How to use an Azure IP Address for Reverse DNS (add in-addr.arpa records)

Milen Denev 91 Reputation points
2024-03-14T12:37:39.8966667+00:00

How to use an Azure IP Address for Reverse DNS (add in-addr.arpa records).

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,134 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 47,011 Reputation points Microsoft Employee
    2024-03-14T13:05:03.8433333+00:00

    Hello @Milen Denev ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know how to configure Reverse DNS for your Azure Public IP address.

    To configure reverse DNS (PTR records) for services hosted in Azure (compute resources such as virtual machines, virtual machine scale sets, and Service Fabric clusters having Public IP addresses), you need to refer the below article:

    https://learn.microsoft.com/en-us/azure/dns/dns-reverse-dns-for-azure-services

    Services in Azure use IP addresses assigned by Azure and owned by Microsoft. These reverse DNS records (PTR records) must be created in the corresponding Microsoft-owned reverse DNS lookup zones.

    As explained in this doc, Azure only allows you to create a reverse DNS record if a forward DNS lookup resolves to the same public IP address, or to names that are defined in your subscription. See the following example. This restriction also applies to Cloud Service.

    Validation is only done when the reverse DNS record is set or modified. Periodic revalidation isn't done.

    For example, suppose the public IP address resource has the DNS name contosoapp1.northus.cloudapp.azure.com and IP address 23.96.52.53. The reverse FQDN for the public IP address can be specified as:

    • The DNS name for the public IP address: contosoapp1.northus.cloudapp.azure.com.
    • The DNS name for a different PublicIpAddress in the same subscription, such as: contosoapp2.westus.cloudapp.azure.com.
    • A vanity DNS name, such as: app1.contoso.com. As long as the name is first configured as a CNAME pointing to contosoapp1.northus.cloudapp.azure.com. The name can also be pointed to a different public IP address in the same subscription.
    • A vanity DNS name, such as: app1.contoso.com. As long as this name is first configured as an A record pointing to the IP address 23.96.52.53. The name can also be pointed to another IP address in the same subscription.

    You can configure reverse DNS for PublicIpAddress resources in the Resource Manager deployment model, using either Azure PowerShell, Azure classic CLI, or Azure CLI. Configuring reverse DNS for PublicIpAddress resources is not currently supported via the Azure portal.

    To add reverse DNS to an existing PublicIpAddress, you need to make sure that the Public IP address has a DNS name.

    If you want to use your own custom domain, then you can follow the below steps:

    Detailed steps:

    I have a custom domain "msazurelabs.tk" and wanted to use this domain to setup as a reverse DNS for my Azure VM's static Public IP, so below are the detailed steps that I followed in my own lab to configure a custom reverse DNS and you can refer the same:

    1. First add a DNS label for the Public IP address for which you want to create a PTR record. You can do this either via Azure portal or using the PowerShell commands:

    136978-image.png

    1. Once the DNS name of the Public IP address is configured and replicated, you will have to go to your DNS provider where your custom domain is and create an A record for the custom DNS to point to the Public IP address or a CNAME record pointing to the Public IP’s DNS name as below:

    137051-image.png

    1. Once the A record or CNAME record is configured & replicated, you can go ahead and set Reverse DNS as follows using the below Azure PowerShell commands:

    $pip = Get-AzPublicIpAddress -Name "VM2PublicIP" -ResourceGroupName "Training-Lab" $pip.DnsSettings.ReverseFqdn = "msazurelabs.tk" Set-AzPublicIpAddress -PublicIpAddress $pip

    It should execute successfully and give the following output:

    *Name : vm2publicip ResourceGroupName : Training-Lab Location : eastus ProvisioningState : Succeeded Tags : PublicIpAllocationMethod : Static **IpAddress : 52.168.167.212 **PublicIpAddressVersion : IPv4 IdleTimeoutInMinutes : 4 IpConfiguration : { "Id": "/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/Training-Lab/providers/Microsoft.Network/networkInterfaces/vm2269/ipConfigurations/ipconfig1" } **DnsSettings : { "DomainNameLabel": "msazurelabs", "Fqdn": "msazurelabs.eastus.cloudapp.azure.com", "ReverseFqdn": "msazurelabs.tk" *} Zones : {} Sku : { "Name": "Basic", "Tier": "Regional" } IpTags : [] ExtendedLocation : null

    NOTE: It may take some time to replicate the settings and then you can verify the same using Digwebinterface as below.

    137061-image.png

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.