How to import/export DNS zone file to Azure DNS using CLI

Login to Azure using CLI

az login

az account set -s <Subscription Name>

To Import Zone File:-
az network dns zone import -g <ResourceGroupName> -n <ZoneName> -f  <ZoneFileFullPath>

To Test imported zone file:-
az network dns record-set list -g <ResourceGroupName> -z <ZoneName>

Import and export a Azure DNS zone file using CLI

Import a DNS zone file into Azure DNS

Importing a zone file creates a new zone in Azure DNS if one does not already exist. If the zone already exists, the record sets in the zone file must be merged with the existing record sets.

Merge behavior

  • By default, existing and new record sets are merged. Identical records within a merged record set are de-duplicated.
  • When record sets are merged, the time to live (TTL) of preexisting record sets is used.
  • Start of Authority (SOA) parameters (except host) are always taken from the imported zone file. Similarly, for the name server record set at the zone apex, the TTL is always taken from the imported zone file.
  • An imported CNAME record does not replace an existing CNAME record with the same name.
  • When a conflict arises between a CNAME record and another record of the same name but different type (regardless of which is existing or new), the existing record is retained.

Additional information about importing

The following notes provide additional technical details about the zone import process.

  • The $TTL directive is optional, and it is supported. When no $TTL directive is given, records without an explicit TTL are imported set to a default TTL of 3600 seconds. When two records in the same record set specify different TTLs, the lower value is used.
  • The $ORIGIN directive is optional, and it is supported. When no $ORIGIN is set, the default value used is the zone name as specified on the command line (plus the terminating “.”).
  • The $INCLUDE and $GENERATE directives are not supported.
  • These record types are supported: A, AAAA, CNAME, MX, NS, SOA, SRV, and TXT.
  • The SOA record is created automatically by Azure DNS when a zone is created. When you import a zone file, all SOA parameters are taken from the zone file except the host parameter. This parameter uses the value provided by Azure DNS. This is because this parameter must refer to the primary name server provided by Azure DNS.
  • The name server record set at the zone apex is also created automatically by Azure DNS when the zone is created. Only the TTL of this record set is imported. These records contain the name server names provided by Azure DNS. The record data is not overwritten by the values contained in the imported zone file.
  • During Public Preview, Azure DNS supports only single-string TXT records. Multistring TXT records are be concatenated and truncated to 255 characters.

CLI format and values

The format of the Azure CLI command to import a DNS zone is:

az network dns zone import -g <resource group> -n <zone name> -f <zone file name>

 

Values:

  • <resource group> is the name of the resource group for the zone in Azure DNS.
  • <zone name> is the name of the zone.
  • <zone file name> is the path/name of the zone file to be imported.

If a zone with this name does not exist in the resource group, it is created for you. If the zone already exists, the imported record sets are merged with existing record sets.

Step 1. Import a zone file

To import a zone file for the zone chirkut.com.

  1. If you don’t have one already, you need to create a Resource Manager resource group.

az group create –group myresourcegroup -l westeurope

2. To import the zone chirkut.com from the file chirkut.com.txt into a new DNS zone in the resource group myresourcegroup, you will run the command az network dns zone import.
This command loads the zone file and parses it. The command executes a series of commands on the Azure DNS service to create the zone and all the record sets in the zone. The command reports progress in the console window, along with any errors or warnings. Because record sets are created in series, it may take a few minutes to import a large zone file.

az network dns zone import -g myresourcegroup -n chirkut.com -f contoso.com.txt

Step 2. Verify the zone

To verify the DNS zone after you import the file, you can use any one of the following methods:

  • You can list the records by using the following Azure CLI command:

az network dns record-set list -g myresourcegroup -z chirkut.com

 

  • You can list the records by using the PowerShell cmdlet Get-AzureRmDnsRecordSet.
  • You can use nslookup to verify name resolution for the records. Because the zone isn’t delegated yet, you need to specify the correct Azure DNS name servers explicitly. The following sample shows how to retrieve the name server names assigned to the zone. This also shows how to query the “www” record by using nslookup.

az network dns record-set ns list -g myresourcegroup -z –output json

 

CMD

nslookup www.contoso.com ns1-03.azure-dns.com

Server: ns1-01.azure-dns.com
Address: 40.90.4.1

Name:www.contoso.com
Addresses: 134.170.185.46
134.170.188.221

Step 3. Update DNS delegation

After you have verified that the zone has been imported correctly, you need to update the DNS delegation to point to the Azure DNS name servers. For more information, see the article Update the DNS delegation.

Export a DNS zone file from Azure DNS

The format of the Azure CLI command to import a DNS zone is:

az network dns zone export -g <resource group> -n <zone name> -f <zone file name>

Values:

  • <resource group> is the name of the resource group for the zone in Azure DNS.
  • <zone name> is the name of the zone.
  • <zone file name> is the path/name of the zone file to be exported.

