![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 64%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
732 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hi @Richard,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
Yes, using an Alias record in Azure DNS is the standard way to point an apex domain to an Azure Front Door. To achieve your requirement, it requires a bit more configuration than a simple Alias record. Direct Alias records across tenants are not supported.
For your reference: https://learn.microsoft.com/en-us/azure/frontdoor/front-door-how-to-onboard-apex-domain?pivots=front-door-standard-premium
The main concept is to delegate a subdomain (or the apex domain itself) from the DNS zone in the Front Door's tenant to the Azure DNS zone in the other tenant. This allows the Azure DNS zone to manage the records for your domain, including the necessary Alias record for Front Door.
For your reference: https://learn.microsoft.com/en-us/azure/dns/dns-zones-records
Please go to the Azure portal, navigate to your Front Door profile. You need to get the hostname provided by Front Door and in your Azure DNS zone, create an Alias record for your apex domain. Point this Alias record to the Front Door hostname. This is the crucial step that links your domain to Front Door.
In the DNS zone where your apex domain is currently managed, create NS records. These NS records will delegate authority for your domain (or a subdomain) to the Azure DNS name servers.
For your reference: https://learn.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns#retrieve-name-servers
Go to your current DNS provider where your apex domain is registered. Add the NS records you obtained from the Azure DNS zone in the other tenant. If you are delegating the apex domain itself, replace the existing NS records with the Azure DNS ones. If delegating a subdomain, create new NS records specifically for that subdomain.
To achieve your requirement, you need to have appropriate permissions in both Azure tenants to manage DNS and Front Door resources. Also, you need to have the access to the DNS settings where your apex domain is currently managed and be careful of TTL values. Changes to NS records can take time to propagate.
After setting up the delegation, use tools like dig to verify that the NS records are correctly configured and that the Alias record is resolving to your Front Door hostname.
Kindly let us know if the above helps or you need further assistance on this issue.
I hope this has been helpful!
Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!