- Article
Azure App Service provides a highly scalable, self-patching web hosting service. This guide shows you how to map an existing custom Domain Name System (DNS) name to App Service. To migrate a live site and its DNS domain name to App Service with no downtime, see Migrate an active DNS name to Azure.
The DNS record type you need to add with your domain provider depends on the domain you want to add to App Service.
| Scenario | Example | Recommended DNS record |
|---|---|---|
| Root domain | contoso.com | A record. Don't use the CNAME record for the root record (for information, see RFC 1912 Section 2.4). |
| Subdomain | www.contoso.com, my.contoso.com | CNAME record. You can map a subdomain to the app's IP address directly with an A record, but it's possible for the IP address to change. The CNAME maps to the app's default hostname instead, which is less susceptible to change. |
| Wildcard | *.contoso.com | CNAME record. |
Note
For an end-to-end tutorial that shows you how to configure a www subdomain and a managed certificate, see Tutorial: Secure your Azure App Service app with a custom domain and a managed certificate.
Prerequisites
- Create an App Service app, or use an app that you created for another tutorial. The web app's App Service plan must be a paid tier and not Free (F1). See Scale up an app to update the tier.
- Make sure you can edit the DNS records for your custom domain. To edit DNS records, you need access to the DNS registry for your domain provider, such as GoDaddy. For example, to add DNS entries for
contoso.comandwww.contoso.com, you must be able to configure the DNS settings for thecontoso.comroot domain. Your custom domains must be in a public DNS zone; private DNS zones are not supported. - If you don't have a custom domain yet, you can purchase an App Service domain instead.
1. Configure a custom domain
In the Azure portal, navigate to your app's management page.
In the left menu for your app, select Custom domains.
Select Add custom domain.
For Domain provider, select All other domain services to configure a third-party domain.
Note
To configure an App Service domain, see Buy a custom domain name for Azure App Service.
(Video) Add Custom Domain Name in Azure Web Apps /App Services | AzureFor TLS/SSL certificate, select App Service Managed Certificate if your app is in Basic tier or higher. If you want to remain in Shared tier, or if you want to use your own certificate, select Add certificate later.
For TLS/SSL type, select the binding type you want.
Setting Description Custom domain The domain name to add the TLS/SSL binding for. Private Certificate Thumbprint The certificate to bind. TLS/SSL Type - SNI SSL: Multiple SNI SSL bindings may be added. This option allows multiple TLS/SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI (for more information, see Server Name Indication).
- IP SSL: Only one IP SSL binding may be added. This option allows only one TLS/SSL certificate to secure a dedicated public IP address. After you configure the binding, follow the steps in 2. Remap records for IP based SSL.
IP SSL is supported only in Standard tier or above.For Domain, specify a fully qualified domain name you want based on the domain you own. The Hostname record type box defaults to the recommended DNS record to use, depending on whether the domain is a root domain (like
contoso.com), a subdomain (likewww.contoso.com, or a wildcard domain*.contoso.com).Don't select Validate yet.
For each custom domain in App Service, you need two DNS records with your domain provider. The Domain validation section shows you two DNS records that you must add with your domain provider. Select the respective Copy button to help you with the next step.
The following screenshot shows the default selections for a
www.contoso.comdomain, which shows a CNAME record and a TXT record to add.Warning
While it's not absolutely required to add the TXT record, it's highly recommended for security. The TXT record is a domain verification ID that helps avoid subdomain takeovers from other App Service apps. For custom domains you previously configured without this verification ID, you should protect them from the same risk by adding the verification ID (the TXT record) to your DNS configuration. For more information on this common high-severity threat, see Subdomain takeover.
2. Create the DNS records
Sign in to the website of your domain provider.
(Video) Add Custom Domain Name in Azure App ServicesYou can use Azure DNS to manage DNS records for your domain and configure a custom DNS name for Azure App Service. For more information, see Tutorial: Host your domain in Azure DNS.
Find the page for managing DNS records.
Every domain provider has its own DNS records interface, so consult the provider's documentation. Look for areas of the site labeled Domain Name, DNS, or Name Server Management.
Often, you can find the DNS records page by viewing your account information and then looking for a link such as My domains. Go to that page, and then look for a link that's named something like Zone file, DNS Records, or Advanced configuration.
The following screenshot is an example of a DNS records page:
Select Add or the appropriate widget to create a record.
Note
For certain providers, such as GoDaddy, changes to DNS records don't become effective until you select a separate Save Changes link.
Select the type of record to create and follow the instructions. You can use either a CNAME record or an A record to map a custom DNS name to App Service. When your function app is hosted in a Consumption plan, only the CNAME option is supported.
