Azure DNS
Configuration
To use this provider, add an entry to creds.json
with TYPE
set to AZURE_DNS
, along with the necessary credentials. The provider supports three authentication methods:
DefaultAzureCredential (Recommended): Simplifies authentication by leveraging Azure's credential chain (e.g., environment variables, managed identities, Azure CLI, etc.).
Client ID and Secret: Provides backward compatibility for users who prefer this method.
OIDC (InteractiveBrowserCredential): Allows interactive login via the browser for specific scenarios.
Example Configurations
DefaultAzureCredential (Recommended)
This method does not require explicit credentials in creds.json
and leverages Azure's default authentication chain:
Managed Identity (if running in Azure)
Environment variables
Azure CLI credentials
No additional setup is required in creds.json
:
{
"azuredns_main": {
"TYPE": "AZURE_DNS",
"SubscriptionID": "AZURE_SUBSCRIPTION_ID",
"ResourceGroup": "AZURE_RESOURCE_GROUP"
}
}
You can also use environment variables:
export AZURE_SUBSCRIPTION_ID=XXXXXXXXX
export AZURE_RESOURCE_GROUP=YYYYYYYYY
{
"azuredns_main": {
"TYPE": "AZURE_DNS",
"SubscriptionID": "$AZURE_SUBSCRIPTION_ID",
"ResourceGroup": "$AZURE_RESOURCE_GROUP"
}
}
Client ID and Secret (Backward Compatibility)
To use the client ID and secret-based authentication:
Example:
{
"azuredns_main": {
"TYPE": "AZURE_DNS",
"SubscriptionID": "AZURE_SUBSCRIPTION_ID",
"ResourceGroup": "AZURE_RESOURCE_GROUP",
"TenantID": "AZURE_TENANT_ID",
"ClientID": "AZURE_CLIENT_ID",
"ClientSecret": "AZURE_CLIENT_SECRET"
}
}
You can also use environment variables:
export AZURE_SUBSCRIPTION_ID=XXXXXXXXX
export AZURE_RESOURCE_GROUP=YYYYYYYYY
export AZURE_TENANT_ID=ZZZZZZZZ
export AZURE_CLIENT_ID=AAAAAAAAA
export AZURE_CLIENT_SECRET=BBBBBBBBB
{
"azuredns_main": {
"TYPE": "AZURE_DNS",
"SubscriptionID": "$AZURE_SUBSCRIPTION_ID",
"ResourceGroup": "$AZURE_RESOURCE_GROUP",
"ClientID": "$AZURE_CLIENT_ID",
"TenantID": "$AZURE_TENANT_ID",
"ClientSecret": "$AZURE_CLIENT_SECRET"
}
}
OIDC (Interactive Browser Authentication)
To enable OIDC for interactive login:
{
"azuredns_main": {
"TYPE": "AZURE_DNS",
"SubscriptionID": "AZURE_SUBSCRIPTION_ID",
"ResourceGroup": "AZURE_RESOURCE_GROUP",
"TenantID": "AZURE_TENANT_ID",
"UseOIDC": "true"
}
}
+You can also use environment variables:
export AZURE_SUBSCRIPTION_ID=XXXXXXXXX
export AZURE_RESOURCE_GROUP=YYYYYYYYY
export AZURE_TENANT_ID=ZZZZZZZZ
export UseOIDC=true
{
"azuredns_main": {
"TYPE": "AZURE_DNS",
"SubscriptionID": "$AZURE_SUBSCRIPTION_ID",
"ResourceGroup": "$AZURE_RESOURCE_GROUP",
"TenantID": "$AZURE_TENANT_ID",
"UseOIDC": "$UseOIDC"
}
}
Metadata
This provider does not recognize any special metadata fields unique to Azure DNS.
Usage
An example configuration:
var REG_NONE = NewRegistrar("none");
var DSP_AZURE_MAIN = NewDnsProvider("azuredns_main");
D("example.com", REG_NONE, DnsProvider(DSP_AZURE_MAIN),
A("test", "1.2.3.4"),
);
Activation
DNSControl depends on a standard Client credentials Authentication with permission to list, create and update hosted zones.
New domains
If a domain does not exist in your Azure account, DNSControl will not automatically add it with the push
command. You can do that either manually via the control panel, or via the command dnscontrol create-domains
command.
Caveats
The ResourceGroup is case sensitive.
Last updated