Skip to content

Use redundant DNS servers#

Reliability · Virtual Network · Rule · 2020_06 · Important

Virtual networks (VNETs) should have at least two DNS servers assigned.

Description#

Virtual networks (VNETs) should have at least two (2) DNS servers assigned. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced.

Recommendation#

Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS.

Examples#

Configure with Azure template#

To deploy Virtual Networks that pass this rule:

  • Set properties.dhcpOptions.dnsServers to at least two DNS server addresses. OR
  • Use the default Azure DNS servers.

For example:

Azure Template snippet
{
  "type": "Microsoft.Network/virtualNetworks",
  "apiVersion": "2023-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "properties": {
    "addressSpace": {
      "addressPrefixes": [
        "10.0.0.0/16"
      ]
    },
    "dhcpOptions": {
      "dnsServers": [
        "10.0.1.4",
        "10.0.1.5"
      ]
    }
  }
}

Configure with Bicep#

To deploy Virtual Networks that pass this rule:

  • Set properties.dhcpOptions.dnsServers to at least two DNS server addresses. OR
  • Use the default Azure DNS servers.

For example:

Azure Bicep snippet
resource vnet 'Microsoft.Network/virtualNetworks@2023-05-01' = {
  name: name
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.0.0.0/16'
      ]
    }
    dhcpOptions: {
      dnsServers: [
        '10.0.1.4'
        '10.0.1.5'
      ]
    }
  }
}

Comments