Use redundant DNS servers#
Reliability · Virtual Network · Rule · 2020_06 · Important
Virtual networks (VNETs) should have at least two DNS servers assigned.
Description#
Virtual networks (VNETs) should have at least two (2) DNS servers assigned. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced.
Recommendation#
Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS.
Examples#
Configure with Azure template#
To deploy Virtual Networks that pass this rule:
- Set
properties.dhcpOptions.dnsServersto at least two DNS server addresses. OR - Use the default Azure DNS servers.
For example:
Azure Template snippet
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2023-05-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"dhcpOptions": {
"dnsServers": [
"10.0.1.4",
"10.0.1.5"
]
}
}
}
Configure with Bicep#
To deploy Virtual Networks that pass this rule:
- Set
properties.dhcpOptions.dnsServersto at least two DNS server addresses. OR - Use the default Azure DNS servers.
For example:
Azure Bicep snippet
resource vnet 'Microsoft.Network/virtualNetworks@2023-05-01' = {
name: name
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
dhcpOptions: {
dnsServers: [
'10.0.1.4'
'10.0.1.5'
]
}
}
}
Links#
- Understand the impact of dependencies
- Hub-spoke network topology in Azure
- Azure landing zone conceptual architecture
- Azure deployment reference