Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details
  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details
  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details
  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Allow option to choose the SSL endpoint to target for Azure Web App endpoints in Traffic Manager

      There is a limitation with using Traffic Manager with Azure Web Apps/App Services right now.

      See this article: https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate#step-3-change-your-domain-name-mapping-ip-based-ssl-only

      When a user combines both IP-based SSL and SNI-based SSL bindings in their app service, SNI-based bindings need to have different DNS configurations in order to work properly. The SNI-based bindings need to target "sni.<appname>.azurewebsites.net" instead of just <appname>.azurewebsites.net.
      It's not possible to directly get to the site at "sni.<appname>.azurewebsites.net" as it's only used for SSL routing in the App Service infrastructure, so you cannot use this URL when adding the App Service as an external endpoint (pinging fails and it…

      23 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    2. Microsoft could be a provider of domain registrations.

      Currently we use Registro.br, Godaddy, 101Domain, Amazon Route 53, Google Domains among others for domain registrations. Microsoft could be a provider of domain registrations. It would be another service that would add to the cloud services already offered by Microsoft. Having everything centralized would be ideal, all in one invoice and customer loyalty.

      23 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    3. Support edns-client-subnet extension in Traffic Manager

      I'm surprised to learn the Traffic Manager does not support the client-subnet feature. Most major CDNs & DNS providers seem to support it.

      19 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    4. Provide dyndns protocols

      Provide dyndns2 and other dynamic DNS protocols for Azure DNS to allow updating from network devices and such.

      18 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Hi,

      Thank you for your suggestion on feedback.azure.com for Dynamic DNS support in Azure DNS.

      Please can you clarify a couple of points about your suggestion for us:
      1. Are you looking for Dynamic DNS support for Internet-facing domains, or for internal domains?
      2. In the case of Internet domains, how would you expect requests to be secured?

      Thanks!

    5. Add Support for Secondary DNS

      Given events of late concerning DNS outages and DDoS attacks, it would be advantageous if we could configure custom NS records in Azure DNS to use Secondary DNS.

      At the same time, support for AXFR records should be added to allow outbound zone transfers to be configured so that the Secondary DNS zone can be kept in sync automatically.

      This would then allow us to point to a Secondary DNS service like BuddyNS or DNSMadyEasy.

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    6. Azure Secure DNS for protection against malware and other unwanted content

      Create a Secure DNS service that can be used by Enterprise DNS servers and report and block suspect activity from clients. The solution should be based in Microsoft Azure, but should also be integrated with either Microsoft OMS og Windows ATP service.

      All log files collected from Enterprise DNS servers should be forwarded to the Azure Secure DNS service (https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/)

      Examples:
      http://www.computerworld.com/article/2872700/6-dns-services-protect-against-malware-and-other-unwanted-content.html

      16 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    7. Support DNS URI records

      Hello,

      I would like to get support for URI DNS Resource Record. It would allow Azure DNS to host DNS zones using new features, e.g. autodiscovery for Kerberos KDC Proxy Protocol (aka MS-KKDCP).

      For example this use-case enables configuration-less Kerberos clients, which is a big win for certain types of deployments.

      Example of use can be found in RFC draft
      https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery

      Thank you!

      URI record RFC: https://tools.ietf.org/html/rfc7553
      Petr Spacek

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    8. custom domain verification for Azure users is a hassle and blocker

      We are setting up an Azure tenant which we want to link to VSTS in order to create a Devops infrastructure.

      To do so we need to add a custom domain in the Azure tenant's AD, but this is impossible because the domain is already listed in another AD (the one used by our Office365 tenant).

      So now we need to use a separate domain, and change all users in VSTS???

      Please remove this barrier....

      15 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    9. Traffic Manager Private Endpoints

      For Traffic Manager, allow us to use private endpoints (load-balancer) for fail over. It looks like someone created a work around using Web Apps but would like to have a supported method for RFC1918 addresses.

      https://blogs.msdn.microsoft.com/mihansen/2018/05/24/using-azure-traffic-manager-for-private-endpoint-failover-manual-method/

      12 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    10. Limitation on number of Alias Record set assignment, to azure public IP resource.

