Connecting domains to Azure Front door usually requires using a CNAME or ALIAS record, but with Azure DNS you might end up trying to add the domain from the Azure DNS panel – finding that your Azure Front Door instance does not show up in the list:
There are two ways to add a root domain to Azure Front Door when using Azure DNS
Via Azure Portal
From the Azure portal, you need to visit your front door instance and click the “Domains” tab
Click the “Add” button and add your apex domain
Wait for the domain to add, then follow the validation process.
When this is done, you can click the “Add CNAME Record” button to the right in the list to add your domain.
Via Azure DNS API
If you want to point the domain to Azure Front door before it’s validated, or want to automate the process, you can also use the Azure DNS API to point your apex domain to your Azure Front Door instance. In this example, we use the Python API client to accomplish this:
from azure.identity import ClientSecretCredential
from azure.mgmt.dns import DnsManagementClient
from azure.core.exceptions import ResourceNotFoundError
# Replace this with your chosen authentication method
# Needs Add/Modify DNS permissions and Read permission to the Front Door instance
credential = ClientSecretCredential(
AZURE_TENANT_ID,
AZURE_CLIENT_ID,
AZURE_CLIENT_SECRET
)
mgmt_client = DnsManagementClient(credential, AZURE_SUBSCRIPTION_ID)
# Get current A Record, if one exists to fetch the current etag for updating
try:
ARecord = mgmt.record_sets.get('DNSZoneResourceGroup', 'mydomain.com, '@', 'A').as_dict()
except ResourceNotFoundError:
ARecord = {}
response = mgmt_client.record_sets.create_or_update(
resource_group_name='DNSZoneResourceGroup',
zone_name='mydomain.com',
relative_record_set_name='@',
record_type='A',
parameters={
'target_resource: {
'id': '/subscriptions/<frontdoor-subscription-id>/resourcegroups/<frontdoor-resource-group>/providers/Microsoft.Cdn/profiles/<frontdoor-name>/afdendpoints/<endpoint-name>'
}
},
if_match=ARecord.get('etag', None)
)