How can we improve Azure Networking?

Extend Azure DNS to support zone transfers so it can be used as seconday DNS

If Azure DNS supported zone transfers, then if could be used both as a reliable secondary DNS service, or as an external proxy service for AD split-brain, or on-premise hosted DNS configurations.

579 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Nich shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    30 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • David commented  ·   ·  Flag as inappropriate

        Looking for zone transfers to azure to act as secondary name server. IXFR preferred but would like option to do AXFR; Authorization by configured static IPs, or by zone NS records, same as current MS setup.

      • Alex commented  ·   ·  Flag as inappropriate

        Zone transfers on to Azure DNS via AXFR.
        Based on master and ***** IP similar to MS DNS

      • George Friend commented  ·   ·  Flag as inappropriate

        Primarily interested in outbound transfers to local linux server in each office (for disconnected use)
        Unsure on AXFR or IXFR
        Similar to classic MS DNS, allowed transfer IPs / names would suffice

      • Anonymous commented  ·   ·  Flag as inappropriate

        Mainly looking for IN transfers to use Azure DNS as secondary.
        Both AXFR and IXFR, with NOTIFY support, of course.
        Authorization by configured static IPs, or by zone NS records.

      • DO commented  ·   ·  Flag as inappropriate

        – Do you require zone transfers in to Azure DNS, or zone transfers out? Why?
        Both in and out to support secondary DNS and hidden masters

        – Do you require AXFR or IXFR?
        ideally both

        – How should zone transfers be secured?
        by IP address or listed NS like in Windows Server DNS

      • Anonymous commented  ·   ·  Flag as inappropriate

        We would love to use this and give Microsoft some money, but cannot until zone transfers are supported. We are looking for inbound, and outbound. (Inbound would help with the initial setup of hundreds of domains and thousands of records).

        We would like to have a secondary DNS provider as well, so that is why we would look for zone transfers out. We have seen cases where an outage or DDoS attack has taken down a DNS service, and need redundancy with a second unrelated provider.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Is this not yet implemented? seems like core functionality to having a DNS service

      • Anonymous commented  ·   ·  Flag as inappropriate

        We'd like to be able to do (secure) zone transfers as well.
        Primary: Azure / Secondary: On-premise and vice versa.

      • WN commented  ·   ·  Flag as inappropriate

        We would require zone transfers out of Azure to our own DNS servers.
        Both AXFR and IXFR.
        TSIG or IP based.

      • Anonymous commented  ·   ·  Flag as inappropriate

        +1 for allow private zone transfer for Azure DNS. It will be a great business case.

      • Doug Ferguson commented  ·   ·  Flag as inappropriate

        My main use case would be to leverage Azure DNS to host secondary zones. As a secondary use case, I would plan on hosting a few primary zones in Azure and have offsite secondary zones. The idea being to maintain high availability and performance where express route isn't an economical option (and support a "fog" model). AXFR would be minimum requirement. Just don't use any proprietary mechanisms for securing transfers.

      • Anonymous commented  ·   ·  Flag as inappropriate

        We would require zone transfers into Azure DNS. Because of our environment and relationships with other entities, we require different views based on source. Today, this is all handled through a single user interface. While the benefits of moving DNS to Azure DNS (Or AWS Route 53) are intriguing, introducing the possibilities for user error and additional workload of managing DNS services in multiple user interfaces is preventing us from utilizing either. Since we're an Office365 customer already, Azure DNS would be the preferred service.

        AXFR would be a minimum needed, but IXFR would be a nice.

        TSIG would be my preference. IP ACLs would be sufficient for our uses, though.

      • Ariel commented  ·   ·  Flag as inappropriate

        We need it too!

        If there is any problem (for example we forgot to pay the bills and you disable the service) we can have an updated DNS in ither place

        Thanks, Ariel

      • Anonymous commented  ·   ·  Flag as inappropriate

        I would also +1 this as an urgent requirement
        - I require both in and out, IN to facilitate taking my current estate into Azure and OUT so I can improve reliability, security, resiliency by running something like dynDNS as a secondary service. I would probably look to make Azure a hidden master. It would be the killer feature to make me choose Azure DNS over AWS R53, which would seriously influence cloud strategy for organisation.
        - Ideally both AXFR and IXFR
        - to my mind security should be similar to AD - AD Integrated model? Lock by IP as option also.

      • Stephen commented  ·   ·  Flag as inappropriate

        I'm setting up a server/azure structure for my school project and came here looking for answers... Very surprised this isn't even an option yet. Explains a lot.

      • Ryan Schoenhard commented  ·   ·  Flag as inappropriate

        I would also like to see AXFR and IXFR. We use an IPAM system and being able to deploy to the master server and have that replicate to the Azure DNS servers would allow us to continue to use the IPAM features.

      • David Brockus commented  ·   ·  Flag as inappropriate

        Hello,

        – Do you require zone transfers in to Azure DNS, or zone transfers out? Why?
        Our requirement is into Azure DNS but you should support both directions. We have an existing DNS infrastructure but would like to add a secondary that is outside of our IP address space and AS that uses Anycast.

        – Do you require AXFR or IXFR?
        Ideally both need to be supported.

        – How should zone transfers be secured?
        Ideally this should be done by TSIG (Transaction SIGnature). TSIG has been supported in BIND since v8.2.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Its hard for me to believe that this isn't an option yet. Zone transfers are a fundamental part of DNS server operations. Microsoft please hear my cry.

      • GerryVS commented  ·   ·  Flag as inappropriate

        allowing zone transfers from onpremise dns towards Azure should be possible in order to start using Azure as a backup plan for DNS with the possibility to later on easy migrate full dns towards Azure.

      ← Previous 1

      Feedback and Knowledge Base