Forum Discussion
Office 365 "Front Door" DNS Zones
MicrosoftDaniel Letsinger What are you trying to solve for here? These particular endpoints you list are examples of Azure Front Door which is used in parts of Office 365. Read about it here https://azure.microsoft.com/en-us/services/frontdoor/
Regards,
Paul
PaulAndrew it looks like I'm not using "font door" in the right context.
I'm trying to find out all of the endpoints that host Office 365, while Microsoft publishes what you see in the browser e.g. company.sharepoint.com, in the https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges page, there are other hosts behind the URLs that are not in the public documentation. For example in the screen shot I've attached microsoft.sharepoint.com resolves to spo-0004.spo-msedge.net.
Why am I looking for this?
Picture a network where you selectively allow which internet hosts you're allow to resolve, and you want to manage a white list of every internet based domain you're allowed to resolve while not allowing recursive DNS lookups.
- PaulAndrew
Daniel Letsinger Hi Daniel, restricted DNS lookup is not supported. We don't publish intermediary DNS CNAMEs because they are not required for perimeter network configuration. We also don't publish changes that occur in intermediary DNS CNAMEs which is the real problem you would face. Here's a FAQ about the issue: https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints#some-office-365-urls-point-to-cname-records-instead-of-a-records-in-the-dns-what-do-i-have-to-do-with-the-cname-records
Regards,
Paul
Thanks for confirming Paul! I've opened a ticket with Microsoft and received the same guidance.
