How to manage DNS Zones in Azure DNS using the Azure CLI
This article shows you how to manage your DNS zones by using the cross-platform Azure CLI. Azure CLI is available for Windows, Mac, and Linux. You can also manage your DNS zones using Azure PowerShell or the Azure portal.
This guide specifically deals with Public DNS zones. For information on using Azure CLI to manage Private Zones in Azure DNS, see Get started with Azure DNS Private Zones using Azure CLI.
Introduction
A DNS zone is used to host the DNS records for a particular domain. To start hosting your domain in Azure DNS, you need to create a DNS zone for that domain name. Each DNS record for your domain is then created inside this DNS zone.
For example, the domain 'contoso.com' may contain several DNS records, such as 'mail.contoso.com' (for a mail server) and 'www.contoso.com' (for a web site).
When creating a DNS zone in Azure DNS:
- The name of the zone must be unique within the resource group, and the zone must not exist already. Otherwise, the operation fails.
- The same zone name can be reused in a different resource group or a different Azure subscription.
- Where multiple zones share the same name, each instance is assigned different name server addresses. Only one set of addresses can be configured with the domain name registrar.
Note
You do not have to own a domain name to create a DNS zone with that domain name in Azure DNS. However, you do need to own the domain to configure the Azure DNS name servers as the correct name servers for the domain name with the domain name registrar.
For more information, see Delegate a domain to Azure DNS.
Set up Azure CLI for Azure DNS
Before you begin
Verify that you have the following items before beginning your configuration.
An Azure subscription. If you don't already have an Azure subscription, you can create a trial account before you begin.
Install the latest version of the Azure CLI, available for Windows, Linux, or MAC. More information is available at Install the Azure CLI.
Sign in to your Azure account
Open a console window and authenticate with your credentials. For more information, see Sign in to Azure from the Azure CLI
az login
Select the subscription
Check the subscriptions for the account.
az account list
Choose which of your Azure subscriptions to use.
az account set --subscription "subscription name"
Optional: To install/use Azure DNS Private Zones feature
The Azure DNS Private Zone feature is available via an extension to the Azure CLI. Install the "dns" Azure CLI extension
az extension add --name dns
Create a resource group
Azure Resource Manager requires resource groups to have a specified location. This location is used as the default location for all resources in that resource group. Since all DNS resources are global, the choice of resource group location has no effect on Azure DNS.
You can skip this step if you're using an existing resource group.
az group create --name myresourcegroup --location "China East"
Getting help
All Azure CLI commands relating to Azure DNS start with az network dns
. Help is available for each command using the --help
option (short form -h
). For example:
az network dns --help
az network dns zone --help
az network dns zone create --help
Create a DNS zone
A DNS zone is created using the az network dns zone create
command. For help, see az network dns zone create -h
.
The following example creates a DNS zone called contoso.com in the resource group called MyResourceGroup:
az network dns zone create --resource-group MyResourceGroup --name contoso.com
To create a DNS zone with tags
The following example shows how to create a DNS zone with two Azure Resource Manager tags, project = demo and env = test, by using the --tags
parameter (short form -t
):
az network dns zone create --resource-group MyResourceGroup --name contoso.com --tags "project=demo" "env=test"
Get a DNS zone
To retrieve a DNS zone, use az network dns zone show
. For help, see az network dns zone show --help
.
The following example returns the DNS zone contoso.com and its associated data from resource group MyResourceGroup.
az network dns zone show --resource-group myresourcegroup --name contoso.com
The following example is the response.
{
"etag": "00000002-0000-0000-3d4d-64aa3689d201",
"id": "/subscriptions/147a22e9-2356-4e56-b3de-1f5842ae4a3b/resourceGroups/myresourcegroup/providers/Microsoft.Network/dnszones/contoso.com",
"location": "global",
"maxNumberOfRecordSets": 5000,
"name": "contoso.com",
"nameServers": [
"ns1-04.azure-dns.cn.",
"ns2-04.azure-dns.cn.",
"ns3-04.azure-dns.cn.",
"ns4-04.azure-dns.cn."
],
"numberOfRecordSets": 4,
"resourceGroup": "myresourcegroup",
"tags": {},
"type": "Microsoft.Network/dnszones"
}
To list DNS records, use az network dns record-set list
.
List DNS zones
To enumerate DNS zones, use az network dns zone list
. For help, see az network dns zone list --help
.
Specifying the resource group lists only those zones within the resource group:
az network dns zone list --resource-group MyResourceGroup
Omitting the resource group lists all zones in the subscription:
az network dns zone list
Update a DNS zone
Changes to a DNS zone resource can be made using az network dns zone update
. For help, see az network dns zone update --help
.
This command doesn't update any of the DNS record sets within the zone (see How to Manage DNS records). It's only used to update properties of the zone resource itself. These properties are currently limited to the Azure Resource Manager 'tags' for the zone resource.
The following example shows how to update the tags on a DNS zone. The existing tags are replaced by the value specified.
az network dns zone update --resource-group myresourcegroup --name contoso.com --set tags.team=support
Delete a DNS zone
DNS zones can be deleted using az network dns zone delete
. For help, see az network dns zone delete --help
.
Note
Deleting a DNS zone also deletes all DNS records within the zone. This operation cannot be undone. If the DNS zone is in use, services using the zone will fail when the zone is deleted.
To protect against accidental zone deletion, see How to protect DNS zones and records.
This command prompts for confirmation. The optional --yes
switch suppresses this prompt.
The following example shows how to delete the zone contoso.com from resource group MyResourceGroup.
az network dns zone delete --resource-group myresourcegroup --name contoso.com
Next steps
Learn how to manage record sets and records in your DNS zone.
Learn how to delegate your domain to Azure DNS.