Share via

Azure DNS Name Servers, are they shared with the public?

Shamik Ghosh 21 Reputation points
2024-05-10T10:36:56.26+00:00

I'm studying for the AZ-104, and got wondering about Azure DNS Zones and who can access the name servers. I created a DNS Zone (not a private DNS Zone) called testzonesg.com, and created one A record called "host". The assigned name servers for the zone are ns1-35.azure-dns.com. to ns4-35.azure-dns.info.

so doing an nslookup host.testzonesg.com ns1-35.azure-dns.com does correctly return the IP address I have arbitrarily set (10.0.0.1), and obviously I don't own any "testzonesg.com" domain so this would not be resolvable over any public DNS server, but what about the 4 Azure DNS Name servers mentioned above, the ones starting with ns1 etc? I'm guessing they are shared amongst other tenants and subscriptions within Azure? If so, say hypothetically I create a zone called "google.com", with an A record of www.google.com pointing to nowhere, would I not mess things up for anyone else who are using those exact same DNS Name Servers for their own vnets? Or am I missing something here?

Edit: As a test I tried creating a "google.com" DNS zone in Azure and it failed stating that the zone was not available, which figures. So that answers my question, as Azure checks beforehand to see if the Zone already exists on public DNS or not. Seeing as it was able to create "testzonesg.com", was this because this domain has not been registered been anywhere?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
605 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
998 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 36,861 Reputation points Microsoft Employee
    2024-05-10T11:18:49.2333333+00:00

    @Shamik Ghosh ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    To address your queries,

    1.I'm guessing they are shared amongst other tenants and subscriptions within Azure?

    • Yes
    • They may be used by other tenants when you create a Public DNS Zone.

    2.If so, say hypothetically I create a zone called "google.com", with an A record of www.google.com pointing to nowhere, would I not mess things up for anyone else who are using those exact same DNS Name Servers for their own vnets?

    • No
    • This is because no VNET uses the DNS Name Servers
    • Azure DNS for VNETs is provided by Azure WireServer IP 168.63.129.16 and not the DNS Name Servers that are visible when you create a Public DNS Zone.
    • Also, note that these DNS Name Servers are not Public DNS Servers, (like 1.1.1.1 or 8.8.8.8) and cannot resolve other domains.
      • So even if you modify the VNET to use the DNS Name Servers, it cannot provide you full DNS capabilities.

    3.Azure checks beforehand to see if the Zone already exists on public DNS or not.

    • Yes, Azure does check if a Zone is delegated somewhere else or not.
    • This is more of a recent addition to combat such scenarios and this works for some popular domains.
    • You will be still able to create domains which you do not own and is available publicly.
    • Google, Microsoft, Bing are well known and hence platform prevents you from creating DNS Zones for these popular sites.
    • See : I can't create a DNS zone

    Since, "testzonesg.com" is not well known - you were able to create this.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest