Tuesday, January 10, 2017

Using Azure DNS with Office 365

One of the tasks that you need to perform when you adding a custom domain to Office 365 is to firstly verify that you actually own the domain name.

image

The Office 365 domain setup wizard, as shown above, will give you a TXT record you need to insert into your DNS zone so ownership can be verified by Office 365 before proceeding further.

Azure has the ability to host DNS records for you rather than using a hosting provider, so let’s see how you configure this.

image

Open your Azure Resource Manager Portal and select to add a DNS Zone from the market place.

image

The name of your new DNS zone has to match the domain you wish to host. Here azlab01.net. I have also elected to place this new DNS zone into a Resource Group for easy management.

image

After a few moments, the new DNS zone will be created and you can navigate to it in the Azure Resource Manager Portal to manage it.

Simple select the new DNS Zone to view its details.

image

You should see something similar to the above

You will notice two DNS records have already been created shown in the lower half of the screen.

image

In the top right of the blade you’ll find the name servers as shown above.

image

You’ll need to update the domain registration for that domain to point to these name servers instead of where they are currently pointing as shown above.

image

In top left of the blade select Record Set to create a new DNS record in this zone.

image

A new blade will appear, as shown. To verify our Office 365 domain we need to add a TXT record with the string provided as shown above.

When complete, save the new record.

image

If we now look at our DNS zone we see an additional TXT record as expected.

image

If we return to Office 365 and select Verify, our domain should successfully be verified thanks to Azure DNS. We can now proceed onto managing the individual domain records ourselves in Azure DNS. To do this select the option I’ll manage my own DNS records and select Next to continue.

image

As expected, and shown above, we get a long list of DNS records to add to our zone. Now here’s were the benefits of using Azure DNS shine through.

We can use PowerShell with Azure DNS to set all our records using a script. Thus, instead of adding them manually one by one via a browser, we simply run a script that does all the work for us.

get-azurermdnsrecordset –zonename <domain> –resourcegroup <resource group>

To view the existing Azure DNS zone information run the above command once you are connected to Azure.

image

As you can see from the above, one of the entries is the TXT record entered into the Azure DNS zone manually via the portal.

To add an MX record for instance to the zone, execute the following command:

New-azurermdnsrecordset -name "@" -recordtype MX –zonename <domain.com> –resourcegroupname <resource group> -ttl 3600 -DNSrecords (new-azurermdnsrecordconfig –exchange domain-com.mail.protection.outlook.com -preference 0)

That should produce the following record in your zone:

image

If you now execute the appropriate commands that add the remaining records to your zone, you can then return to Office 365 and complete the wizard.

image

If everything is in order you should now get confirmation that your domain has been successfully configured for Office 365 as shown above.

The huge benefit here that Azure DNS provides is the ability to totally script this. Most of the DNS records you need to add for Office 365 are identical or derived from the custom domain you wish to add. Thus, all you need to do is set some parameters at the top of your script and the remainder remains identical. Thus, you can use one PowerShell script to set the DNS Zone records for EVERY custom domain you wish to add to Office 365! How much time is that going to save you if you need to set up lots of custom domains?

Another benefit Azure provides is that ability to assign different rights to different users in you Azure portal. Maybe only a few users can update records, while other can only view them.

image

As you can see from the Azure pricing calculator above, Azure DNS is not a free service. There is a small fee based on the number of zones and DNS queries on those domains you have. In this case, for 1 zone with 1 million queries the cost is AU$1.15 per month, which is really pretty cheap.

I think Azure DNS has a lot of benefits for IT Professionals managing domains. They could aggregate them all under their own partner tenant and become like a hosting business. They could also host the zone records in the individual customer’s Azure tenant, which of course could use the same logins as Office 365 because Office 365 comes with a free Azure tenant. I also like the idea of bringing this sort of thing back to a single supplier rather than using multiple hosting providers.

However, I think the real killer benefit is simply the ability to script everything thanks to PowerShell. This alone is going to save me so much time when I set up test domains and labs. It also means I won’t make spelling mistakes when entering the records for Office 365. All I’ll need to do is change the variable at the top of my script to match the domain I want to work with and then the script is good to go. How easy is that?