Setup DNS Server 2016 in Azure

To setup a DNS server in Azure, use our IaaS DNS virtual machine offering from the Azure marketplace.  Our virtual machine comes pre configured as a DNS server 2016.

DNS Server

Getting Started

Once you’ve downloaded our Azure DNS virtual machine, the first task is to set the virtual machine with a static ip address. This is very important so clients can resolve using the correct IP address incase the servers ip address changes.



  • For best performance, when you are using Azure VMs as DNS servers, IPv6 should be disabled.
  • public IP address should be assigned to each DNS server VM.  
  • If you are using DDNS, you might need to disable DNS record scavenging. Azure DHCP leases are long, and scavenging might remove DNS records prematurely.
  • Provide appropriate recursive resolution to allow resolution of external domain names.
  • Be accessible (TCP and UDP on port 53) from the clients it serves, and be able to access the internet.


Creating Forward Lookup Zone

Step 1. Open server manager dashboard.

Step 2. Click Tools -> DNS

Step 3. In DNS manager console,  expand DNS server. Right-click Forward Lookup Zones.

Step 4. Click New Zone.


Step 5. Click Next.

Step 6. Choose primary zone. If your server is part of Active Directory, you can choose to “Store the zone in AD” (Optional).

Step 9. Provide the zone name and click Next.


Step 10. Choose “Create a new file with this ….” and click Next.


Step 10. Choose “Do not allow dynamic updates” or “Allow only secure dynamic updates” if your environment is part of Active Directory.


Step 11. Click Finish.

Adding Host Record in a Forward Lookup Zone

Step 1. Open DNS manager console and right-click your forward lookup zone where you would like to create a host record.

Step 2. Click New Host (A or AAAA).


Step 3. Provide the name (and this will become FQDN in the form, and IP address.


Step 4. Click ‘Add Host‘ and you are done.


DNS Firewall Ports


The following firewall ports will need to be open if you have a network security group (NSG) or firewall appliance in between your DNS server and clients.


Incoming open ports:


Outgoing open ports:




If you have any questions about this Microsoft DNS server deployment or are experiencing any issues with your deployment leave your comments below and i will answer them for you within 24 hours.


If you would like to hire us to setup your DNS server environment for you, get in touch and we can get you up and running 


Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

No Comments

Post a Comment