- Root domain (e.g. contoso.com)
- Subdomain (e.g. www.contoso.com)
- Wildcard (CNAME)
Create two records according to the following table:
| Record type | Host | Value | Comments |
|---|---|---|---|
| A | @ | The app's IP address shown in the Add custom domain dialog. | The domain mapping itself (@ typically represents the root domain). |
| TXT | asuid | The domain verification ID shown in the Add custom domain dialog. | For root domain, App Service accesses asuid TXT record to verify your ownership of the custom domain. |
3. Validate and complete
Back in the Add custom domain dialog in the Azure portal, select Validate.
If the Domain validation section shows green check marks next for both domain records, then you've configured them correctly. Select Add. If you see any errors or warnings, fix it in the DNS record settings on your domain provider's website.
Note
If you configured the TXT record but not the A or CNAME record, App Service treats it as a domain migration scenario and allows the validation to succeed, but you won't see green check marks next to the records.
You should see the custom domain added to the list. You may also see a red X with No binding.
If you selected App Service Managed Certificate earlier, wait a few minutes for App Service to create the managed certificate for your custom domain. When the process is complete, the red X becomes a green check mark with Secured. If you selected Add certificate later, this red X will remain until you add a private certificate for the domain and configure the binding.
Note
(Video) How to add and secure a custom domain on your App Service web app | Azure Portal SeriesUnless you configure a certificate binding for your custom domain, Any HTTPS request from a browser to the domain will receive an error or warning, depending on the browser.
4. Test in a browser
Browse to the DNS names that you configured earlier.
If you receive an HTTP 404 (Not Found) error when you browse to the URL of your custom domain, the two most-likely causes are:
- The browser client has cached the old IP address of your domain. Clear the cache, and test DNS resolution again. On a Windows machine, you clear the cache with
ipconfig /flushdns. - You configured an IP-based certificate binding, and the app's IP address has changed because of it. Remap the A record in your DNS entries to the new IP address.
If you receive a Page not secure warning or error, it's because your domain doesn't have a certificate binding yet. Add a private certificate for the domain and configure the binding.
(Optional) Automate with scripts
You can automate management of custom domains with scripts by using the Azure CLI or Azure PowerShell.
- Azure CLI
- PowerShell
The following command adds a configured custom DNS name to an App Service app.
az webapp config hostname add \ --webapp-name <app-name> \ --resource-group <resource_group_name> \ --hostname <fully_qualified_domain_name>For more information, see Map a custom domain to a web app.
Next steps
Purchase an App Service domain.
Secure a custom DNS name with a TLS/SSL binding in Azure App Service
FAQs
How do I map an existing custom DNS name to Azure? ›
In the Azure portal, navigate to your app's management page. In the left menu for your app, select Custom domains. Select Add custom domain. For Domain provider, select All other domain services to configure a third-party domain.
Is it possible to customize DNS name in Azure? ›Once your domain is delegated to your Azure DNS zone, you now can configure your DNS records needed. You can configure a vanity or custom domain for Azure Function Apps, Public IP addresses, App Service (Web Apps), Blob storage, and Azure CDN.
What DNS record is required to link a custom domain name to an Azure App Service? ›To do this, you have to create three records: A root "A" record pointing to contoso.com. A root "TXT" record for verification. A "CNAME" record for the www name that points to the A record.
What DNS record type is set when mapping a custom domain to be an alias for the default? ›A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.
How do I update my Azure DNS records? ›To modify the metadata of an existing record set, use az network dns record-set <record-type> update . For help, see az network dns record-set <record-type> update --help .
How do I assign a DNS name? ›- Go to Settings > Network & Internet > Advanced > Private DNS.
- Select Private DNS provider hostname.
- Enter dns.google as the hostname of the DNS provider.
- Click Save.
- Sign in to the Azure portal.
- On the top left-hand side of the screen, select Create a resource and search for DNS zone. Then select Create.
- On the Create DNS zone page enter the following values, then select Create: Setting. Details. Subscription. Select a subscription to create the DNS zone in.
- Open the Google Home app .
- Tap Favorites Wifi Settings. Advanced Networking.
- Tap DNS.
- Choose your desired public DNS server. If you choose a custom DNS server, enter a primary and secondary server address.
- Tap Save .
Your DNS provider maintains a database containing records that define your domain. When you choose DNS validation, ACM provides you with one or more CNAME records that must be added to this database. These records contain a unique key-value pair that serves as proof that you control the domain.
What two DNS record types are used to verify a custom domain name in Azure Active Directory? ›Azure AD uses a DNS record that you create at your domain name registrar to confirm that you own the domain. Use the instructions below to create either a TXT or MX record type for a domain that is registered at your registrar.
Which DNS records are used in custom domain? ›
A and AAAA Records
The most common DNS record used, the A record simply points a domain to an IPv4 address, such as 11.22. 33.44. To set up an A record on your domain all you'll need is an IP address to point it to. A blank record (sometimes seen as the '@' record) points your main domain to a server.
