Networking
The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.
Virtual Network:
Traffic Manager:
Network Watcher:
If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.
-
Azure DNS needs DNSSEC support
DNSSEC is required to be able to secure your DNS requests. At the moment this is not available. We cannot move until our domains to Azure DNS untill these requirements have been met.
3,615 votesDNSSEC remains on our long term roadmap, however it is unlikely to be available in CY 2019. If DNSSEC is a critical and immediate requirement for your business we’d suggest that you consider evaluating 3rd party DNS hosting solutions that provide this feature.
-
Azure should be its own domain registrar
Windows Azure should offer domain registrar services so users don't have to maintain our domain names with a separate company. This also has the potential to greatly streamline the process of setting up a website on Azure.
1,042 votesDomain registration is being evaluated and remains on our long term road-map. However, it is not planned for CY 2019.
-Rohin K -
Extend Azure DNS to support zone transfers so it can be used as seconday DNS
If Azure DNS supported zone transfers, then if could be used both as a reliable secondary DNS service, or as an external proxy service for AD split-brain, or on-premise hosted DNS configurations.
1,002 votesZone transfer is on our roadmap however not planned for CY 2019.
-Rohin K -
Provide a 301 (Permanent) redirect service for apex (naked) domains
Discussed in the Azure DNS docs: https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset/#comment-2294403853
Right now, you must use a static IP address if you want to point an apex (naked) domain (e.g., mycompany.com) to a Cloud Service (e.g., mycloudservice.cloudapp.net). Static IP's are stable as long as the Cloud Service isn't deprovisioned; however, for maximum security, simplicity, and maintainability (i.e., even if a cloud service is deprovisioned), it would be awesome if we could have 301 redirects for the apex domain to a the www CNAME endpoint and not need to be concerned with the IP address of the Cloud Service at all. The scenario goes like…
725 votesWe are evaluating this feature ask. However, it is not on our immediate roadmap.
-Rohin K -
Azure DNS query log
Hi,
I would like to request Azure DNS Query Log. This will help us identify traffic hitting record name in the dns zone.
Possible Log Sample
Time-Stamp,SourceIP,RecondType,RecordName
236 votes -
Traffic Manager support blob storage
for web site availability, I would like to use blob storage under traffic manager when blob (such as pictures, pdfs , movies) is stored to blob storage.
87 votes -
Make Traffic manager able to access Web Apps that uses Authentication
Traffic manager is currently unable to get the status of a Web App that's using the Authentication/Authorization (simple auth) feature. It would be nice if it could use some kind of service account (or similar) to get authenticated and get the Web App status but still have the security features intact.
46 votes -
designate set of name servers to all self hosted dns zones
When maintaining DNS Records in Azure, you have to update registrars records to use name servers assigned to a domain. Now that those nameserver sets varies, it takes extra effort to create Records, specially if you have to do it manually.
It would be easier if you could try and use same set of name servers to all dnz zones for the dns zones you are maintaining.40 votesThanks for the suggestion. We are tracking this on our backlog.
Some background: Azure DNS supports multiple name servers, which are dynamically assigned as zones are created. This allows us to let customers create zones without first proving that they own the domain name (since if we supported only a single name server set, we couldn’t allow just anyone to create a zone and thereby block the legitimate domain name owner). Domain proof-of-ownership checks are a significant hassle, so it’s important that we avoid them where possible.
Having said all that, I do understand that in some scenarios having a consistent set of name server names is desirable, and we are considering options for how we might support this in future.
-
We need the new configuration in Azure Traffic Manager.
We need the new configuration in Azure Traffic Manager.
When prior region is replying intermittent healthy response to Traffice Manager, It occurs Failover and Failback repeatedly.
(e.g. In case the endpoint returns HTTP 500 intermittently by some system failure, if TM receives HTTP 200 by luck when TM probes there, TM sends requests to troublous endpoint until next probe chance.)We need the configuration that manual Failback.
39 votesThanks for the suggestion, we’ll consider how we can best support failover/failback during ‘grey’ failures in future, including a manual failback option.
-
NAPTR Support (Name Authority Pointer)
Support NAPTR records with Azure DNS. These are primarily used to complement SRV records which you currently support.
https://en.wikipedia.org/wiki/NAPTR_record37 votesThank you for the feedback. We are tracking this ask on our backlog.
-
Integrate Windows IPAM with Azure DHCP
Integrate Windows IPAM with Azure DHCP services.
