| title | Manage DNS zones in Azure DNS - PowerShell | Microsoft Docs |
|---|---|
| description | You can manage DNS zones using Azure PowerShell. This article describes how to update, delete, and create DNS zones on Azure DNS |
| services | dns |
| author | asudbring |
| ms.service | azure-dns |
| ms.topic | how-to |
| ms.date | 03/07/2025 |
| ms.author | allensu |
| ms.custom | devx-track-azurepowershell |
[!div class="op_single_selector"]
This article shows you how to manage your DNS zones by using Azure PowerShell. You can also manage your DNS zones using the cross-platform Azure CLI or the Azure portal.
This guide specifically deals with Public DNS zones. For information on using Azure PowerShell to manage Private Zones in Azure DNS, see Get started with Azure DNS Private Zones using Azure PowerShell.
[!INCLUDE dns-create-zone-about]
[!INCLUDE dns-powershell-setup]
A DNS zone is created by using the New-AzDnsZone cmdlet.
The following example creates a DNS zone called contoso.com in the resource group called MyDNSResourceGroup:
New-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup
The following example shows how to create a DNS zone with two Azure Resource Manager tags, project = demo and env = test:
New-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup -Tag @{ project="demo"; env="test" }
To retrieve a DNS zone, use the Get-AzDnsZone cmdlet. This operation returns a DNS zone object corresponding to an existing zone in Azure DNS. The object contains data about the zone (such as the number of record sets), but doesn't contain the record sets themselves (see Get-AzDnsRecordSet).
Get-AzDnsZone -Name contoso.com –ResourceGroupName MyDNSResourceGroup
Name : contoso.com
ResourceGroupName : myresourcegroup
Etag : 00000003-0000-0000-8ec2-f4879750d201
Tags : {project, env}
NameServers : {ns1-01.azure-dns.com., ns2-01.azure-dns.net., ns3-01.azure-dns.org.,
ns4-01.azure-dns.info.}
NumberOfRecordSets : 2
MaxNumberOfRecordSets : 5000
By omitting the zone name from Get-AzDnsZone, you can enumerate all zones in a resource group. This operation returns an array of zone objects.
$zoneList = Get-AzDnsZone -ResourceGroupName MyDNSResourceGroup
$zoneList
By omitting both the zone name and the resource group name from Get-AzDnsZone, you can enumerate all zones in the Azure subscription.
$zoneList = Get-AzDnsZone
$zoneList
Changes to a DNS zone resource can be made by using Set-AzDnsZone. This cmdlet doesn't update any of the DNS record sets within the zone (see How to Manage DNS records). It's only used to update properties of the zone resource itself. The writable zone properties are currently limited to the Azure Resource Manager ‘tags’ for the zone resource.
Use one of the following two ways to update a DNS zone:
This approach replaces the existing zone tags with the values specified.
Set-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup -Tag @{ project="demo"; env="test" }
This approach retrieves the existing zone object, modifies the tags, and then commits the changes. In this way, existing tags can be preserved.
# Get the zone object
$zone = Get-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup
# Remove an existing tag
$zone.Tags.Remove("project")
# Add a new tag
$zone.Tags.Add("status","approved")
# Commit changes
Set-AzDnsZone -Zone $zone
When you use Set-AzDnsZone with a $zone object, Etag checks are used to ensure concurrent changes aren't overwritten. You can use the optional -Overwrite switch to suppress these checks.
DNS zones can be deleted using the Remove-AzDnsZone cmdlet.
Note
Deleting a DNS zone also deletes all DNS records within the zone. This operation cannot be undone. If the DNS zone is in use, services using the zone will fail when the zone is deleted.
To protect against accidental zone deletion, see How to protect DNS zones and records.
Use one of the following two ways to delete a DNS zone:
Remove-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup
You can specify the zone to be deleted using a $zone object returned by Get-AzDnsZone.
$zone = Get-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup
Remove-AzDnsZone -Zone $zone
The zone object can also be piped instead of being passed as a parameter:
Get-AzDnsZone -Name contoso.com -ResourceGroupName MyDNSResourceGroup | Remove-AzDnsZone
As with Set-AzDnsZone, specifying the zone using a $zone object enables Etag checks to ensure concurrent changes aren't deleted. Use the -Overwrite switch to suppress these checks.
The New-AzDnsZone, Set-AzDnsZone, and Remove-AzDnsZone cmdlets all support confirmation prompts.
Both New-AzDnsZone and Set-AzDnsZone prompt for confirmation if the $ConfirmPreference PowerShell preference variable has a value of Medium or lower. Since deleting a DNS zone can potentially cause unwanted conditions, the Remove-AzDnsZone cmdlet prompts for confirmation if the $ConfirmPreference PowerShell variable has any value other than None.
Since the default value for $ConfirmPreference is High, only Remove-AzDnsZone prompts for confirmation by default.
You can override the current $ConfirmPreference setting using the -Confirm parameter. If you specify -Confirm or -Confirm:$True , the cmdlet prompts you for confirmation before it runs. If you specify -Confirm:$False , the cmdlet doesn't prompt you for confirmation.
For more information about -Confirm and $ConfirmPreference, see About Preference Variables.
Learn how to manage record sets and records in your DNS zone.
Learn how to delegate your domain to Azure DNS.
Review the Azure DNS PowerShell reference documentation.