How can we improve Azure Networking?

Allow modifying NS records in apex of DNS zone

We need to be able to modify the NS records in the apex of a domain hosted by Azure DNS.

In the wake of the DYN DNS DDoS, a lot of large websites are adding multiple independent DNS providers to reduce the impact of a single DNS provider being taken offline.

However, you cannot do this if you use Azure DNS, because Azure does not allow modifying the NS records in the apex of your zone.

Modifying these NS records is possible in Route 53 and Google Cloud DNS, and it is because of the lack of this functionality that we have had to give our DNS business to them.

76 votes
Sign in
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Mark Henderson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Thanks for the feedback. We’ve changed the behaviour in Azure DNS. You can now add or remove additional name server names to the NS record set at the zone apex. This allows you to configure your DNS zone for co-hosting in multiple providers.

Note that Azure DNS does not currently support zone transfers, hence you will need to make other arrangements to ensure the DNS records are in sync across providers.

Note also that whilst you can add additional name server names to the NS record set at the zone apex, you cannot remove or edit the pre-populated Azure DNS name server names. I.e. Azure DNS does not currently support ‘vanity’ name servers. The reason for this is to prevent customers taking a direct dependency on the name server IP addresses at this time.


Sign in
Password icon
Signed in as (Sign out)
  • Ale commented  ·   ·  Flag as inappropriate

    Admin, please respond. is there any progress to remove the default NS records or is there any way I can use the domain name (with another hosting service provider) purchased from Azure.

  • Tomas Dabasinskas commented  ·   ·  Flag as inappropriate

    What's the status of the request? It seems that it's now possible to add additional nameservers, but not possible to delete the default ones.

  • Mark Henderson commented  ·   ·  Flag as inappropriate

    To clarify some more: We need to be able to add (and possibly delete) the existing NS records. For Example, if we were to use AWS and Azure as our two DNS Providers, we would need to add the four Azure NS records into the apex of the domain.

    Or, we may choose to use TWO nameservers from Azure and TWO from AWS so that we're not specifying 8 nameservers, so we might need to delete two of the existing records and replace them with AWS records.

    In other words: There should be no special cases around NS records in the apex - we should be able to do anything we need to them.

Feedback and Knowledge Base