If you want to change the DNS in Azure App Service Web App, this article will show you how. First, let's say that by default App Service is using Azure DNS servers for name resolution.
They are invisible to us in the PaaS environment and we can't really influence them in any way. So if we want any custom DNS scenarios, we have a way of changing this "Default" (188.8.131.52) DNS Server.
Ok, let's move on to actually changing the DNS Server.
Table of Contents
In App Service we can achieve this by setting a special Applicationg Setting. You can set the DNS to a public or private IP address. If using private, it needs to be reachable from the Web app, either by doing a VNET Integration or if the web app is in an App Service Environment.
There are two Application settings at your disposal:
WEBSITE_DNS_SERVER - Sets the primary DNS Server
WEBSITE_DNS_ALT_SERVER - Sets the secondary DNS Server (optional, will potentially fall back to this one if your primary is unreachable)
The format is the following:
Value: IP address of the DNS Server
You can set an application setting in various ways.
Go to your App Service -> Configuration blade
Click on New application setting
Type WEBSITE_DNS_SERVER for Name and the IP address of the DNS server for Value
Do this again if you are setting up a secondary server.
You will need to restart the web app for this to take effect.
You can also do this from KUDU Command Prompt with the following commands. Caution here is that once you set it to a desired server it's not known how to revert back to the "default" Azure DNS Server, while if you use the App Settings method, you just remove the app setting when you want to go back.
This takes effect immediately. Check this out.
So the way to verify if this worked is to go to your Web App's KUDU CMD and use nameresolver.exe
If you do the app settings method from the portal you will want to go to KUDU CMD and use the nameresolver command:
nameresolver.exe domain.com and you should get a response for which the Server: should list your new server of choice. Just like in the example above
Here are some possible scenarios where you would use this setting.
- You need to reach a private DNS server inside the VNET. You will need VNET Integration to reach a DNS Server in a VNET with its private IP
- You want to use a specific public DNS Server. Example: CloudFlare's 184.108.40.206 or Google's 220.127.116.11 or your own
If you want to resolve domains which are hosted on a Private DNS Zone we are in luck! Recently the Azure App Service announced support for the use of Private DNS Zones and Web Apps in multi-tenant (not ASE) - https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#azure-dns-private-zones. Basically, if you want to resolve a domain hosted on a Private DNS Zone you need to create the following App Settings:
- WEBSITE_DNS_SERVER with value 18.104.22.168
- WEBSITE_VNET_ROUTE_ALL with value 1