Planning DNS Zones for a Custom Domain in Microsoft 365
Cloud and systems engineer with a strong foundation in networking, automation, and infrastructure design. I write about real-world challenges, best practices, and evolving trends in cloud computing, system administration, and network architecture.
A properly configured public DNS zone is critical for:
Domain verification
Email delivery (MX records)
Autodiscover & federation
Web services & applications
1️⃣ DNS Zone in Hybrid Deployments
Hybrid deployments combine on-premises and cloud environments. Key planning considerations:
a. Understand Hybrid Infrastructure
Identify domain structure, IP schemes, and existing DNS servers.
Know which resources are on-premises vs. in the cloud.
b. Namespace Integration
Decide on single namespace or separate namespaces:
- Example:
cloud.example.com(cloud),internal.example.com(on-premises)
- Example:
c. DNS Forwarding
- Configure on-premises DNS to forward unresolved queries to cloud DNS.
d. Split DNS (Split Brain)
Internal and external DNS zones can provide different IPs for the same host name.
- Internal users get private IPs, external users get public IPs.
e. DNS Synchronization
- Ensure updates to records are consistent between on-premises and cloud.
f. Service Discovery
- Use SRV or Azure Service Discovery for cross-environment services.
g. Security
- Implement DNSSEC, firewalls, and access controls.
h. Monitoring
- Monitor traffic, resolution, latency, and health for both internal and external DNS.
2️⃣ DNS Zone in Cloud-Only Deployments
Cloud-only DNS planning is simpler but still requires careful setup.
a. DNS Provider
- Options: Azure DNS, GoDaddy, Amazon Route 53, Google Cloud DNS.
b. DNS Zone Hierarchy
Create zones aligned with domain/subdomain structure.
Consider separate zones for geographic locations or service types.
c. DNS Zone Design
- Use separate zones for different cloud services (web apps, VMs, databases) for easier management.
d. DNS Record Types
A record → maps domain/subdomain to IPv4
AAAA record → maps domain/subdomain to IPv6
CNAME record → alias for another domain/subdomain
MX record → mail servers for domain
TXT record → verification or additional info
e. DNS Zone Delegation
- Delegate management of subzones to different teams if needed.
f. Security
- Implement DNSSEC and secure your zone against unauthorized changes.
g. Monitoring & Maintenance
Track resolution, latency, and zone health.
Stay updated with DNS provider changes.
3️⃣ Hosting Options for DNS Zones
| Option | Pros | Cons |
| Third-party provider (e.g., GoDaddy) | Easy web portal management | Requires internal DNS for local resources |
| On-premises DNS servers | Full control, supports internal/external split | Requires infrastructure and maintenance |
4️⃣ Split DNS (Same Name for Internal & External Zones)
Internal DNS returns private IPs to internal users.
External DNS returns public IPs to internet users.
Ensures internal clients can connect to Microsoft 365 services while keeping internal resources secure.
✅ Summary Best Practices
Use public DNS zones for Microsoft 365 services.
Configure split DNS if internal and external networks need different IPs.
Plan zone hierarchy according to domains, subdomains, and services.
Implement security measures like DNSSEC.
Regularly monitor and maintain DNS zones.
Choose a DNS hosting strategy that fits your infrastructure (on-premises or third-party).
