If you want to change the DNS in Azure App Service Web App, this article will show you how. First, let's say that by default App Service is using Azure DNS servers for name resolution.
They are invisible to us in the PaaS environment and we can't really influence them in any way. So if we want any custom DNS scenarios, we have a way of changing this "Default" DNS Server.
Ok, let's move on to actually changing the DNS Server.
Table of Contents
In App Service we can achieve this by setting a special Applicationg Setting. You can set the DNS to a public or private IP address. If using private, it needs to be reachable from the Web app, either by doing a VNET Integration or if the web app is in an App Service Environment.
There are two Application settings at your disposal:
WEBSITE_DNS_SERVER - Sets the primary DNS Server
WEBSITE_DNS_ALT_SERVER - Sets the secondary DNS Server (optional, will potentially fall back to this one if your primary is unreachable)
The format is the following:
Value: IP address of the DNS Server
You can set an application setting in various ways.
Go to your App Service -> Configuration blade
Click on New application setting
Type WEBSITE_DNS_SERVER for Name and the IP address of the DNS server for Value
Do this again if you are setting up a secondary server.
You will need to restart the web app for this to take effect.
You can also do this from KUDU Command Prompt with the following commands. Caution here is that once you set it to a desired server it's not known how to revert back to the "default" Azure DNS Server, while if you use the App Settings method, you just remove the app setting when you want to go back.
This takes effect immediately. Check this out.
Verifying if it worked
So the way to verify if this worked is to go to your Web App's KUDU CMD and use nameresolver.exe
If you do the app settings method from the portal you will want to go to KUDU CMD and use the nameresolver command:
nameresolver.exe domain.com and you should get a response for which the Server: should list your new server of choice. Just like in the example above
Here are some possible scenarios where you would use this setting.
- You need to reach a private DNS server inside the VNET. You will need VNET Integration to reach a DNS Server in a VNET with its private IP
- You want to use a specific public DNS Server. Example: CloudFlare's 126.96.36.199 or Google's 188.8.131.52 or your own
It generally works very well so the only limitation I can think of for now is that this setting will not help you resolve domains which are hosted on a Private DNS Zone. It's currently a limitation on the platform. So if you want to resolve a domain that is hosted in Private DNS Zone, your solution is to use a real DNS Server. Scenario is the following:
Let's say you have a public facing app hosted in the normal multi-tenant App Service and you have a back-end app in an ILB App Service Environment. You want the public app to resolve the internal domain name of a web app inside the ILB ASE. If your ASE or any custom domain relies on Private DNS zones, the best way to go around this limitation is to create a VM somehwere in the same VNET, install DNS role, create a primary zone for that domain and the needed DNS records, VNET integrate the public facing web app and point it to this DNS Server using the WEBSITE_DNS_SERVER app setting
This limitation is on the Azure feedback page at the moment and is waiting for votes - https://feedback.azure.com/forums/169385-web-apps/suggestions/38383642-web-app-and-private-dns-zone-support