Use redundant DNS servers
March 21, 2025 ยท View on GitHub
SYNOPSIS
Virtual networks (VNETs) should have at least two DNS servers assigned.
DESCRIPTION
Virtual networks (VNETs) should have at least two (2) DNS servers assigned. Using a single DNS server may indicate a single point of failure where the DNS IP address is not load balanced.
RECOMMENDATION
Virtual networks should have at least two (2) DNS servers set when not using Azure-provided DNS.
EXAMPLES
Configure with Azure template
To deploy Virtual Networks that pass this rule:
- Set
properties.dhcpOptions.dnsServersto at least two DNS server addresses. OR - Use the default Azure DNS servers.
For example:
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2023-05-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"dhcpOptions": {
"dnsServers": [
"10.0.1.4",
"10.0.1.5"
]
}
}
}
Configure with Bicep
To deploy Virtual Networks that pass this rule:
- Set
properties.dhcpOptions.dnsServersto at least two DNS server addresses. OR - Use the default Azure DNS servers.
For example:
resource vnet 'Microsoft.Network/virtualNetworks@2023-05-01' = {
name: name
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
dhcpOptions: {
dnsServers: [
'10.0.1.4'
'10.0.1.5'
]
}
}
}