Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    How can we improve Azure Networking?

    You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

    There are two ways to get more votes:

    • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
    • You can remove your votes from an open idea you support.
    • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
    (thinking…)

    Enter your idea and we'll search to see if someone has already suggested it.

    If a similar idea already exists, you can support and comment on it.

    If it doesn't exist, you can post your idea so others can support it.

    Enter your idea and we'll search to see if someone has already suggested it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. designate set of name servers to all self hosted dns zones

      When maintaining DNS Records in Azure, you have to update registrars records to use name servers assigned to a domain. Now that those nameserver sets varies, it takes extra effort to create Records, specially if you have to do it manually.
      It would be easier if you could try and use same set of name servers to all dnz zones for the dns zones you are maintaining.

      38 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the suggestion. We are tracking this on our backlog.

      Some background: Azure DNS supports multiple name servers, which are dynamically assigned as zones are created. This allows us to let customers create zones without first proving that they own the domain name (since if we supported only a single name server set, we couldn’t allow just anyone to create a zone and thereby block the legitimate domain name owner). Domain proof-of-ownership checks are a significant hassle, so it’s important that we avoid them where possible.

      Having said all that, I do understand that in some scenarios having a consistent set of name server names is desirable, and we are considering options for how we might support this in future.

    2. Make Traffic manager able to access Web Apps that uses Authentication

      Traffic manager is currently unable to get the status of a Web App that's using the Authentication/Authorization (simple auth) feature. It would be nice if it could use some kind of service account (or similar) to get authenticated and get the Web App status but still have the security features intact.

      35 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    3. NAPTR Support (Name Authority Pointer)

      Support NAPTR records with Azure DNS. These are primarily used to complement SRV records which you currently support.
      https://en.wikipedia.org/wiki/NAPTR_record

      31 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    4. Support Cisco Umbrella/OpenDNS SAML integeration

      Add support for Cisco Umbrella/OpenDNS SAML integeration to Azure AD (existing open DNS enterprise app does not work)

      30 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    5. Allow upload of DNS zone via portal.

      Allow admins to upload a saved DNS zone via the portal instead of the CLI only.

      24 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    6. Allow option to choose the SSL endpoint to target for Azure Web App endpoints in Traffic Manager

      There is a limitation with using Traffic Manager with Azure Web Apps/App Services right now.

      See this article: https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate#step-3-change-your-domain-name-mapping-ip-based-ssl-only

      When a user combines both IP-based SSL and SNI-based SSL bindings in their app service, SNI-based bindings need to have different DNS configurations in order to work properly. The SNI-based bindings need to target "sni.<appname>.azurewebsites.net" instead of just <appname>.azurewebsites.net.
      It's not possible to directly get to the site at "sni.<appname>.azurewebsites.net" as it's only used for SSL routing in the App Service infrastructure, so you cannot use this URL when adding the App Service as an external endpoint (pinging fails and it…

      23 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    7. Microsoft could be a provider of domain registrations.

      Currently we use Registro.br, Godaddy, 101Domain, Amazon Route 53, Google Domains among others for domain registrations. Microsoft could be a provider of domain registrations. It would be another service that would add to the cloud services already offered by Microsoft. Having everything centralized would be ideal, all in one invoice and customer loyalty.

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  Domain Name Service (DNS, Traffic Manager)  ·  Flag idea as inappropriate…  ·  Admin →
    8. Traffic Manager- allow Internal routing option

      Today Traffic Manager routes external traffic. For Azure PaaS (Web apps) ; deployed in Multiple regions ; if the applications are internal only; there is no option today to route the traffic to multiple ASE v2.0 (Internal)

      20 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    9. Support edns-client-subnet extension in Traffic Manager

      I'm surprised to learn the Traffic Manager does not support the client-subnet feature. Most major CDNs & DNS providers seem to support it.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  Domain Name Service (DNS, Traffic Manager)  ·  Flag idea as inappropriate…  ·  Admin →
    10. Support CAA record in Azure DNS web portal

      Thank you for supporting CAA records via CLI/PowerShell/API - but for the majority of people, this isn't easy. Please add support for these records in the DNS zone management blade.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    11. Provide dyndns protocols

      Provide dyndns2 and other dynamic DNS protocols for Azure DNS to allow updating from network devices and such.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)

      Hi,

      Thank you for your suggestion on feedback.azure.com for Dynamic DNS support in Azure DNS.

