How to manage DNS Zones in Azure DNS using the Azure CLI

This article shows you how to manage your DNS zones by using the cross-platform Azure CLI. Azure CLI is available for Windows, Mac, and Linux. You can also manage your DNS zones using Azure PowerShell or the Azure portal.

This guide specifically deals with Public DNS zones. For information on using Azure CLI to manage Private Zones in Azure DNS, see Get started with Azure DNS Private Zones using Azure CLI.

Introduction

A DNS zone is used to host the DNS records for a particular domain. To start hosting your domain in Azure DNS, you need to create a DNS zone for that domain name. Each DNS record for your domain is then created inside this DNS zone.

For example, the domain 'contoso.com' may contain several DNS records, such as 'mail.contoso.com' (for a mail server) and 'www.contoso.com' (for a web site).

When creating a DNS zone in Azure DNS:

  • The name of the zone must be unique within the resource group, and the zone must not exist already. Otherwise, the operation fails.
  • The same zone name can be reused in a different resource group or a different Azure subscription.
  • Where multiple zones share the same name, each instance is assigned different name server addresses. Only one set of addresses can be configured with the domain name registrar.

Note

You do not have to own a domain name to create a DNS zone with that domain name in Azure DNS. However, you do need to own the domain to configure the Azure DNS name servers as the correct name servers for the domain name with the domain name registrar.

For more information, see Delegate a domain to Azure DNS.

Set up Azure CLI for Azure DNS

Before you begin

Verify that you have the following items before beginning your configuration.

  • An Azure subscription. If you don't already have an Azure subscription, you can activate your MSDN subscriber benefits or sign up for a free account.

  • Install the latest version of the Azure CLI, available for Windows, Linux, or MAC. More information is available at Install the Azure CLI.

Sign in to your Azure account

Open a console window and authenticate with your credentials. For more information, see Sign in to Azure from the Azure CLI

az login

Select the subscription

Check the subscriptions for the account.

az account list

Choose which of your Azure subscriptions to use.

az account set --subscription "subscription name"

Optional: To install/use Azure DNS Private Zones feature

The Azure DNS Private Zone feature is available via an extension to the Azure CLI. Install the “dns” Azure CLI extension

az extension add --name dns

Create a resource group

Azure Resource Manager requires resource groups to have a specified location. This location is used as the default location for all resources in that resource group. Since all DNS resources are global, the choice of resource group location has no effect on Azure DNS.

You can skip this step if you're using an existing resource group.

az group create --name myresourcegroup --location "West US"

Getting help

All Azure CLI commands relating to Azure DNS start with az network dns. Help is available for each command using the --help option (short form -h). For example:

az network dns --help
az network dns zone --help
az network dns zone create --help

Create a DNS zone

A DNS zone is created using the az network dns zone create command. For help, see az network dns zone create -h.

The following example creates a DNS zone called contoso.com in the resource group called MyResourceGroup:

az network dns zone create --resource-group MyResourceGroup --name contoso.com

To create a DNS zone with tags

The following example shows how to create a DNS zone with two Azure Resource Manager tags, project = demo and env = test, by using the --tags parameter (short form -t):

az network dns zone create --resource-group MyResourceGroup --name contoso.com --tags "project=demo" "env=test"

Get a DNS zone

To retrieve a DNS zone, use az network dns zone show. For help, see az network dns zone show --help.

The following example returns the DNS zone contoso.com and its associated data from resource group MyResourceGroup.

az network dns zone show --resource-group myresourcegroup --name contoso.com

The following example is the response.

{
  "etag": "00000002-0000-0000-3d4d-64aa3689d201",
  "id": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/myresourcegroup/providers/Microsoft.Network/dnszones/contoso.com",
  "location": "global",
  "maxNumberOfRecordSets": 5000,
  "name": "contoso.com",
  "nameServers": [
    "ns1-04.azure-dns.com.",
    "ns2-04.azure-dns.net.",
    "ns3-04.azure-dns.org.",
    "ns4-04.azure-dns.info."
  ],
  "numberOfRecordSets": 4,
  "resourceGroup": "myresourcegroup",
  "tags": {},
  "type": "Microsoft.Network/dnszones"
}

To list DNS records, use az network dns record-set list.

List DNS zones

To enumerate DNS zones, use az network dns zone list. For help, see az network dns zone list --help.

Specifying the resource group lists only those zones within the resource group:

az network dns zone list --resource-group MyResourceGroup

Omitting the resource group lists all zones in the subscription:

az network dns zone list 

Update a DNS zone

Changes to a DNS zone resource can be made using az network dns zone update. For help, see az network dns zone update --help.

This command doesn't update any of the DNS record sets within the zone (see How to Manage DNS records). It's only used to update properties of the zone resource itself. These properties are currently limited to the Azure Resource Manager 'tags' for the zone resource.

The following example shows how to update the tags on a DNS zone. The existing tags are replaced by the value specified.

az network dns zone update --resource-group myresourcegroup --name contoso.com --set tags.team=support

Delete a DNS zone

DNS zones can be deleted using az network dns zone delete. For help, see az network dns zone delete --help.

Note

Deleting a DNS zone also deletes all DNS records within the zone. This operation cannot be undone. If the DNS zone is in use, services using the zone will fail when the zone is deleted.

To protect against accidental zone deletion, see How to protect DNS zones and records.

This command prompts for confirmation. The optional --yes switch suppresses this prompt.

The following example shows how to delete the zone contoso.com from resource group MyResourceGroup.

az network dns zone delete --resource-group myresourcegroup --name contoso.com

Next steps

Learn how to manage record sets and records in your DNS zone.

Learn how to delegate your domain to Azure DNS.