How can we improve Azure Networking?

Extend Azure DNS to support zone transfers so it can be used as seconday DNS

If Azure DNS supported zone transfers, then if could be used both as a reliable secondary DNS service, or as an external proxy service for AD split-brain, or on-premise hosted DNS configurations.

898 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Nich shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

47 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Thank you for the update, but I don't understand why the top 3 DNS requested improvements on this site are not planned for CY 2019. Zone Transfers and DNSSEC are pretty much requirements for DNS services today.

    If you have plans to not improve these services, or stop providing DNS services in the future, you should let your customers know. Seems like there is no development at all with Azure DNS.

  • Nathalie commented  ·   ·  Flag as inappropriate

    – Do you require zone transfers in to Azure DNS, or zone transfers out? Why?
    We have a project to have many ***** on-premise but also in the cloud as possible. To do so, we need to be able to zone transfer the information from our Primary DNS server to the Secondary in the cloud
    – Do you require AXFR or IXFR?
    In fact, we require both AXFR and IXFR
    – How should zone transfers be secured?
    Actually we are using the protocol GSS-TSIG, so with the same protocol or an equivalent

  • Anonymous commented  ·   ·  Flag as inappropriate

    you have to add the ability to do a zone transfer SINCE YOU HAVE ZERO ABILITY TO BACKUP DNS INFORMATION

  • Fergal Moran commented  ·   ·  Flag as inappropriate

    Wow - went to transfer one of our DNS zones into Azure for the sake of consistency.
    Cannot believe this super basic feature is not available.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Looking for zone transfers out so that we can use Azure DNS as primary and another provider as secondary.

  • Jim commented  ·   ·  Flag as inappropriate

    Is there an update on this in the Azure DNS backlog or has it been dropped?. It's been a few years since there was an official update.

  • Eric JENOUVRIER commented  ·   ·  Flag as inappropriate

    – Do you require zone transfers in to Azure DNS, or zone transfers out? Why?

    To be able to build a hybrid DNS architecture on which 2 servers are onpremise (legacy) and some additional are out of onpremise legacy (Azure DNS). It will allow legacy DNS/Zone Management to stay onPremise/legacy process of the client and the infrastructure be more in the best practice (diversity (technology), diversity (datacenter/subnet/ASN/routing), diversity (root TLD of dns server)

    – Do you require AXFR or IXFR?

    AXFR

    – How should zone transfers be secured?

    It have to be secured yes (whatever the way it is secured), the most important thing is the compatibility with other kind of DNS Services. The top 5 I have on our use case are

    * Bind / https://www.isc.org/git/
    * Knot / https://www.knot-dns.cz/
    * NSD / https://www.nlnetlabs.nl/projects/nsd/about/
    * PowerDNS / https://www.powerdns.com/
    * and of course Microsoft DNS / https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816603(v=ws.10)

  • Daniel commented  ·   ·  Flag as inappropriate

    > Do you require zone transfers in to Azure DNS, or zone transfers out? Why?

    Zone transfers in to Azure DNS so it can act as a secondary DNS service.

    > Do you require AXFR or IXFR?

    AXFR

    > How should zone transfers be secured?

    TSIG

  • Jeremy commented  ·   ·  Flag as inappropriate

    We would use Azure DNS if it supported incoming zone transfers from our primary writable DNS server. Securing the transfers by IP should be fine as long as long as it is part of your Azure vnet or on-premises network using site-to-site VPN or express route.

  • Mike Lloyd commented  ·   ·  Flag as inappropriate

    – Do you require zone transfers in to Azure DNS, or zone transfers out? Why?

    Zone transfers out Azure DNS to on-premise Active Directory DNS servers to help with resolving addresses.

    – Do you require AXFR or IXFR?

    AXFR.

    – How should zone transfers be secured?

    Same as Active Directory DNS zone transfers.

  • Kevin Bell commented  ·   ·  Flag as inappropriate

    I want to use Azure as a reliable secondary DNS server. I do *not* want Azure DNS servers as my primary DNS, because I want to control and modify my .DOM files directly, load them to a local DNS server that I can lay hands on, and easily update my Azure DNS server with that modified .DOM file. I do *not* want the Azure SOA record insisting that it is authoritative, especially if that DNS zone is on an IP address that could change at any time.

    I like the idea of Azure DNS. I do not like surrendering control of my domain to it. At this point, my only alternative if I want to use Azure is to spin up a dedicated Azure AM that only does DNS queries.

  • Sethuraman A commented  ·   ·  Flag as inappropriate

    We will consider using Azure DNS as the primary and have another provider as backup.

    - Do you require zone transfers in to Azure DNS, or zone transfers out? Why?

    Both. Initially we would start using Azure DNS as a backup and later we would want to migrate that backup to become the primary.

    - Do you require AXFR or IXFR?

    It depends on the other providers, so at this point I think support for both makes sense.

    - How should zone transfers be secured?

  • Frank commented  ·   ·  Flag as inappropriate

    The only thing holding us up from moving to Azure DNS is zone transfers.

    – Do you require zone transfers in to Azure DNS, or zone transfers out? Why? - Both, and that allows us flexibility in deciding primary, secondary scenarios in the future. Managing the zone updates between providers of a hosted DNS solution would become very cumbersome.

    – Do you require AXFR or IXFR? Both

    – How should zone transfers be secured? The same way MS Server DNS handles it today.

    100 DNS zones and growing.

  • Sergiu commented  ·   ·  Flag as inappropriate

    Any progress on this task?
    In our company (~50 DNS zones) the migration is on hold because you're not supporting the feature

  • Eric JENOUVRIER commented  ·   ·  Flag as inappropriate

    A client wanted to use Azure as Virtual Datacenter and extend his Private Network by Express Route. Within this scenario the client already have its private DNS infrastructure with its own solution but not reluctant to Azure DNS if it was possible to integrate it (ie. zone delegation) like

    Scenario 1 / client DNS (*.clientprivate) => Azure DNS (*.azure.clientprivate)
    Scenario 2 / client DNS (*.clientprivate) => client DNS zone delgation (*.azure.clientprivate =>multiple Azure DNS delegation (*.spoke1.azure.clientprivate, *.spoke2.azure.clientprivate)

  • David commented  ·   ·  Flag as inappropriate

    Looking for zone transfers to azure to act as secondary name server. IXFR preferred but would like option to do AXFR; Authorization by configured static IPs, or by zone NS records, same as current MS setup.

  • Alex commented  ·   ·  Flag as inappropriate

    Zone transfers on to Azure DNS via AXFR.
    Based on master and ***** IP similar to MS DNS

  • George Friend commented  ·   ·  Flag as inappropriate

    Primarily interested in outbound transfers to local linux server in each office (for disconnected use)
    Unsure on AXFR or IXFR
    Similar to classic MS DNS, allowed transfer IPs / names would suffice

← Previous 1 3

Feedback and Knowledge Base