What is Azure Public DNS?
Azure Public DNS is a hosting service for DNS domains that provides name resolution by using Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.
You can't use Azure Public DNS to buy a domain name. For an annual fee, you can buy a domain name. Your domains then can be hosted in Azure Public DNS for record management. For more information, see Delegate a domain to Azure DNS.
The following features are included with Azure Public DNS.
Reliability and performance
DNS domains in Azure Public DNS are hosted on Azure's global network of DNS name servers. Azure Public DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.
Security
Azure Public DNS is based on Azure Resource Manager, which provides features such as:
- Azure role-based access control (Azure RBAC) to control who has access to specific actions for your organization.
- Activity logs to monitor how a user in your organization modified a resource or to find an error when troubleshooting.
- Resource locking to lock a subscription, resource group, or resource. Locking prevents other users in your organization from accidentally deleting or modifying critical resources.
For more information, see How to protect DNS zones and records.
DNSSEC
Azure Public DNS doesn't currently support DNSSEC. In most cases, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications. If DNSSEC is a critical requirement for your DNS zones, you can host these zones with third-party DNS hosting providers.
Ease of use
Azure Public DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure Public DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.
DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. To learn more about pricing, see Azure DNS pricing.
Your domains and records can be managed by using the Azure portal, Azure PowerShell cmdlets, and the cross-platform Azure CLI. Applications that require automated DNS management can integrate with the service by using the REST API and SDKs.
Customizable virtual networks with private domains
Azure Public DNS also supports private DNS domains. This feature allows you to use your own custom domain names in your private virtual networks rather than the Azure-provided names available today.
For more information, see Use Azure DNS for private domains.
Alias records
Azure Public DNS supports alias record sets. You can use an alias record set to refer to an Azure resource, such as an Azure public IP address, an Azure Traffic Manager profile, or an Azure Content Delivery Network (CDN) endpoint. If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution. The alias record set points to the service instance, and the service instance is associated with an IP address.
Also, you can now point your apex or naked domain to a Traffic Manager profile or CDN endpoint using an alias record. An example is contoso.com.
For more information, see Overview of Azure DNS alias records.
Next steps
- To learn about DNS zones and records, see DNS zones and records overview.
- To learn how to create a zone in Azure Public DNS, see Create a DNS zone.
- For frequently asked questions about Azure DNS, see the Azure DNS FAQ.