      Limitation on Alias Record set assignment to azure public IP resource.

      1. We DO NOT have any issues with the number of record sets in a DNS zone.
      2. We also DO NOT have any issues with the number of records in a record set

      our issue is: The Azure Public IP Address resource cannot have more than 20 record sets pointing to it using the "Alias record set" feature. Can you confirm this??

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    11. Alias Records support Azure CDN Endpoint

      I want to register APEX domain as Azure CDN's Endpoints in Azure DNS, but this configuration is not supported due to RFC 1912.
      This may be avoided by using alias record, but it only supports Traffic Manager/IP Addresses.
      That's why I want alias records to suport CDN's Endpoints.

      11 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    12. Add App Service Virtual IP (VIP) as Traffic Manager endpoints

      When using the Alias Record Set of Azure DNS, it becomes an error if it is a domain name.

      App Service has a VIP, I would like an option to add IP instead of domain name.

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    13. Support DNS query policies

      Add support for enabling, configuring, and using DNS query resolution and query recursion policies including for private zones

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    14. Allow Traffic Manager to have HTTPS passthrough capability

      Currently when creating a new Traffic Manager profile, there is no option to have an HTTPS domain created for TM itself. As a result, if traffic is expected to be encrypted from entry (say Azure DNS) to routing (Azure Traffic Manager) all the way to the endpoint application (Azure AKS for instance based on Geographical region) then Traffic Manager should allow for this scenario.

      Adding additional layers in-between the transport design can slow down execution times and transfer times, which may go over SLA agreements with customers. We would like to see Traffic Manager capable of HTTPS passthrough in order…

      10 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    15. Improve Interface / Search for Azure DNS

      Please fix azure DNS interface so that search works without having to click "load more" times until you reach the page with the record on it. We have thousands of records and we cant easily find the ones we need to adjust. This is a major issue for our networking team.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    16. nsupdate

      We need a painless way to update linux systems with the dynamic internal and external IPs of systems. We'd like to use the Azure DNS service. The painless Linux way is using nsupdate.

      Please support allowing us to update entries within our DNS managed domain.

      For security either allow us to upload a public key for use with nuspdate, or generate a key pair and let us download the privay=te key.

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you for the feedback.
      For internal networks, the Azure-provided DNS service already supports dynamic DNS update. However, this service does not enable you to specify your own DNS zone (that’s something we’re already tracking).
      For the external networks, Azure DNS today only supports DNS updates via the Azure Resource Manager REST API (the Portal, PowerShell and CLI experiences sit on top of this API). We will consider whether dynamic DNS should also be supported, based on customer demand.

    17. Enable validation of DNSSEC domains on Azure recursive resolver service (IP 168.63.129.16)

      The default Azure recursive DNS resolver service on virtual IP 168.63.129.16 does not validate DNSSEC as far as I can tell.

      These days I expect a recursive resolver to enable DNSSEC validation by default.

      Please consider enabling DNSSEC validation in the default Azure Recursive Resolver.

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    18. Add Redis as Traffic Manager Service Type

      Currently the Traffic Manager only supports Service Types of Cloud App and Web App. Would be nice to add other services too such as Redis. The outage in West Europe this week highlighted a number of Azure services that currently cannot be Geo-Redundant

      7 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    19. Azure DNS should support some of the less-common record types

      Azure DNS supports the most common DNS record types. However, I'd like to use other ones, like OPENPGPKEY, HIP, RP, SSHFP, URI, and (once DNSSEC support is added) TLSA. Adding those records would be fairly simple and require little change to your backend.

      Right now, I need to start up and Azure VM, install Linux, then set up BIND. I'd much prefer to leverage Azure DNS for my DNS needs.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    20. Allow Private DNS zones to have IP address from a vNet assigned rather than use Azure DNS Its

      This would allow for on-prem resolution for Private DNS. This would avoid having to stand up DNS proxy servers in each vNet all pointing to the same IP address

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base