Connect apex domain to Azure Front Door

Connecting domains to Azure Front door usually requires using a CNAME or ALIAS record, but with Azure DNS you might end up trying to add the domain from the Azure DNS panel – finding that your Azure Front Door instance does not show up in the list:

There are two ways to add a root domain to Azure Front Door when using Azure DNS

Via Azure Portal

From the Azure portal, you need to visit your front door instance and click the “Domains” tab

Click the “Add” button and add your apex domain

Wait for the domain to add, then follow the validation process.

When this is done, you can click the “Add CNAME Record” button to the right in the list to add your domain.

Via Azure DNS API

If you want to point the domain to Azure Front door before it’s validated, or want to automate the process, you can also use the Azure DNS API to point your apex domain to your Azure Front Door instance. In this example, we use the Python API client to accomplish this:

from azure.identity import ClientSecretCredential
from azure.mgmt.dns import DnsManagementClient
from azure.core.exceptions import ResourceNotFoundError

# Replace this with your chosen authentication method
# Needs Add/Modify DNS permissions and Read permission to the Front Door instance
credential = ClientSecretCredential(
mgmt_client = DnsManagementClient(credential, AZURE_SUBSCRIPTION_ID)

# Get current A Record, if one exists to fetch the current etag for updating
    ARecord = mgmt.record_sets.get('DNSZoneResourceGroup', ', '@', 'A').as_dict()
except ResourceNotFoundError:
    ARecord = {}

response = mgmt_client.record_sets.create_or_update(
        'target_resource: {
            'id': '/subscriptions/<frontdoor-subscription-id>/resourcegroups/<frontdoor-resource-group>/providers/Microsoft.Cdn/profiles/<frontdoor-name>/afdendpoints/<endpoint-name>'
    if_match=ARecord.get('etag', None)

Leave a Reply


© 2024 Cloudyne Systems (Scheibling Consulting AB). All Rights Reserved.