How to create an Azure DNS zone and record using PowerShell

When it comes to resolving names via DNS, you’ve got a lot of options. One of those options is Microsoft Azure DNS.

To manage Azure DNS, you’ve got a few options for tools; you can use graphical tools like the Azure Portal or command-line tools like the Azure CLI or PowerShell. Often admins need to manage DNS at scale or automate the management of various objects. A great way to do that isn’t via a graphical method like the Azure Portal but with a scripting tool like PowerShell.

In this article, we will explore using PowerShell to create and modify an Azure DNS zone. By the end of this article, you’ll know how to work with Azure DNS zones (public and private) and various records therein.

Installing the Az PowerShell Module

Like most Azure services the recommended module to use is the Az PowerShell module. This module can be installed using the Install-Module command. Installing the module is as simple as running the following command, which also installs the Az.DNS module.

Install-Module -Name Az -AllowClobber -Scope CurrentUser

Once the Az module is installed, you’ll need to authenticate your connection. To do this, use the command Connect-AzAccount. This command will launch your browser and once signed in, pass the token back to your PowerShell session.

Now that the Az module is installed, let’s jump into creating a zone!

Creating a Zone

To create anything in Azure, you’ll first need a resource group. In this example, this resource group will contain the new DNS zone you’ll be creating. If you have created one already, you can use that but if not, run the following to create a new resource group to hold the zone you’ll create shortly.

# Replace the name with your preferred name.
# Change the location to where you would like to put the zone.
PS C:\> New-AzResourceGroup -Name 'MyDNSResourceGroup' -Location 'eastus' 

Now that you have a resource group, create a DNS zone to live in that resource group. Doing this is as simple as running the following command.

PS C:\> New-AzDnsZone -Name 'mydomain.com' -ResourceGroupName 'MyDNSResourceGroup'

By default, the New-AzDnsZone cmdlet creates public DNS zones. Public DNS zones are available for anyone to see. Let’s verify that the zone was created correctly. To do this, we use the Get-AzDnsZone command.

 PS C:\> Get-AzDnsZone -ResourceGroupName 'MyDNSResourceGroup' -Name 'mydomain.com'
 
 Name                          : mydomain.com
 ResourceGroupName             : MyDNSResourceGroup
 Etag                          : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 Tags                          : {}
 NameServers                   : {}
 RegistrationVirtualNetworkIds : {subscription_pathing_info_here}
 ResolutionVirtualNetworkIds   : {subscription_pathing_info_here}
 NumberOfRecordSets            : 1
 MaxNumberOfRecordSets         : 10000 

Private Zones

In this article, we are exploring public zones but Azure DNS can create DNS zones and records for a private zone too. This is an internal DNS resolver for resources on your domain. The resources that are registered this way are not accessible to the greater internet. An example of creating a zone like this is below. You’ll notice the task is more involved because each private DNS zone must be linked to an Azure virtual network.

Install-Module -Name Az.PrivateDns -Force
 
 ## Optional if you don't already have a vNet created
 $privateSubnet = New-AzVirtualNetworkSubnetConfig -Name 'privateSubnet' -AddressPrefix "10.2.0.0/24"
 
 $vNetParams = @{
     "ResourceGroupName" = 'MyDNSResourceGroup'
     "Location"          = 'eastus'
     "Name"              = 'privateAzureVNet'
     "AddressPrefix"     = '10.2.0.0/16'
     "Subnet"            = $privateSubnet
 }
 $vNet = New-AzVirtualNetwork @vNetParams
 
 ## Create the private DNS zone
 $zone = New-AzPrivateDnsZone -Name 'private.mydomain.com' -ResourceGroupName 'MyDNSResourceGroup'
 
 ## Associate the private DNS zone to the vNet
 $linkParams = @{
     "ZoneName"           = 'private.mydowmain.com'
     "ResourceGroupName"  = 'MyDNSResourceGroup'
     "Name"               = 'MyPrivateLink'
     "VirtualNetworkId"   = $vNet.ID
     "EnableRegistration" = $True
 }
 
 $link = New-AzPrivateDnsVirtualNetworkLink @linkParams 

At this point, our DNS Zone is created, but it doesn’t have any records.

Managing Records

Now that the DNS zone has been created, let’s add some records. We are going to create an A record to start with. The command to do this is the following.

$DNSRecord = New-AzDnsRecordConfig -IPv4Address "10.10.10.30"
 
 $Params = @{
     "Name"              = 'www'
     "RecordType"        = 'A'
     "ZoneName"          = 'mydomain.com'
     "ResourceGroupName" = 'MyDNSResourceGroup'
     "TTL"               = '3600'
     "DNSRecords"        = $DNSRecord
 }
 
 New-AzDnsRecordSet @Params 

You may note that there is an intermediate command, New-AzDnsRecordConfig that is needed to create the record to create. By just specifying the IPv4Address parameter, the cmdlet knows that this is an A record.

Adding Private DNS Records

If you are added DNS records to a private DNS zone,, you will need to use two slightly different command, New-AzPrivateDnsRecordSet and New-AzPrivateDnsRecordConfig. You can see in the example below that it is almost identical.

$PrivateDNSRecord = New-AzPrivateDnsRecordConfig -IPv4Address "10.2.0.4"
 
 $Params = @{
     "Name"              = 'db'
     "RecordType"        = 'A'
     "ZoneName"          = 'private.mydomain.com'
     "ResourceGroupName" = 'MyDNSResourceGroup'
     "TTL"               = '3600'
     "DNSRecords"        = $PrivateDNSRecord 
 }
 
 New-AzPrivateDnsRecordSet @Params 

Displaying DNS Records

To make sure that the record was created correctly, query the record as shown below.

$Params = @{
     "ResourceGroupName" = 'MyDNSResourceGroup'
     "ZoneName"          = 'mydomain.com'
     "Name"              = 'www'
     "RecordType"        = 'A'
 }
 
 Get-AzDnsRecordSet @Params
 
 Id                : {subscription_pathing_info_here}
 Name              : www
 ZoneName          : mydomain.com
 ResourceGroupName : MyDNSResourceGroup
 Ttl               : 3600
 Etag              : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 RecordType        : A
 Records           : {10.10.10.30}
 Metadata          :
 IsAutoRegistered  : 

Just like before, you will use a slightly different command here for Private DNS zones, that is Get-AzPrivateDnsRecordSet.

Modifying a DNS Record

Perhaps you have found out that the A record needs an update. The server address it is currently pointed to has changed and is now different. Instead of removing and re-creating the record, you can update the existing one like below.

$RecordSet = Get-AzDnsRecordSet -Name 'www' -RecordType 'A' -Zone 'mydomain.com'

$RecordSet.Records[0].Value = '10.10.10.40'

Set-AzDnsRecordSet -RecordSet $RecordSet

Removing a DNS Record

Perhaps you’re done with the A record just created. In that case, simply delete and remove the record with the below commands.

$RecordSet = Get-AzDnsRecordSet -Name 'www' -RecordType 'A' -Zone 'mydomain.com'-ResourceGroup 'MyDNSResourceGroup'

Remove-AzDnsRecordSet -RecordSet $RecordSet -Confirm:$False -Overwrite

The Overwrite command means that if another operation on that domain has taken place after retrieving the original record set, this command will ignore that and simply apply the settings that you have specified.

Conclusion

Using the PowerShell module, Az, makes short work of creating, updating, and removing Azure DNS records and even entire zones. By now you have the skills to manage Azure DNS with PowerShell to make quick work of all your DNS automation needs!