CNAME record
CNAME—or, in full, "canonical name"—is a DNS record that points a domain name (an alias) to another domain. In a CNAME record, the alias doesn't point to an IP address.
A records are standard DNS records while Alias records are custom DNS records. One of the significant differences between an A record and an Alias record is that the A record points a domain name to an IP address. In contrast, an Alias record is used when you want a domain name to point to another domain name.
Which DNS record type is an alias of an existing record? ›A Canonical Name (CNAME) Record is used in the Domain Name System (DNS) to create an alias from one domain name to another domain name.
How do I dynamically update DNS? ›Click Start, point to Administrative Tools, and then click DHCP. Right-click the appropriate DHCP server or scope, and then click Properties. Click DNS. Click to select the Enable DNS dynamic updates according to the settings below check box to enable DNS dynamic update for clients that support dynamic update.
What is the most efficient way to update DNS records? ›- In the admin center, go to the Settings > Domains page.
- On the Domains page, select the domain and then choose DNS Records.
- Select + Add record and enter the following: For type enter: A (Address) For Host name or Alias, type the following: @ ...
- Select Save.
- Navigate to the desktop. ...
- Right-click the Start button (the Windows logo in the lower-left).
- Choose Command Prompt (Admin).
- When asked whether to allow Command Prompt to make changes to your computer, select Yes. ...
- Type "ipconfig /flushdns" and press Enter.
- Type "ipconfig /registerdns" and press Enter.
The Internet's DNS system works much like a phone book by managing the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser. These requests are called queries.
How to map domain name with IP address in DNS? ›To point your domain name to your dedicated server's public IP address, you need to create an address record for the domain — an A record. An A record is part of the DNS system and it simply maps a domain name to an IP address. An A record is stored as a DNS entry on the domain's name servers.
How do I map my domain name with IP address? ›To do this, you'll need to create an A Record, which will allow you to point your domains and subdomains to a specific IP address. An A record (or Address record) specifies which IP address is assigned to a particular domain. You can even have multiple A records for the same domain so that you have a backup.
What is the DNS naming rule? ›
DNS domain names. Allowed characters: DNS names can contain only alphabetic characters (A-Z), numeric characters (0-9), the minus sign (-), and the period (.). Period characters are allowed only when they're used to delimit the components of domain style names.
Can you rename a DNS entry? ›Under DNS Manager, scroll down and find the record you wish to modify. From the right side of the record, click the ⋮ (ellipses) icon, then click Edit from the menu that pops up. Enter any changes you wish to make. Click the Save button.
What are Azure service DNS names? ›Azure DNS supports all common DNS record types: A, AAAA, CAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT.
What is DNS name label in Azure? ›In Azure, you have the option of specifying a DNS name label that is associated with a public IP address. You can choose the label (prefix), but Azure chooses the suffix, which is based on the region in which you create the public IP address.
What are Microsoft Azure DNS names? ›Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services. You can't use Azure DNS to buy a domain name.
Why set custom DNS? ›A DNS address offers enhanced performance and security for devices through phishing filters. Your Internet Service Provider (ISP) will automatically assign a Domain Name System (DNS) address to your devices, but businesses can choose to define their own custom DNS separately for additional threat protection.
What are custom DNS? ›Custom DNS enables customers to specify the IP address of the DNS server that they want used to perform reverse DNS lookups.
How do I know if my custom DNS is working? ›Run ipconfig /all at a command prompt, and verify the IP address, subnet mask, and default gateway. Check whether the DNS server is authoritative for the name that is being looked up. If so, see Checking for problems with authoritative data.
What does a DNS entry for the domain already exist? ›This error happens when your server already has a DNS zone for the domain or the record was added previously to the DNS zone file. You will want to ensure that the DNS zone file is removed, or the specific DNS zone record is modified so that you can add the domain or record.
What is the difference between domain registration and DNS? ›In a nutshell…
Your DNS host is the service that is authoritative for hosting your DNS records. A domain registrar is where you purchase domain names. There are DNS hosting providers that offer domain registration and vice versa, but the two services should not be confused.
How do I verify my custom domain in Azure? ›
- Sign in to the Azure portal using a Global administrator account for the directory.
- Search for and select Azure Active Directory from any page, then select Custom domain names.
- In Custom domain names, select the custom domain name.
Azure DNS not only supports internet-facing DNS domains, but it also supports private DNS zones. Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution.
Is it possible to create a custom domain name in Azure Active Directory True or false? ›Add custom domain names to your Azure AD organization
If you're configuring all your domains for federation with on-premises Active Directory, you can add up to 2500 domain names in each organization.
