If you want to change the DNS in Azure App Service Web App, this article will show you how. First, let's say that by default App Service is using Azure DNS servers for name resolution.

They are invisible to us in the PaaS environment and we can't really influence them in any way. So if we want any custom DNS scenarios, we have a way of changing this "Default" DNS Server.

Azure DNS

Ok, let's move on to actually changing the DNS Server.

Table of Contents

Application Setting

In App Service we can achieve this by setting a special Applicationg Setting. You can set the DNS to a public or private IP address. If using private, it needs to be reachable from the Web app, either by doing a VNET Integration or if the web app is in an App Service Environment.

There are two Application settings at your disposal:

WEBSITE_DNS_SERVER - Sets the primary DNS Server

WEBSITE_DNS_ALT_SERVER - Sets the secondary DNS Server (optional, will potentially fall back to this one if your primary is unreachable)

The format is the following:

Name: WEBSITE_DNS_SERVER

Value: IP address of the DNS Server

Setup

You can set an application setting in various ways.

Portal

Go to your App Service -> Configuration blade

Click on New application setting

Type WEBSITE_DNS_SERVER for Name and the IP address of the DNS server for Value

Custom DNS Server App Service Portal

Do this again if you are setting up a secondary server.

You will need to restart the web app for this to take effect.

KUDU

You can also do this from KUDU Command Prompt with the following commands. Caution here is that once you set it to a desired server it's not known how to revert back to the "default" Azure DNS Server, while if you use the App Settings method, you just remove the app setting when you want to go back.

SET WEBSITE_DNS_SERVER=8.8.8.8

 

SET WEBSITE_DNS_ALT_SERVER=1.1.1.1

 

This takes effect immediately. Check this out.

Custom DNS Server App Service KUDU

Verifying if it worked

So the way to verify if this worked is to go to your Web App's KUDU CMD and use nameresolver.exe

If you do the app settings method from the portal you will want to go to KUDU CMD and use the nameresolver command:

nameresolver.exe domain.com and you should get a response for which the Server: should list your new server of choice. Just like in the example above

Scenarios

Here are some possible scenarios where you would use this setting.

  • You need to reach a private DNS server inside the VNET. You will need VNET Integration to reach a DNS Server in a VNET with its private IP
  • You want to use a specific public DNS Server. Example: CloudFlare's 1.1.1.1 or Google's 8.8.8.8 or your own

Limitations

It generally works very well so the only limitation I can think of for now is that this setting will not help you resolve domains which are hosted on a Private DNS Zone. It's currently a limitation on the platform. So if you want to resolve a domain that is hosted in Private DNS Zone, your solution is to use a real DNS Server. Scenario is the following:

Let's say you have a public facing app hosted in the normal multi-tenant App Service and you have a back-end app in an ILB App Service Environment. You want the public app to resolve the internal domain name of a web app inside the ILB ASE. If your ASE or any custom domain relies on Private DNS zones, the best way to go around this limitation is to create a VM somehwere in the same VNET, install DNS role, create a primary zone for that domain and the needed DNS records, VNET integrate the public facing web app and point it to this DNS Server using the WEBSITE_DNS_SERVER app setting

This limitation is on the Azure feedback page at the moment and is waiting for votes - https://feedback.azure.com/forums/169385-web-apps/suggestions/38383642-web-app-and-private-dns-zone-support