Some info can be gathered for domain members using DDNS, but not for appliances and other services not using DDNS...33 votesThank you for the feedback. We will consider this suggestion.
-
Allow upload of DNS zone via portal.
Allow admins to upload a saved DNS zone via the portal instead of the CLI only.
24 votesThank you for the suggestion. We’re tracking this on our backlog. Given that the CLI-based option is working for most customers, it may be a while before we get to this.
-
Allow option to choose the SSL endpoint to target for Azure Web App endpoints in Traffic Manager
There is a limitation with using Traffic Manager with Azure Web Apps/App Services right now.
See this article: https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate#step-3-change-your-domain-name-mapping-ip-based-ssl-only
When a user combines both IP-based SSL and SNI-based SSL bindings in their app service, SNI-based bindings need to have different DNS configurations in order to work properly. The SNI-based bindings need to target "sni.<appname>.azurewebsites.net" instead of just <appname>.azurewebsites.net.
It's not possible to directly get to the site at "sni.<appname>.azurewebsites.net" as it's only used for SSL routing in the App Service infrastructure, so you cannot use this URL when adding the App Service as an external endpoint (pinging fails and it…23 votesHi Matt,
Thank you for the feedback. We are always looking to increase the ease in which different Azure services can be consumed together and this falls into that. We will be definitely looking into this specific integration point.
Azure Networking Team
-
Provide dyndns protocols
Provide dyndns2 and other dynamic DNS protocols for Azure DNS to allow updating from network devices and such.
18 votesHi,
Thank you for your suggestion on feedback.azure.com for Dynamic DNS support in Azure DNS.
Please can you clarify a couple of points about your suggestion for us:
1. Are you looking for Dynamic DNS support for Internet-facing domains, or for internal domains?
2. In the case of Internet domains, how would you expect requests to be secured?Thanks!
-
Add Support for Secondary DNS
Given events of late concerning DNS outages and DDoS attacks, it would be advantageous if we could configure custom NS records in Azure DNS to use Secondary DNS.
At the same time, support for AXFR records should be added to allow outbound zone transfers to be configured so that the Secondary DNS zone can be kept in sync automatically.
This would then allow us to point to a Secondary DNS service like BuddyNS or DNSMadyEasy.
16 votesThanks for the feedback. This is on our backlog and we are considering this for our roadmap.
-
Support DNS URI records
Hello,
I would like to get support for URI DNS Resource Record. It would allow Azure DNS to host DNS zones using new features, e.g. autodiscovery for Kerberos KDC Proxy Protocol (aka MS-KKDCP).
For example this use-case enables configuration-less Kerberos clients, which is a big win for certain types of deployments.
Example of use can be found in RFC draft
https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discoveryThank you!
URI record RFC: https://tools.ietf.org/html/rfc7553
Petr Spacek15 votesThanks for posting the suggestion, we are tracking this on our backlog, however at the moment we don’t have an ETA.
-
Support DNS query policies
Add support for enabling, configuring, and using DNS query resolution and query recursion policies including for private zones
10 votesThank you for this feedback. We will review this.
-
Improve Interface / Search for Azure DNS
Please fix azure DNS interface so that search works without having to click "load more" times until you reach the page with the record on it. We have thousands of records and we cant easily find the ones we need to adjust. This is a major issue for our networking team.
8 votesWe have upcoming work planned that we may be able to modify to accommodate this request. We’ll review and consider; thank you for the feedback!
-
nsupdate
We need a painless way to update linux systems with the dynamic internal and external IPs of systems. We'd like to use the Azure DNS service. The painless Linux way is using nsupdate.
Please support allowing us to update entries within our DNS managed domain.
For security either allow us to upload a public key for use with nuspdate, or generate a key pair and let us download the privay=te key.
8 votesThank you for the feedback.
For internal networks, the Azure-provided DNS service already supports dynamic DNS update. However, this service does not enable you to specify your own DNS zone (that’s something we’re already tracking).
For the external networks, Azure DNS today only supports DNS updates via the Azure Resource Manager REST API (the Portal, PowerShell and CLI experiences sit on top of this API). We will consider whether dynamic DNS should also be supported, based on customer demand. -
Add Redis as Traffic Manager Service Type
Currently the Traffic Manager only supports Service Types of Cloud App and Web App. Would be nice to add other services too such as Redis. The outage in West Europe this week highlighted a number of Azure services that currently cannot be Geo-Redundant
7 votesThanks for your suggestion. This is being considered for inclusion in our roadmap
- Don't see your idea?