer domains to Azure

      Please allow us to transfer domains to Azure. Thanks.

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    20. Limitation on number of Alias Record set assignment, to azure public IP resource.

      Limitation on Alias Record set assignment to azure public IP resource.


      1. We DO NOT have any issues with the number of record sets in a DNS zone.

      2. We also DO NOT have any issues with the number of records in a record set

      our issue is: The Azure Public IP Address resource cannot have more than 20 record sets pointing to it using the "Alias record set" feature. Can you confirm this??

      14 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base