Inquiry Regarding DNS Zone Creation Across Different Azure Tenants

Lucas 60 Reputation points
2024-04-05T07:56:41.8866667+00:00

Dear Azure Support Team,

I hope this message finds you well. I have a couple of queries regarding the creation of DNS zones across different Azure tenants and subscriptions.

I'm curious to know if it's possible to create two DNS zones with the same name under different Azure tenants (i.e., different subscriptions). If so, would it be feasible to add the NS records from both DNS zones to the domain registrar's configuration? Additionally, can records from both DNS zones be properly resolved?

Alternatively, if it's not permissible to create DNS zones with identical names, I'm interested in learning how resources in two subscriptions from different tenants, such as front doors, can utilize the same domain.

Your assistance and guidance on these matters would be greatly appreciated.

Thank you for your time and attention.

Best regards,
Lucas

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
597 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
940 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 35,086 Reputation points Microsoft Employee
    2024-04-05T09:40:37.6333333+00:00

    @Lucas ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know if you could use two Azure DNS Zones under different Azure tenants.

    Azure does support co-hosting.

    • Provided your registrar also supports it.
    • The document talks about co-hosting domains with other DNS services, and hence I believe this should work with 2 DNS Zones in 2 different Tenants.

    However, I would not recommend this. Because,

    • This requires DNS records for the domain are in sync between both DNS providers.
    • DNS records must be synchronized by using either the Azure DNS management portal, REST API, SDK, PowerShell cmdlets, or the CLI tool which adds to management overhead.
    • Also, you have to delegate your domain to all four Azure DNS name servers from each Zone to qualify for the Azure DNS SLA.
    • This means, your Registrar should support up to 8 Name servers.

    I see your requirement is to make resources in a different subscription leverage the DNS Zone in the main subscription.

    • I take it that you are primarily interested in using Custom Domains.
    • Most of the PaaS Services support having the Domain completely third party.
    • In your example, AFD, you can always use the "All other DNS Services" option.
      User's image
    • i.e., in the subscription where the DNS Zone resides, you can use "Azure Managed" and in the other subscriptions, you may use "All other DNS Services" option.
    • Then you can continue to validate the TXT record as mentioned in the doc.

    NOTE :

    • If your intention is to use the same FQDN, such as "test.contoso.com" for two AFD Profiles, it won't be feasible irrespective of the DNS service you use.
    • You may use "test1.contoso.com" for one profile and "test2.contoso.com" for another profile.
    • User's image

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest