![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 89%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi VERNAL COOPER,
Thanks for reaching out in Microsoft Q&A forum,
You’re right DNS standards don’t let you slap a CNAME on the naked (apex) domain, so you have to work around it. Here are the most common approaches in Azure DNS without moving your zone:
- If your external URL lives on a static IP • Lookup its A (and AAAA) record(s) with
nslookupordig• In your Azure DNS zone, create an “A” record (and “AAAA” if needed) for “@” pointing to that IP • Clients hit your apex domain directly at that IP - If it doesn’t have a stable IP (or you want health-checks/load balancing) a) Use Azure Traffic Manager
- Create a Traffic Manager profile
- Add an “External Endpoint” pointing to your external URL
- In Azure DNS, create an Alias A record at “@” targeting the Traffic Manager profile
- DNS will return the TM endpoint IP and TM will forward to your URL
- Add your apex domain as a custom domain in Front Door - Front Door backend points to the external URL- Create an Alias A record in Azure DNS for “@” > your Front Door endpoint
- If you just need a simple HTTP redirect (301) • Spin up a tiny Azure App Service or Storage Static Website that issues a permanent redirect to your external URL • Use an Alias A record on “@” pointing at that App Service/Storage endpoint IP or resource
Those Alias record sets avoid the CNAME-at-root restriction by pointing at Azure resources (Traffic Manager, Front Door, CDN, App Service, etc.). Pick the option that fits your needs static IP, health-checks, or simple redirect.
References :
- Azure Public DNS overview & alias records https://learn.microsoft.com/azure/dns/public-dns-overview#alias-records
- Host load-balanced apps at the zone apex (Traffic Manager + Alias) https://learn.microsoft.com/azure/dns/dns-alias-appservice#create-a-traffic-manager-profile
- Use Azure DNS to provide custom domain settings (A records) https://learn.microsoft.com/azure/dns/dns-custom-domain#public-ip-address
- Set up an apex domain with Azure DNS in Static Web Apps (Alias + TXT) https://learn.microsoft.com/azure/static-web-apps/apex-domain-azure-dns
- What is Azure Public DNS? (alias record capabilities) https://learn.microsoft.com/azure/dns/public-dns-overview
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.