Share via

How can I use Bicep to create an Azure DNS alias record?

James Munro 20 Reputation points
2025-03-07T09:49:02.6066667+00:00

We use Bicep to manage our DNS records in an Azure DNS Zone.

I have recently set up an Azure Front Door profile with custom domains, which is working fine. One of the custom domains is an apex domain, so the Azure portal creates a DNS A record (in alias mode) which points to the Azure resource: i.e. the Front Door profile/endpoint.

The portal provides a nice UI to manage this. Because we manage our DNS using Bicep, we now need to add this A record definition to our Bicep file to avoid accidentally reverting it in future Bicep deployments.

I can find no documentation on how to do this. I have tried something like this:

resource aliasRecord 'Microsoft.Network/dnsZones/A@2018-05-01' = {
  parent: dnsZone
  name: '@'
  properties: {
    TTL: 3600
    targetResource: {
      id: '/subscriptions/{guid}/resourcegroups/{rgName}/providers/Microsoft.Network/frontdoors/{profileName}/frontendendpoints/{endpointName}'
    }
  }
}

I get a "Reference records are not supported for resource" error. I can't find any guidance on how to reference the Front Door endpoint here.

Is there any documentation or advice on how to represent a DNS alias record like this in Bicep?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
776 questions
0 comments
Accepted answer
  1. Abiola Akinbade 24,015 Reputation points
    2025-03-07T10:02:53.0066667+00:00

    Hello James Munro,

    I could not find a doc for you on this, but as a suggestion, you could export the ARM from the resource on the portal them decompile to bicep.
    In the Azure Portal, go to the Resource groups section and select the resource group containing your DNS records. Then export https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/export-template-cli

    You can then proceed to decompile using:

    https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/decompile?tabs=azure-cli

    This will give you the code you need

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Munro 20 Reputation points
    2025-03-08T21:39:44.7033333+00:00

    I followed Abiola's useful advice and copied the resource template for the DNS zone, and decompiled it ("paste as Bicep" in VS Code).

    The resulting Bicep looks something like this:

    resource aliasRecord 'Microsoft.Network/dnsZones/A@2018-05-01' = {
  parent: dnsZone
  name: '@'
  properties: {
    TTL: 3600
    targetResource: {
      id: '/subscriptions/{guid}/resourceGroups/{rgName}/providers/Microsoft.Cdn/profiles/{frontDoorName}/afdendpoints/{endpointName}'
    }
  }
}

    So I was close, with a couple of incorrect route segments in my first attempt. Note that the endpointName is only the part you define, not the random part added by AFD.

    I have tested this Bicep and it worked perfectly.

    Thanks Abiola!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.