none
Queries about Azure DNS RRS feed

  • Question

  • Team,

    I am looking for follwoing information about Azure DNS, however unable to find that. 

    - How do we Audit DNS in Azuer, for ex, if some changes happened where is it logged?

    - How do we see traffic coming to Azure hosted DNS Zone. 

    - Is there a way we can setup Azure DNS Zone as Secondary Zone, currently we have to manually update records in DNS, can this be automated?

    - Is there a way to backup DNS Zones somewhere in Azure? I am asking this because recently our DNS Zone was deleted due to a mistake, and when we recreated it, we got new name servers.  


    Alokm M

    Saturday, January 14, 2017 4:44 AM

Answers

  • Hi Alokm, and thanks for the great questions! Answers below.

    1. Azure DNS is an Azure Resource Manager service.  All operations are authorized/authenticated/logged by Azure Resource Manager before they are passed to Azure DNS. You can therefore use the Azure Resource Manager audit logs to review your DNS changes.  To access the logs, click on 'activity log' within the DNS zone blade in the Azure Portal.
    2. Currently, we do not expose DNS query volumes via the Azure Portal. This is on our backlog. You will be able to see your monthly query volumes via your Azure billing statement.
    3. Azure DNS does not currently support zone transfers. To use Azure DNS as a 'secondary' name server, you will need to integrate DNS changes via the Azure DNS REST API, using one of our SDKs.  Again, this is a backlog item for us.
    4. Providing an integrated backup/restore feature is again a backlog item. In the meantime, you can use a regular script to export the DNS zone for archival, for example using the DNS Zone export feature of the Azure CLI. In addition, we strongly recommend using Azure resource locks to prevent accidental zone deletion.

    Regards,

    Jonathan Tuliani, Program Manager, Azure DNS

    Monday, January 16, 2017 10:40 AM
    Moderator

All replies

  • Hello,

    We are checking on the query and would get back to you soon on this. I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,
    Sumanth BM

    Saturday, January 14, 2017 8:13 PM
  • Hi Alokm, and thanks for the great questions! Answers below.

    1. Azure DNS is an Azure Resource Manager service.  All operations are authorized/authenticated/logged by Azure Resource Manager before they are passed to Azure DNS. You can therefore use the Azure Resource Manager audit logs to review your DNS changes.  To access the logs, click on 'activity log' within the DNS zone blade in the Azure Portal.
    2. Currently, we do not expose DNS query volumes via the Azure Portal. This is on our backlog. You will be able to see your monthly query volumes via your Azure billing statement.
    3. Azure DNS does not currently support zone transfers. To use Azure DNS as a 'secondary' name server, you will need to integrate DNS changes via the Azure DNS REST API, using one of our SDKs.  Again, this is a backlog item for us.
    4. Providing an integrated backup/restore feature is again a backlog item. In the meantime, you can use a regular script to export the DNS zone for archival, for example using the DNS Zone export feature of the Azure CLI. In addition, we strongly recommend using Azure resource locks to prevent accidental zone deletion.

    Regards,

    Jonathan Tuliani, Program Manager, Azure DNS

    Monday, January 16, 2017 10:40 AM
    Moderator
  • We are looking at using Azure DNS and the one concerning issue is the costs related to the number of DNS queries. You say we cannot get the query volume from the portal. Do we get any type of warning that we are exceeding a certain number? Can we reach out to support to get a total at any point?   What is consider a typical number of DNS queries (realizing this is a lose ended question, but 1 million queries vs 1 billion queries makes a huge difference is costs).

    Friday, January 20, 2017 7:30 PM