Skip to content

NICs with custom DNS settings#

Reliability · Network Interface · Rule · 2020_06 · Awareness

Network interfaces (NICs) should inherit DNS from virtual networks.

Description#

By default Virtual machine (VM) NICs automatically use a DNS configuration inherited from the virtual network they connect to. Optionally, DNS servers can be overridden on a per NIC basis with a custom configuration.

Using network interfaces with individual DNS server settings may increase management overhead and complexity.

Recommendation#

Consider updating NIC DNS server settings to inherit from virtual network.

Examples#

Configure with Bicep#

To deploy NICs that pass this rule:

  • Clear the properties.dnsSettings.dnsServers property. OR
  • Remove the properties.dnsSettings property.

For example:

Azure Bicep snippet
resource nic 'Microsoft.Network/networkInterfaces@2024-05-01' = {
  name: name
  location: location
  properties: {
    dnsSettings: {
      dnsServers: []
    }
    ipConfigurations: [
      {
        name: 'ipconfig1'
        properties: {
          privateIPAllocationMethod: 'Dynamic'
          subnet: {
            id: subnetId
          }
        }
      }
    ]
  }
}

Configure with Azure Verified Modules

A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:

br/public:avm/res/network/network-interface:<version>

To use the latest version:

br/public:avm/res/network/network-interface:0.4.0

Configure with Azure template#

To deploy NICs that pass this rule:

  • Clear the properties.dnsSettings.dnsServers property. OR
  • Remove the properties.dnsSettings property.

For example:

Azure Template snippet
{
  "type": "Microsoft.Network/networkInterfaces",
  "apiVersion": "2024-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "properties": {
    "dnsSettings": {
      "dnsServers": []
    },
    "ipConfigurations": [
      {
        "name": "ipconfig1",
        "properties": {
          "privateIPAllocationMethod": "Dynamic",
          "subnet": {
            "id": "[parameters('subnetId')]"
          }
        }
      }
    ]
  }
}

Configure with Azure CLI#

To configure NICs that pass this rule, clear the DNS servers configuration:

Azure CLI snippet
az network nic update -n '<name>' -g '<resource_group>' --dns-servers null

Configure with Azure PowerShell#

To configure NICs that pass this rule, clear the DNS servers configuration:

Azure PowerShell snippet
# Place the network interface configuration into a variable.
$nic = Get-AzNetworkInterface -Name '<name>' -ResourceGroupName '<resource_group>'

# Remove the DNS servers configuration.
$nic.DnsSettings.DnsServers.Remove("192.168.1.100")
$nic.DnsSettings.DnsServers.Remove("192.168.1.101")

# Apply the new configuration to the network interface.
$nic | Set-AzNetworkInterface

Comments