exposing Azure DNS servers - azure

I have an Azure virtual machine with multiple web sites on it that I would like to expose to the Internet. The VM has Active Directory and DNS installed on it. I created the forward zone (xxx.cloudapp.net) on my server, and added the two web site names to the zone. On the Networks in the Management Portal, I added a DNS server(xxx.cloudapp.net) and gave it the public IP for my server.
So when I try a nslookup from outside of the VM, the names will not resolve. I set the server in nslookup to either the public IP or the name, and it does not resolve. I have logging turned on in the DNS server, but it does not seem to show any requests from my computer.
I must be doing something wrong. Any suggestions? This server is for a demo next week, and worst case, I can buy a couple of domain names.

Try the instance level public-ip address, you will get an ip address per virtual server: https://azure.microsoft.com/documentation/articles/virtual-networks-instance-level-public-ip/

Related

How to have internal VM resolve hostname in DNS Alias Recordset

I have created an Azure DNS Zone that is acting as the public resolver for hostname resolution. For example, bash $> nslookup myhost.mydomain.com will resolve to xx.yy.zz.aa via Azure name servers when called by an external non-azure host.
The domain mydomain.com is obtained from Google Domains where I have delegated all 4 name servers over to Azure servers. The Google Domain DNS recordset is otherwise empty.
In Azure, The DNS Zone includes an "A" RecordSet that is an Azure Alias to the public IP of the internal VM that is externally known as myhost.
Working well for external hosts, the lookups (and other usages) fail if called from an internal host. For example, on myhost itself or on a peer host in the same internal subnet, the nslookups fail (don't resolve) and the nslookup mydomain.com request retrieves only the internal private IP for the virtual network, the 10. one.
What am I failing to do in order to get internal hosts to resolve FQDNs like the external ones can?
After my validation, the Azure host does work the same as the external clients:
You could verify if the DNS servers on the Azure virtual network set the default azure provided DNS or a Custom DNS server 168.63.129.16. Once you change it, you may restart your azure VM to make this effect.
Please let me know if you have any questions or show the output when you run nslookup myhost.mydomain.com on the internal hosts.

Website in IIS locally and Domain Name bought from GoDaddy - What Next

I have been at this since last couple of weeks. After tiring efforts leading to nowhere, I am posting here.
I have a Website built and hosted in IIS locally. I just bought domain name from GoDaddy. I have my computer's public IP where the website in IIS is present. What are my next steps so that I can keep my computer as server and link with domain name? So that website is accessible publicly through domain name.
I saw a lot of posts with Web Hosting in Azure or other places, do I HAVE TO buy and host to make my site public?
I am a novice website builder and have very limited knowledge about this.
first you need make sure your sever is secured, only open necessary ports
go to another computer, in browser input public ip to see if you can open your webpage
then in Godaddy you can add A record for your domain, to point your domain to your public IP, refer to this GoDaddy document: https://ca.godaddy.com/help/add-an-a-record-19238
If you are not comfortable or don't resource to do these, I suggest you host on Azure or other cloud providers
You could host your application in either Azure VM or your local machine. After all, Could VM should be more convenient because you don't need spend a lot of time to handle network issue and you don't need physical space.
When you decide to host your application locally, you have to ensure your are using windows server OS, otherwise, you have 10 concurrent request limit.
Access the application via domain is quite simple.
You need to enable port like 80 in windows firewall.Promise your server are in DMZ and can be accessed externally
Create IIS binding header with null domain and your public address
Try to access your website via your public IP address
Point godday domain to your public IP address
Add your domain to your Site's binding host header->host name field
If you decide to host your application in IAAS like Azure VM, then you have to create inbound rule for your port number and allow port in windows firewall. You also have to point your godday domain to your cloud VM's public IP address and create IIS binding with your domain. Finally, you should be able to access your website.

