How can we improve Azure Networking?

Allow modifying NS records in apex of DNS zone

We need to be able to modify the NS records in the apex of a domain hosted by Azure DNS.

In the wake of the DYN DNS DDoS, a lot of large websites are adding multiple independent DNS providers to reduce the impact of a single DNS provider being taken offline.

However, you cannot do this if you use Azure DNS, because Azure does not allow modifying the NS records in the apex of your zone.

Modifying these NS records is possible in Route 53 and Google Cloud DNS, and it is because of the lack of this functionality that we have had to give our DNS business to them.

79 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Mark HendersonMark Henderson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    completed  ·  Azure Networking TeamAdminAzure Networking Team (Admin, Microsoft Azure) responded  · 

    Thanks for the feedback. We’ve changed the behaviour in Azure DNS. You can now add or remove additional name server names to the NS record set at the zone apex. This allows you to configure your DNS zone for co-hosting in multiple providers.

    Note that Azure DNS does not currently support zone transfers, hence you will need to make other arrangements to ensure the DNS records are in sync across providers.

    Note also that whilst you can add additional name server names to the NS record set at the zone apex, you cannot remove or edit the pre-populated Azure DNS name server names. I.e. Azure DNS does not currently support ‘vanity’ name servers. The reason for this is to prevent customers taking a direct dependency on the name server IP addresses at this time.

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Tomas DabasinskasTomas Dabasinskas commented  ·   ·  Flag as inappropriate

        What's the status of the request? It seems that it's now possible to add additional nameservers, but not possible to delete the default ones.

      • Mark HendersonMark Henderson commented  ·   ·  Flag as inappropriate

        To clarify some more: We need to be able to add (and possibly delete) the existing NS records. For Example, if we were to use AWS and Azure as our two DNS Providers, we would need to add the four Azure NS records into the apex of the domain.

        Or, we may choose to use TWO nameservers from Azure and TWO from AWS so that we're not specifying 8 nameservers, so we might need to delete two of the existing records and replace them with AWS records.

        In other words: There should be no special cases around NS records in the apex - we should be able to do anything we need to them.

      Feedback and Knowledge Base