Azure DNS Zone Builder

About This Tool

The Azure DNS Zone Builder helps you create DNS record configurations for both Azure public and private DNS zones. It supports A, AAAA, CNAME, MX, TXT, SRV, CAA, PTR, and SOA record types with proper TTL settings and record-specific validation. The tool generates configurations in ARM template and Bicep format, ready for deployment through Azure Resource Manager.

When to Use This Tool

• •Building DNS record sets for a new domain hosted in Azure DNS with proper MX and TXT records for email.
• •Creating private DNS zone records for internal service discovery within Azure Virtual Networks.
• •Generating ARM or Bicep templates for DNS infrastructure-as-code deployments.
• •Configuring CAA records to restrict which certificate authorities can issue certificates for your domain.

Frequently Asked Questions

What is the difference between public and private DNS zones?

Public DNS zones resolve domain names from the internet and are used for externally facing services. Private DNS zones provide name resolution within Azure Virtual Networks and are not accessible from the internet. Private zones support automatic VM registration and are commonly used for internal service endpoints.

Does Azure DNS support DNSSEC?

Azure public DNS zones support DNSSEC signing. When enabled, Azure DNS signs your zone records with DNSSEC, and you need to add the DS record to your domain registrar. Private DNS zones do not support DNSSEC since they are only resolved within VNets.

How much does Azure DNS cost?

Azure DNS charges per hosted zone (approximately $0.50/month for the first 25 zones) and per million DNS queries ($0.40 for the first billion queries). There is no charge for DNS records within a zone. Private DNS zones have similar pricing with an additional VNet link charge.

Related Learning Guides

• Azure DNS Setup Guide20 min read
• Azure Networking Deep Dive30 min read