DNS routing to private IP

We have 1 virtual machine with IIS in Azure, it doesn't hold the public IP address.
Its FQDN is machine.domain.local.
Its serving a service from IIS. We want to install certificate. However, we got the SSL by name service.domain.com.
If my machine would have public IP address I would have created A record for service.domain.com pointing to machines public IP address.
But we want this service to run internally, how we can we achieve this routing?
Any suggestions?
you can make a CNAME record to map service.domain.com bind to machine.domain.local
The question is not Azure or DNS related, it looks like its IIS/certificate related.
You got certificate for service.domain.com, which you want to apply to website machine.domain.local.
You either get machine.domain.local added to CName on Certificate or change IIS website domain to service.domain.com
You can use IIS to generate a self-signed certificate. Then, use an Azure Site-to-Site or Express Route to connect to On-premise. Set up a local host file entry on the servers for that domain & private IP address. This would work without a flaw but, it's tedious and not much of a recommended design.
What I would do is, I would MAP my domain to the private IP within the local DNS server and set the DNS as custom DNS on the VNET. This will make sure that all the VM's will point to the DNS server for any query and then start a recursive query.
MAP to Private IP
Make record entry with the local DNS server with Private IP
Make changes at the Azure VNET to use the custom DNS, provide the DNS server private IP
Else
Do a host file entry manually on all the servers.
You can also read more along the lines of Private DNS on Azure:
https://azure.microsoft.com/en-in/blog/azure-dns-private-zones-now-available-in-public-preview/
Regards,
Charan

Access azure app service with ip address not the hostname

I've got a app plan (BASIC SMALL) with a private (hopefully) ip adress that can be found under Settings > Custom Domains.
When I try to access the content of the app using just the ip, it doesn't work. The site says "Error 404 - Web app not found." The hostname works just fine. When I ping the hostname it gives me the same ip adress. What do I have to do in order to be able to access it just using the ip?
That's not how Web Apps work, since you don't get a unique IP address assigned. You'll need to access it via yourname.azurewebsites.net or yourcustomdomainname.com - and then your requests are routed appropriately based on the name you provide.
If you absolutely needed a dedicated IP address, you'd need to deploy to a virtual machine.
When you host your web site on Azure web app it is bound to a virtual IP address that is shared with other web sites in the same app service plan. If you want to get a dedicated IP with your web site, please try to use Azure virtual machine with reserved IP. You could also choose App Service Environment
If you buy your custom domain, you can freely set DNS A records for that IP (it remains static). It sets binding of your domain to your web app. You can't access it directly by IP. Because on a given IP address and standard HTTP port 80, only one web can be running.
Imagine your web app could be open by entering that IP. You would "block" port 80 for zillions of other stuff running there.
If you check Properties blade there you will see a number of outbound IP addresses. If you consume some requests from web app / job / ... and have IP restriction set on the other side - you need to allow all these IPs.
As David suggested. If you really need a static IP - you need to run VM and set IP address as static or set VNet for web app.

Azure Dns Zone not Resolving on Virtual Machine

On Azure (through portal)
Created Virtual Machine with a Static IP, data disk, and opened ports
Then remote desktop - Install IIS and FTP, ports opened in firewall
(can successfully connect via ftp client)
Created a Public Load Balancer with a Static IP with Probes and Rules
(can connect with ftp client through load balancer ip address fine)
(if I enter ip address of load balancer in browser I can view the default iis website fine) (at moment there is only one vm in virtual machine set)
Added a couple of websites in IIS, one a .net app, and the other with just some hello world .html files to test connectivity via domain name. I set bindings to host name for websites with and without www. and IP address set to all (*). restarted websites.
Created a couple of Azure DNZ Zones with A Records pointing to the Load Balancer IP address. Changed name servers on domain register to point to the azure dns servers.
However, this is where it stops. A browser cannot get to either website and I get a '500' error. dns propogation check tools verify that the nameservers are reaching azure for domain names.
There must be something really basic I am missing (???) It is as if DNS resolution is stopping at the virtual machines. Any suggestions.
If you are Configuring multiple websites in a IIS of VM and also you want to map them for different domain name, then you need to Configure Host Header for all websites in IIS (Please find below links for this) and also need to update same A Record for all your websites at you Domain provider setting.
This will work if you have separate Domain Names registered else it will not work.
Without domain name you can deploy websites on different ports in IIS and then configure custom domain in Azure Load Balancer NAT rules.
Links for Host Header config in IIS
https://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx
http://support.simpledns.com/kb/a82/virtual-hosting-with-iis-internet-information-services.aspx
This was my fault in some missing hyphens in the zone record. The other .net website was throwing 500 errors sometimes instead of error-name-not_resolved from incomplete nameserver propogation and incomplete .net configuration for the website on VM
The host headers were set correctly including www.xxx.com and .xxx.com variants for both port 80 and port 443, and I did have the 'A' records with both # and www variants in the zone set to the IP of the load balancer correctly.
For anyone else with these issues, when checking for localhost connectivity test on your virtual machine (assuming you are hosting multiple sites), remember to add a virtual directory in IIS manager pointing to the file location along with an alias.
While a learning curve, the whole infrastructure of Azure is quite amazing! Impressed.

Resources