      Please can you clarify a couple of points about your suggestion for us:
      1. Are you looking for Dynamic DNS support for Internet-facing domains, or for internal domains?
      2. In the case of Internet domains, how would you expect requests to be secured?

      Thanks!

    12. Azure Secure DNS for protection against malware and other unwanted content

      Create a Secure DNS service that can be used by Enterprise DNS servers and report and block suspect activity from clients. The solution should be based in Microsoft Azure, but should also be integrated with either Microsoft OMS og Windows ATP service.

      All log files collected from Enterprise DNS servers should be forwarded to the Azure Secure DNS service (https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/)

      Examples:
      http://www.computerworld.com/article/2872700/6-dns-services-protect-against-malware-and-other-unwanted-content.html

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    13. custom domain verification for Azure users is a hassle and blocker

      We are setting up an Azure tenant which we want to link to VSTS in order to create a Devops infrastructure.

      To do so we need to add a custom domain in the Azure tenant's AD, but this is impossible because the domain is already listed in another AD (the one used by our Office365 tenant).

      So now we need to use a separate domain, and change all users in VSTS???

      Please remove this barrier....

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    14. Add Support for Secondary DNS

      Given events of late concerning DNS outages and DDoS attacks, it would be advantageous if we could configure custom NS records in Azure DNS to use Secondary DNS.

      At the same time, support for AXFR records should be added to allow outbound zone transfers to be configured so that the Secondary DNS zone can be kept in sync automatically.

      This would then allow us to point to a Secondary DNS service like BuddyNS or DNSMadyEasy.

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    15. Support DNS URI records

      Hello,

      I would like to get support for URI DNS Resource Record. It would allow Azure DNS to host DNS zones using new features, e.g. autodiscovery for Kerberos KDC Proxy Protocol (aka MS-KKDCP).

      For example this use-case enables configuration-less Kerberos clients, which is a big win for certain types of deployments.

      Example of use can be found in RFC draft
      https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery

      Thank you!

      URI record RFC: https://tools.ietf.org/html/rfc7553
      Petr Spacek

      13 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    16. Alias Records support Azure CDN Endpoint

      I want to register APEX domain as Azure CDN's Endpoints in Azure DNS, but this configuration is not supported due to RFC 1912.
      This may be avoided by using alias record, but it only supports Traffic Manager/IP Addresses.
      That's why I want alias records to suport CDN's Endpoints.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    17. Add App Service Virtual IP (VIP) as Traffic Manager endpoints

      When using the Alias Record Set of Azure DNS, it becomes an error if it is a domain name.

      App Service has a VIP, I would like an option to add IP instead of domain name.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    18. Support DNS query policies

      Add support for enabling, configuring, and using DNS query resolution and query recursion policies including for private zones

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    19. Allow Traffic Manager to have HTTPS passthrough capability

      Currently when creating a new Traffic Manager profile, there is no option to have an HTTPS domain created for TM itself. As a result, if traffic is expected to be encrypted from entry (say Azure DNS) to routing (Azure Traffic Manager) all the way to the endpoint application (Azure AKS for instance based on Geographical region) then Traffic Manager should allow for this scenario.

      Adding additional layers in-between the transport design can slow down execution times and transfer times, which may go over SLA agreements with customers. We would like to see Traffic Manager capable of HTTPS passthrough in order…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    20. Limitation on number of Alias Record set assignment, to azure public IP resource.

      Limitation on Alias Record set assignment to azure public IP resource.

      1. We DO NOT have any issues with the number of record sets in a DNS zone.
      2. We also DO NOT have any issues with the number of records in a record set

      our issue is: The Azure Public IP Address resource cannot have more than 20 record sets pointing to it using the "Alias record set" feature. Can you confirm this??

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Don't see your idea?

    Feedback and Knowledge Base