the company I work for is using frontdoor classic and they configured the CNAMEs in their own DNS server so that traffic for the right subdomains is forwarded to the frontdoor.
Now security team wants us to add a TXT record for passing the SPF checks. The problem is we cannot add TXT records for CNAMES in the DNS server.
So the question is: is there any way to add TXT records to the subdomain that is pointing to our frontdoor via a CNAME? Or any workaround?
Related
I'm having issue configuring my DNS to make all traffic routed from the root domain (no www) to the Azure front door. The below is what I have done so far:
Create the front door (frontend/backend/routing)
On-Board my custom domain (let's say hello.com) on front door
Now as per Microsoft guide I have to add a CNAME record to the DNS hosting provider (domain.com) to route the traffic to front door. But I have been told by domain.com that I cannot have A record and CNAME record named #
So I've found this solution https://learn.microsoft.com/en-gb/azure/frontdoor/front-door-how-to-onboard-apex-domain
Then I have created a DNS Zone on my Azure environment named "hello.com" and followed the guide.
Still I cannot see the traffic going through the front door.
Is that because I have 2 DNS servers? (one hosted on domain.com and another one on Azure)?
Can It be propagation time ?
Also how does azure know that I'm the owner of hello.com domain ?
As the linking document, to onboard a root or apex domain on your Front Door, you could use alias records in Azure DNS.
There are other DNS providers as well that support CNAME flattening or
DNS chasing, however, Azure Front Door recommends using Azure DNS for
its customers for hosting their domains.
If you select to use Azure DNS to host DNS domains, first you need to create an Azure DNS zone (hello.com) in Azure and delegate the domain to Azure DNS via changing the name server records for the domain in your original DNS registrar. You can verify the delegation by using a tool such as nslookup to query the Start of Authority (SOA) record for your zone. It can take up to 72 hours to propagate worldwide, although it typically takes a few hours.
Then, you can add an alias record for the zone apex in the DNS configuration for the domain to be onboarded. After this, you can add the apex domain name in the custom host name field on the Front Door designer tab.
To access your backend web app with the custom domain, ensure that you have created appropriate routing rules for your apex domain or added the domain to existing routing rules. Or, you may enable HTTPS on your custom domain.
I need to add an MX record into the app domain name purchased thru Azure portal.
The default form to add a record set adds the .domainname after the mx record name.
The problem is that Network solutions says the MX record name must be mx1.netsolmail.net. (So in the portal it becomes mx1.netsolmail.net.domainname.com which is not what I need)
How can I add a record set in my DNS zone for that domain that doesn't end in the domain name?
Per the answer below I changed the settings to the following
When you purchase a domain in the app service domain page, you actually have a new domain provider because App Service Domains use GoDaddy for domain registration and Azure DNS to host the domains.
If I am understanding it correctly, you would like to have an email delivered on your app domain name through Network Solutions but keep your domain through Azure. If so, you could refer to this Mailbox Setup and configuration to change/edit your MX and CNAME records in the Azure DNS zone.
Try to change the MX record to inbound.[domain name].netsolmail.net if your domain name was janesbagels.com, your Mail Server record would look like inbound.janesbagels.com.netsolmail.net. Also, you could change the other two CNAME records mail and SMTP.
For example,
I have a domain name registered with GoDaddy, e.g., "mysite.com", and have followed the Azure instructions to map that domain's CNAME and A records to my Azure WebApp, i.e.,
I then updated GoDaddy's nameservers to point to cloudflare so cloudflare is now in charge of my DNS records, i.e.,
Within cloudflare I have SSL set to Full and the certificate appears to be active
and my DNS records in cloudflare pointing to my azurewebsites domain name, i.e.,
It has been over 36 hours since I updated the nameservers, but as you can see from cloudflares DNS records screenshot above (see Status), all traffic appears to be routing around cloudflare directly to Azure, i.e., I'm not hitting cloudflare. Putting domain mysite.azurewebsites.net in whatsmydns also shows everything pointing to Azure.
What have I missed in the setup to ensure all traffic routes through cloudflare?
Probably a little late but you need to click on that grey cloud icon in Cloudflares settings. The icon will then go orange and the traffic will be routed through Cloudflare.
CloudFlare appears to transparently replace all CNAME records to A, so this CNAME record is not visible for Azure. You have to change nameservers of your domain to its original ones (provided by GoDaddy in your case), add CNAME through GoDaddy DNS panel, wait for Azure to see it, approve domain in Azure, and only then migrate to CloudFlare.
I am trying to configure a www domain on azure. I want to have website under this domain. My domain is "legia.fitness". I have created the DNS zone as follows:
On this picture you see 4 DNS servers. I have delegated my domain that I bought at home.pl to those servers:
And this doesn't work. When I try to browse legia.fitness I get "ERR_NAME_NOT_RESOLVED" error. What am I doing wrong?
Your Azure DNS zone does not have any A or CNAME records for www or # so the name cannot be resolved to an IP address.
Add a new A record with the label # set to the IP address of your Azure website, and another A record with the label www also set to the same IP address.
Alternatively, create CNAME records (both # and www) and set them to your Azure Website's name (e.g. yourwebsite.azurewebsites.net). CNAME records are aliases of existing A or CNAME records, but are slower to resolve which is why I prefer A records.
You haven't directed the domain anywhere yet.
You have a DNS zone that works. I can see the SOA records on Dig web interface.
Now you have to add CNAME/A records to the DNS zone to direct the traffic to where you want it.
Here is a guide for Azure Web Apps: https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-custom-domain-name
If you use something else, you'll need to find its guide.
I have a question about setting up my mailserver settings. I have a website on azure, so in my DNS settings at my reseller, i set up tot point domain.com to domain.azurewebsites.net.
Website is working fine, so far so good. Now i want to use a mailserver, hosted somewhere else, because azure doesn't provide this out of the box.
In my DNS settings i set up the MX record to point to my other hosting where i have a mailserver defined.
domain.com MX mail.domain.com
mail.domain.com A "ipadress mailserver"
When i try to send a mail using my mailcredentials and mail.domain.com as smtp server, all works fine. But i can't receive email messages. Is it possible to set this up if my main domain will point to azure?
Seems like i found a solution. You should not use a CNAME for the root domain as this is also used to resolve the MX record. So just add an A record for domain.com instead of a CNAME and the MX record will be reslved properly. Off course, azure does not recommend an A record because the IP address can change, but this is only when you change plan or disable/enable your website.