As with the zone import, you first need to sign in, choose your subscription, and configure the Azure CLI to use Resource Manager mode.

To export a zone file

To export the existing Azure DNS zone chirkut.com in resource group myresourcegroup to the file chirkut.com.txt (in the current folder), run azure network dns zone export. This command calls the Azure DNS service to enumerate record sets in the zone and export the results to a BIND-compatible zone file.

az network dns zone export -g myresourcegroup -n chirkut.com -f chirkut.com.txt

How to manage DNS Zones using PowerShell

Set up Azure PowerShell for Azure DNS

Before you begin

Verify that you have the following items before beginning your configuration.

  • An Azure subscription. If you don’t already have an Azure subscription, you can activate your MSDN subscriber benefits or sign up for a free account.
  • You need to install the latest version of the Azure Resource Manager PowerShell cmdlets. For more information, see How to install and configure Azure PowerShell.

In addition, to use Private Zones (Public Preview), you need to ensure you have the below PowerShell modules and versions.

  • AzureRM.Dns – version 4.1.0 or above
  • AzureRM.Network – version 5.4.0 or above

Find-Module -Name AzureRM.Dns

Find-Module -Name AzureRM.Network

The output of the above commands need to show that the version of AzureRM.Dns is 4.1.0 or higher version, and for AzureRM.Network is 5.4.0 or higher version.

In case your system has earlier versions, you can either install the latest version of Azure PowerShell, or download and install the above modules from the PowerShell Gallery, using the links above next to the Module versions. You can then install them using the below commands. Both the modules are required and are fully backwards compatible.

Install-Module -Name AzureRM.Dns -Force

Install-Module -Name AzureRM.Network -Force

Sign in to your Azure account

Open your PowerShell console and connect to your account. For more information, see Using PowerShell with Resource Manager.

Connect-AzureRmAccount

 

Select the subscription

Check the subscriptions for the account.

Get-AzureRmSubscription

Choose which of your Azure subscriptions to use.

Select-AzureRmSubscription -SubscriptionName “your_subscription_name”

Create a resource group

Azure Resource Manager requires that all resource groups specify a location. This location is used as the default location for resources in that resource group. However, because all DNS resources are global, not regional, the choice of resource group location has no impact on Azure DNS.

You can skip this step if you are using an existing resource group.

New-AzureRmResourceGroup -Name MyAzureResourceGroup -location “East US”

Register resource provider

The Azure DNS service is managed by the Microsoft.Network resource provider. Your Azure subscription must be registered to use this resource provider before you can use Azure DNS. This is a one-time operation for each subscription.

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network

Create a DNS zone

A DNS zone is created by using the New-AzureRmDnsZone cmdlet.

The following example creates a DNS zone called contoso.com in the resource group called MyResourceGroup:

New-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup

The following example shows how to create a DNS zone with two Azure Resource Manager tagsproject = demo and env = test:

New-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup -Tag @{ project=”demo”; env=”test” }

Azure DNS now also supports private DNS zones (currently in public preview). To learn more about private DNS zones, see Using Azure DNS for private domains. For an example of how to create a private DNS zone, see Get started with Azure DNS private zones using PowerShell.

Get a DNS zone

To retrieve a DNS zone, use the Get-AzureRmDnsZone cmdlet. This operation returns a DNS zone object corresponding to an existing zone in Azure DNS. The object contains data about the zone (such as the number of record sets), but does not contain the record sets themselves (see Get-AzureRmDnsRecordSet).

Get-AzureRmDnsZone -Name chirkut.com –ResourceGroupName MyAzureResourceGroup

Name : chirkut.com
ResourceGroupName : myresourcegroup
Etag : 00000003-0000-0000-8ec2-f4879750d201
Tags : {project, env}
NameServers : {ns1-01.azure-dns.com., ns2-01.azure-dns.net., ns3-01.azure-dns.org.,
ns4-01.azure-dns.info.}
NumberOfRecordSets : 2
MaxNumberOfRecordSets : 5000

 

List DNS zones

By omitting the zone name from Get-AzureRmDnsZone, you can enumerate all zones in a resource group. This operation returns an array of zone objects.

$zoneList = Get-AzureRmDnsZone -ResourceGroupName MyAzureResourceGroup

By omitting both the zone name and the resource group name from Get-AzureRmDnsZone, you can enumerate all zones in the Azure subscription.

$zoneList = Get-AzureRmDnsZone

Update a DNS zone

Changes to a DNS zone resource can be made by using Set-AzureRmDnsZone. This cmdlet does not update any of the DNS record sets within the zone (see How to Manage DNS records). It’s only used to update properties of the zone resource itself. The writable zone properties are currently limited to the Azure Resource Manager ‘tags’ for the zone resource.

Use one of the following two ways to update a DNS zone:

Specify the zone using the zone name and resource group

This approach replaces the existing zone tags with the values specified.