The difference between the two resource records is that the CNAME RR directs the lookup of data at its owner to another single name, a DNAME RR directs lookups for data at descendents of its owner's name to corresponding names under a different (single) node of the tree.
Can you have multiple DNS records for a domain? ›DNS can hold multiple records for the same domain name. DNS can return the list of IP addresses for the same domain name. When a web-browser requests a web-site, it will try these IP addresses one-by-one, until it gets a response.
Can you see all DNS records for a domain? ›The most efficient way to check DNS records of the domain is to use a terminal with the command nslookup. This command will run on almost all operating systems (Windows, Linux, and macOS).
What DNS record maps a hostname to another hostname? ›An alias record, like a CNAME record, maps a hostname to another hostname. But the difference is that the CNAME doesn't allow other DNS records on the same hostname, while the alias record does. Also, ALIAS directly returns an IP address and doesn't require the DNS client to resolve another hostname.
Which record type for DNS is used to map a hostname to another hostname? ›Canonical Name record (CNAME Record)—can be used to alias a hostname to another hostname.
What DNS record maps a hostname to another hostname *? ›A DNS CNAME record maps one hostname to another. This means that you can have multiple hosts with the same IP address, but each with a different name.
Can you have two DNS records with the same name? ›A DNS server with round-robin enabled will have multiple different A records, each with the same domain name but a different IP address.
Is DNS domain name the same as domain name? ›
The main difference between domain and domain name server (DNS) is that the domain could be a piece of string that helps to spot a specific web site while the DNS (Domain Name System) could be a server that translates the domain to the corresponding ip address to supply the specified webpage.
What is the purpose of creating alias DNS record? ›You will use an ALIAS record when you want the domain itself (not a subdomain) to “point” to a hostname. The ALIAS record is similar to a CNAME record, which is used to point subdomains to a hostname. The CNAME record only can be used for subdomains, so the ALIAS record fills this gap.
Which DNS record type is set when mapping a custom domain to be an alias? ›A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.
Can you have a CNAME and A record with the same name? ›A CNAME record must always point to another domain name and never directly to an IP address. A CNAME record cannot co-exist with another record for the same name. It's not possible to have both a CNAME and TXT record for www.example.com .
What is the difference between CNAME and alias in Route 53? ›An Alias record can map one DNS name to another Amazon Route 53 DNS name. A CNAME record can be created for your zone apex. An Amazon Route 53 CNAME record can point to any DNS record hosted anywhere. TTL can be set for an Alias record in Amazon Route 53.
How do I add a custom domain name to Azure? ›Sign in to the Azure portal using a Global administrator account for the directory. Search for and select Azure Active Directory from any page. Then select Custom domain names > Add custom domain. In Custom domain name, enter your organization's new name, in this example, contoso.com.
How do I assign a DNS name to my Azure VM? ›- Select your VM in the portal.
- In the left menu, select Properties.
- Under Public IP address\DNS name label, select your IP address.
- Under DNS name label, enter the prefix you want to use.
- Select Save at the top of the page.
- Access Your Network Settings. Press the Windows key and open the “settings” menu, then click on “network & internet.”
- Find Your Current Network. ...
- Access the Network's DNS Settings. ...
- Toggle on Custom DNS. ...
- Input Your Chosen Provider's DNS Server Address.
- Start the DNS Management Microsoft Management Console (MMC).
- Right-click the DNS server, and then select Properties.
- Select the Interfaces tab.
- Under Listen on, select the Only the following IP addresses check box.
- Type the IP addresses that you want the server to listen on.
To use a custom domain for your site, you can: Select a domain from your Google Domains account (if you have one). Use a domain you own that is registered elsewhere. Buy a new domain with Google Domains.
What is the default DNS domain suffix for Azure app Services? ›
Azure App Service provides you with a globally unique subdomain ending with "azurewebsites.net" which serves as a default site if you don't choose to customize it.
What is the default domain of Azure App Service? ›In the public variation of Azure App Service, the default root domain for all web apps is azurewebsites.net.
How do I use custom DNS names for instances in VPC? ›- Create a new DHCP options set.
- Set the domain name in the DHCP options set for the VPC.
- Set the IP address of the DNS server in the Domain name servers field of the DHCP option set for the VPC.
- Set enableDnsSupport to false so that the Amazon-provided DNS server in the VPC is not enabled.
- Step 1 – Open Notepad as an Administrator. ...
- Step 2 – Browse to and open the Host File. ...
- Step 3 – Add in the required entry in the format of Ip Addresss > TAB > DNS Name. ...
- Save the file.
A DNS address offers enhanced performance and security for devices through phishing filters. Your Internet Service Provider (ISP) will automatically assign a Domain Name System (DNS) address to your devices, but businesses can choose to define their own custom DNS separately for additional threat protection.