1

I'm configuring a load balancer in Azure to distribute traffic to backend VMs for my web application (most likely just a singular VM actually). I'm a bit confused about the DNS setup. Here's what I have (I will use dummy names):

I've deployed a load balancer named "FlowerLoadBal" in the "UK South" region of Azure. I want users to access the web application using the subdomain "Flower.mydomain.com".

The load balancer has a public IP address associated with it. Here's what I'm planning to do in my DNS configuration:

A Record:

Host: FlowerLoadBal

Value: Public IP address of the load balancer

CNAME Record:

Host: Flower

Target: FlowerLoadBal.uksouth.cloudapp.azure.com

Is this the correct approach for configuring DNS to point to the Azure load balancer with a public IP? I believe this is correct. When they enter Flower.mydomain.com it should point them to the load balancer which will then send them onto the VM (after I configure it).

Are there any potential issues or improvements I should consider?

Michael Brown
  • 13

1 Answers1

1

you can do it with Azure DNS with just an A record as described here https://learn.microsoft.com/en-us/azure/dns/dns-custom-domain#public-ip-address

It really depends on your scenario but some things to consider at a high level:

  • Will you need to scale your VM out based on load? Have you considered using a VM Scale Set here
  • if you're using Azure Loadbalancer the VM web host will need to deal with the SSL / TLS.
  • Do you have to host on a VM , if you can host on Azure App Service or Azure Container Apps then a lot of features you may require are already provided with these Platform as a service offerings which can be cheaper in the long run
  • Azure Loadbalancer is Layer3/4 (it's implemented through the software defined networking, so it isnt a "real" appliance). But for a web application then a Layer7 load balancer like Azure Application Gateway, or Azure Front Door can provide many more features relevant to a web app and both optionally support a WAF policy.
  • if using the VM ensure that you also use an NSG and that other ports (RDP, SSH etc) are blocked so only web traffic is allowed.

This is not an exhaustive list

Ben Gimblett
  • 31