Set-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup -Tag @{ project=”demo”; env=”test” }

Specify the zone using a $zone object

This approach retrieves the existing zone object, modifies the tags, and then commits the changes. In this way, existing tags can be preserved.

# Get the zone object
$zone = Get-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup

# Remove an existing tag
$zone.Tags.Remove(“project”)

# Add a new tag
$zone.Tags.Add(“status”,”approved”)

# Commit changes
Set-AzureRmDnsZone -Zone $zone

When using Set-AzureRmDnsZone with a $zone object, Etag checks are used to ensure concurrent changes are not overwritten. You can use the optional -Overwrite switch to suppress these checks.

Delete a DNS Zone

DNS zones can be deleted using the Remove-AzureRmDnsZone cmdlet.

Use one of the following two ways to delete a DNS zone:

Specify the zone using the zone name and resource group name

Remove-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup

Specify the zone using a $zone object

You can specify the zone to be deleted using a $zone object returned by Get-AzureRmDnsZone.

$zone = Get-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup
Remove-AzureRmDnsZone -Zone $zone

The zone object can also be piped instead of being passed as a parameter:

Get-AzureRmDnsZone -Name chirkut.com -ResourceGroupName MyAzureResourceGroup | Remove-AzureRmDnsZone

As with Set-AzureRmDnsZone, specifying the zone using a $zone object enables Etag checks to ensure concurrent changes are not deleted. Use the -Overwrite switch to suppress these checks.

Confirmation prompts

The New-AzureRmDnsZoneSet-AzureRmDnsZone, and Remove-AzureRmDnsZone cmdlets all support confirmation prompts.

Both New-AzureRmDnsZone and Set-AzureRmDnsZone prompt for confirmation if the $ConfirmPreference PowerShell preference variable has a value of Medium or lower. Due to the potentially high impact of deleting a DNS zone, the Remove-AzureRmDnsZonecmdlet prompts for confirmation if the $ConfirmPreference PowerShell variable has any value other than None.

Since the default value for $ConfirmPreference is High, only Remove-AzureRmDnsZone prompts for confirmation by default.

You can override the current $ConfirmPreference setting using the -Confirm parameter. If you specify -Confirm or -Confirm:$True, the cmdlet prompts you for confirmation before it runs. If you specify -Confirm:$False , the cmdlet does not prompt you for confirmation.

For more information about -Confirm and $ConfirmPreference, see About Preference Variables.

How to manage DNS Zones in the Azure portal

Create a DNS zone

  1. Sign in to the Azure portal
  2. On the Hub menu, click and click Create a resource > Networking > and then click DNS zone to open the Create DNS zone blade.DNS zone
  3. On the Create DNS zone blade enter the following values, then click Create:
Setting Value Details
Name chirkut.com The name of the DNS zone
Subscription [Your subscription] Select a subscription to create the DNS zone in.
Resource group Create new: RChirkutDNS Create a resource group. The resource group name must be unique within the subscription you selected. To learn more about resource groups, read the Resource Manager overview article.
Location West US

Note

The resource group refers to the location of the resource group, and has no impact on the DNS zone. The DNS zone location is always “global”, and is not shown.

List DNS zones

In the Azure portal, navigate to More services > Networking > DNS zones. Each DNS zone is it’s own resource, information such as number of record-sets and name servers are viewable from this view. The column NAME SERVERS is not in the default view, to add it click Columns, select Name servers and click Done.

listing DNS zones

Delete a DNS zone

Navigate to a DNS zone in the portal. On the DNS zone blade, click Delete zone. You are prompted to confirm you are wanting to delete the DNS zone. Deleting a DNS zone also deletes all the records that are contained in the zone.

Create Azure DNS zones using CLI

Create the resource group

First, create a resource group to contain the DNS zone:

az group create –name MyAzureResourceGroup –location “East Asia”

Create a DNS zone

az network vnet create \
–name myAzureVNet \
–resource-group MyAzureResourceGroup \
–location eastus \
–address-prefix 10.2.0.0/16 \
–subnet-name backendSubnet \
–subnet-prefix 10.2.0.0/24

az network dns zone create -g MyAzureResourceGroup \
-n chirkut.local \
–zone-type Private \
–registration-vnets myAzureVNet

List DNS zones

az network dns zone list \
–resource-group MyAzureResourceGroup

az network dns zone list

Create an additional DNS record

The following example creates a record with the relative name db in the DNS Zone chirkut.local, in resource group MyAzureResourceGroup. The fully qualified name of the record set is db.chirkut.local. The record type is “A”, with IP address “10.2.0.4”.

az network dns record-set a add-record \
-g MyAzureResourceGroup \
-z chirkut.local \
-n db \
-a 10.2.0.4

View DNS records

To list the DNS records in your zone, run:

az network dns record-set list \
-g MyAzureResourceGroup \
-z chirkut.local

Delete all resources

When no longer needed, delete the MyAzureResourceGroup resource group to delete the resources created in this tutorial.

az group delete –name MyAzureResourceGroup