Azure networking services that can be used with these scenarios

asked 2021-05-07T05:23:24.623+00:00
Dileepa 1 Reputation point Microsoft MVP

I have to select the best networking services/service in Azure for each of the following scenarios, I'm seeking advice on selecting the best solution.

  1. DNS ServiceRedundant, geographically distributed with reliability and fault-tolerance.
  2. Support for DNSSEC to avoid common DNS security issues.
  3. DNS DDoS protection.
  4. DNS with continuous patching, scanning, and monitoring with great security.
  5. Supportsfailover, round-robin, latency-based routing, geographic DNS, and geo-proximity routing
  6. Monitoring capability with a visual dashboard.

In a nutshell, this solution required to implementation DNS service with better security in place. Hope someone can advise me on this. Thank you in advance!

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
389 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,170 questions
Azure Content Delivery Network
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2021-06-21T12:39:15.48+00:00
    GitaraniSharma-MSFT 26,921 Reputation points Microsoft Employee

    Hello @Dileepa ,

    Apologies for the delay in response.

    Please find the responses to your queries below:

    1.DNS Service Redundant, geographically distributed with reliability and fault-tolerance.
    Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS uses Anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.
    Please refer : https://learn.microsoft.com/en-us/azure/dns/dns-overview

    2.Support for DNSSEC to avoid common DNS security issues.
    Azure DNS does not currently support DNSSEC. In most cases, you can reduce the need for DNSSEC by consistently using HTTPS/TLS in your applications. If DNSSEC is a critical requirement for your DNS zones, you can host these zones with third-party DNS hosting providers.
    This feature is on our long term roadmap and you can upvote this feature request in the user voice forum here.
    Please refer : https://learn.microsoft.com/en-us/azure/dns/dns-overview#dnssec

    3.DNS DDoS protection.
    Azure DDoS Protection Basic helps protect all Azure services, including PaaS services like Azure DNS.
    Please refer : https://learn.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices#ddos-protection-basic

    4.DNS with continuous patching, scanning, and monitoring with great security.
    Azure Defender for DNS provides an additional layer of protection for your resources that are connected to Azure DNS by continuously monitoring all DNS queries from your Azure resources and running advanced security analytics to alert you about suspicious activity.
    Please refer : https://learn.microsoft.com/en-us/azure/security-center/defender-for-dns-introduction
    https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/dns-security-baseline

    5.Supports failover, round-robin, latency-based routing, geographic DNS, and geo-proximity routing
    Azure Traffic Manager is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness. You can implement disaster recovery using Azure DNS and Traffic Manager.
    Please refer : https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
    https://learn.microsoft.com/en-us/azure/networking/disaster-recovery-dns-traffic-manager

    6.Monitoring capability with a visual dashboard.
    Azure DNS provides metrics for you to monitor specific aspects of your DNS zones. With the metrics in Azure DNS, you can configure alerting based on conditions that are met. The metrics provided use the Azure Monitor service to display the data.
    Please refer : https://learn.microsoft.com/en-us/azure/dns/dns-alerts-metrics

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    No comments