AAD Domain Services - Custom DNS records keep disappearing

%3CLINGO-SUB%20id%3D%22lingo-sub-1924331%22%20slang%3D%22en-US%22%3EAAD%20Domain%20Services%20-%20Custom%20DNS%20records%20keep%20disappearing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1924331%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20running%20Azure%20AD%20Domain%20Services%20(AADDS)%20to%20manage%20a%20few%20legacy%20application%20servers%20as%20part%20of%20our%20Azure%20infrastructure.%20In%20order%20for%20VNET-integrated%20Web%20Apps%20to%20find%20internal%20API%3As%20using%20the%20VNET%20integration%20we've%20added%20a%20few%20custom%20Forward%20Lookup%20Zones%20for%20these%20specific%20hosts%20in%20the%20AADDS%20DNS.%20At%20seemingly%20random%20times%20(maybe%20once%20a%20week)%2C%20the%20A-records%20in%20these%20zones%20are%20deleted%20in%20the%20DNS%20server%2C%20although%20the%20zones%20remain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20help%20me%20explain%20wht%20this%20happens%20and%20how%20we%20can%20prevent%20it%3F%20Azure%20Web%20Apps%20does%20not%20contain%20a%20hosts-file%2C%20so%20we%20are%20dependent%20on%20DNS%20for%20lookups.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%2C%3C%2FP%3E%3CP%3EMagnus%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1924331%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDomain%20Services%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2000828%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Domain%20Services%20-%20Custom%20DNS%20records%20keep%20disappearing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2000828%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20you%20are%20better%20off%20using%20conditional%20forwarders%20to%20point%20to%20a%20DNS%20server%20for%20record%20resolution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20need%20to%20be%20very%20careful%20not%20to%20any%20other%20zones%20into%20the%20managed%20domain%20since%20AD%20DS%20DNS%20should%20only%20contain%20the%20managed%20domain.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

We are running Azure AD Domain Services (AADDS) to manage a few legacy application servers as part of our Azure infrastructure. In order for VNET-integrated Web Apps to find internal API:s using the VNET integration we've added a few custom Forward Lookup Zones for these specific hosts in the AADDS DNS. At seemingly random times (maybe once a week), the A-records in these zones are deleted in the DNS server, although the zones remain.

 

Can anyone help me explain wht this happens and how we can prevent it? Azure Web Apps does not contain a hosts-file, so we are dependent on DNS for lookups.

 

Thanks in advance,

Magnus

2 Replies

I think you are better off using conditional forwarders to point to a DNS server for record resolution.

 

You need to be very careful not to any other zones into the managed domain since AD DS DNS should only contain the managed domain.

The reason was that custom zones in AADDS DNS is not supported. The solution was to implement an Azure Private DNS zone and associate it with the virtual network. Works like a charm.