Apr 1, 2016

How to Manage Azure DNS for Exchange Administrators (Part 2)

In the first article, our focus was towards the Public Domain being transferred to Azure DNS. We covered the process to create the Resource Group and Zone itself using PowerShell.

In this article, we will be managing the DNS zone using PowerShell, and we will create all the required type of records to support an Exchange environment, including A records (required for webmail, smtp and autodiscover), TXT records (SPF entries) and MX records (to allow to incoming traffic of messages from external SMTP servers on the Internet).



We'll cover the basics to managing all sort of entries in Azure DNS.

If you would like to read the 2nd part in this article series please go to;

 

Creating DNS Records

Azure DNS uses the concept of Record Set to add information into the DNS zones, a record set is a collection of DNS records that share the same name. It is important for this concept to be understood when we have a host, for example, with more than one IPv4 address, in that case they will share the same Record Set.


The creation process for most of the DNS records require three (3) steps as shown in Figure 01. The first step is to create the Record Set and we will add all the information required into a variable; the second step it to add specific DNS Record configuration which is related to the entry type that we are adding; and finally the last step is to commit that information into the DNS.

Image
Figure 01

Based on our scenario, we can start simple by creating an A record, and one of our needs is to create one for smtp.infralab.org. We will repeat the same steps for autodiscover and webmail. The entire process is listed below (Figure 02).

$NewRS = New-AzureRMDNSRecordSet –Name “smtp” –RecordType “A” –ZoneName infralab.org –ResourceName RG-DNS –TTL 3600
Add-AzureRMDNSRecordConfig –RecordSet $NewRMS –Ipv4Address 30.30.30.30
Set-AzureRMSDNSRecordSet –RecordSet $NewRS

Image
Figure 02

The same nslookup utility that we used in the previous article can be used to check the information for this new entry. The complete test is shown in Figure 03.

Image
Figure 03

In order to receive external e-mails we must configure our MX record. In our scenario we will start simple by configuring the first MX record using the cmdlets below (Figure 04).

$NewRS = New-AzureRMDNSRecordSet –Name “@” –RecordType “MX” –ZoneName infralab.org –ResourceName RG-DNS –TTL 3600
Add-AzureRMDNSRecordConfig –RecordSet $NewRMS –Exchange “smtp.infralab.org” –Preference 5
Set-AzureRMSDNSRecordSet –RecordSet $NewRS

Image Figure 04

In some cases, and that should be the rule, a secondary MX record should be present to avoid a single point of failure. In order to add that information, we need to remember that we use Record Sets in Azure DNS, and for that reason we need to load the current record set that has the MX and then add the new MX server. All cmdlets required for that operation are listed below, and the same commands can be seen in action in Figure 05.

$rsmxupdate = Get-AzureRMDNSRecordSet –Name “@” –RecordType “MX” –ZoneName infralab.org –ResourceGroupName RG-DNS
Add-AzureRMDNSRecordConfig –RecordSet $rsmxupdate –Exchange “smtp2.infralab.org” –Preference 20
Set-AzureRMDNSRecordSet –RecordSet $rsmxupdate

Image
Figure 05

Last but not least, we need to configure the SPF record for our new public domain, and the logic is the same, we just need to adjust the RecordType and the Value parameter to insert the SPF information (Figure 06).

$newRSSPF = New-AzureRMDNSRecordSet –Name “@” –RecordType TXT –ZoneName infralab.org –ResourceGroupName RG-DNS –TTL 3600
Add-AzureRMDNSRecordConfig –RecordSet $NewRSSPF –Value “v=spf1 a mx ~all”
Set-AzureRMDNSRecordSet –RecordSet $NewRSSPF

Image
Figure 06

 

Listing existent zones and Record Sets using PowerShell

The Resource Groups is a great feature in Microsoft Azure. They allow the administrator to provide delegation, billing information, tags etc. If you don’t have a good reason to have multiple resource groups, the recommendation is to use just one for all your Azure DNS zones.

In this article series we have been using a single Resource Group called RG-DNS, and in order to list all existent zones the following cmdlet can be used (Figure 07).

Get-AzureRMDNSZone –ResourceGroupName RG-DNS

Image
Figure 07

In order to list all records of any given zone, the following cmdlet can be used (Figure 08). Keep in mind that most cmdlets will always require the ZoneName and the ResourceGroupName parameters.

