Public IP address prefixes
When using multiple public IP addresses, it can be convenient to have all of the IP addresses allocated from a single IP range or prefix. For example, when configuring firewall rules, this allows you to configure a single rule for the prefix, rather than separate rules for each IP address.
To support this scenario, Azure allows you to reserve a public IP address prefix. Public IP address resources associated with that prefix will have their IP addresses assigned from that range, rather than from the general-purpose Azure pool.
When creating a prefix, specify the prefix resource name, subnet size (for example, /28 for 16 IP addresses), and the Azure region where the IP addresses will be allocated.
Once the prefix is created, individual public IP addresses can be created that are associated with this prefix. Note that only Standard-tier public IP addresses support allocation from a pre- fix, and thus only static allocation is supported. The IP address assigned to these resources will be taken from the prefix range—you cannot specify a specific IP address from the range.
DNS LABELS
The domain name system (DNS) can be used to create a mapping from a domain name to an IP address so you can reference IP address endpoints using a domain name rather than using the assigned IP address directly.
There are four ways to configure a DNS label for an Azure public IP address:
- By specifying the DNS name label property of the public IP address resource
- By creating a DNS A record in Azure DNS or a third-party DNS service hosting a DNS domain
- By creating a DNS CNAME record in Azure DNS or a third-party DNS service hosting a DNS domain
- By creating an alias record in Azure DNS
SPECIFY THE DNS NAME LABEL PROPERTY
With this option, you specify the left-most part of the DNS label as a property in the public IP address resource. Azure provides the DNS suffix, which will be of the form .cloudapp. azure.com. The DNS label you provide is concatenated with this suffix to form the fully quali- fied domain name (FQDN), which can be used to look up the IP address via a DNS query.
For example, if your public IP address is deployed to the Central US region, and you specify the DNS label contoso-app, then the FQDN will be contoso-app.centralus.cloudapp.azure.com.
The major limitation of this approach is that the DNS suffix is taken from an Azure-provided DNS domain. It does not support the use of your own vanity domain, such as contoso.com. To address this, you will need to use one of the other approaches.
CREATE A DNS A RECORD
In this approach, you will have already hosted your vanity domain either in Azure DNS or a third-party DNS service. Using your hosting service, you can create a DNS entry in your vanity domain mapping to your public IP address resource. If you use a DNS A record, which maps directly to an IP address, you will need to update the DNS record if the assigned IP address changes. To avoid this, use static rather than dynamic IP allocation.
CREATE A DNS CNAME RECORD
In this approach, you start by creating a DNS label for your public IP address. You then cre- ate a CNAME record in your vanity domain, which maps your chosen domain name to the Azure-provided DNS name. For example, you might map www.contoso.com to contoso-app.
centralus.cloudapp.azure.com. This approach has the advantage of avoiding the need for static IP allocation because the Azure-provided DNS entry updates automatically if the assigned IP address changes. However, the downside of this approach is that the domain name system does not support CNAME records at the root of a DNS domain, which means while you can create a CNAME record for www.contoso.com, you cannot create one for contoso.com (without the “www”).
CREATE AN ALIAS RECORD
In this approach, your vanity domain must be hosted in Azure DNS. You can then create an alias record, which works the same as an A record, except that rather than specifying the assigned IP address value explicitly in the DNS record, you simply reference the public IP address resource. The assigned IP address is taken from this resource and automatically configured in your DNS alias record. With alias records, the DNS record is automatically updated if the assigned IP address changes, avoiding the need for static IP allocation.