Get-AzureRMDNSRecordSet –ZoneName infralab.org –ResourceGroupName RG-DNS

Image
Figure 08

If you want to save time, we can take advantage of variables and use them to speed the process. In our current section, we could create two variables as follows:

$zone = “infralab.org”
$RG = “RG-DNS”

After creating the variables, we can use them on any cmdlet. For example, we can run the same previous command but instead of typing everything we can use our variables which already have the information.

Get-AzureRMDNSRecordSet –ZoneName $zone –ResourceGroupName $RG

In some cases, we want to go straight to the point and list only the DNS entries that we are troubleshooting/validating. In this kind of situation we can use an additional parameter –RecordType and specify the type which could be (SOA, AAAA, A, TXT, SRV, CNAME). In the cmdlet below we are listing only the A records for that given zone (Figure 09).

Get-AzureRMDNSRecordSet –ZoneName infralab.org –ResourceGroupName RG-DNS –RecordType A

Image
Figure 09

At this point in the game we know the cmdlets to list all zones from any given resource group, list all entries, narrow down per type of entry, and to complete this section of reporting, the administrator may need to list all entries in a summarized way where with a single glance it is able to spot the important information which basically is Name, RecordType and Records. This task can be accomplished using the following cmdlet, and it is also shown in Figure 10.

Get-AzureRMDNSRecordSet –ZoneName infralab.org –ResourceGroupname RG-DNS | ft Name,TTL,RecordType,Records -AutoSize

Image
Figure 10

 

Removing DNS entries

As part of the DNS management the administrator must be able to remove entries, and using Azure DNS we can remove a record that is part of a Record Set or the entire record set.

The easiest way to remove things is doing so at record set level because it is a single cmdlet. Let’s say that we want to remove the xxx.infralab.org (the xxx is A entry in our zone). The best approach is to double check if we are on the right track, and using the cmdlet below we can list all A records, and we can guarantee that the xxx record is there (Figure 11).

Get-AzureRMDNSRecordSet –ZoneName infralab.org –ResourceGroupName RG-DNS –RecordType A

Image
Figure 11

In order to delete the entire record set, which means if we have two IP addresses for the same host, then both would be deleted, we can use these following cmdlets (Figure 12) where we will check the entry first, and then remove the record set and finally perform the same check to validate that deletion has occurred.

Note:To delete the record set we need to provide the entire information, in order to be unique, which means providing even the RecordType, and that is the reason why listing the entry to be deleted is important.

Get-AzureRMDNSRecordSet –Name xxx –RecordType A –ZoneName infralab.org –ResourceGroupName RG-DNS
Remove-AzureRMDNSRecordSet –Name xxx –ZoneName infralab.org –ResourceGroupName RG-DNS –RecordType A
Get-AzureRMDNSRecordSet –Name xxx –RecordType A –ZoneName infralab.org –ResourceGroupName RG-DNS

Image
Figure 12

If you need to remove just one piece of information (a record) from an existent record set, then the process is a little bit different. Let’s use the example shown in Figure 13, where the host (A record) www has two IP addresses for redundancy. If we use the previous method we would be deleting the entire www, however we just want to remove the IP address 20.20.20.20.

Image
Figure 13



The process consists of loading the desired record set to a variable, removing the record and committing the changes, and the entire process is listed below (Figure 14). The real difference on the removal process is that we have the cmdlet Remove-AzureRMDNSRecordConfig on the second step, other than that it is similar to the process to add an entry.

$RSRemove = Get-AzureRmDnsRecordSet -Name "www" -RecordType A –ZoneName infralab.org –ResourceGroupName RG-DNS
Remove-AzureRmDnsRecordConfig -RecordSet $RSremove -Ipv4Address ’20.20.20.20’
Set-AzureRmDnsRecordSet -RecordSet $RSRemove

In the same Figure 14, we can see that the record set has a single IP address after the changes that we have just performed.

Image
Figure 14

 

Conclusion

In this article we covered the basics to manage all sort of entries in Azure DNS, and part of the administration of DNS the administrator must be able to add, remove and list the existent entries.

If you would like to read the 2nd part in this article series please go to;

Post a Comment

 
TECH SUPPORT © 2012 - Designed by INFOSBIRD