Skip to content

Delegate Azure domains to Cloudflare

Background

These days, I bought a domain (right one of this site) in Azure. I successfully assocciated this domain to my tiny site. After knowning that cloudflare offers free CDN and other advanced functions for free, so I decided to move the DNS host from default Azure to Cloudflare.

I thought it would be easy, after all I own the domain as I paid for it, However, Azure takes me aback, there is no option to transfer the authoritative DNS servers(nameservers) to outside.

Azure will automatically create a corresponding Azure DNS Zone after the doamin registered. Despite I can add or delete DNS records on it, there is no way to delete or replace the azure's existing NS and SOA records at apex level, as the doc, which unfortunately, is a must have when transfering DNS authority.

picture 3

Fortunately, the door was not fully locked, I finally made a way out.

Solution

Delete Auzre DNS zone

As the docs:

You can't delete the SOA and NS record sets at the zone apex (name = "@") that gets automatically created when the zone gets created. They're deleted automatically when you delete the zone. So there is no choice but to delete the DNS Zone as a whole. But it will make the domain unreachable since all the DNS records are deleted. I thought I had gone down a blind alley.

A stride was made when I go back to the domain page and tried to click the "Manage DNS records" picture 4

A pane shows up to ask me to create a Azure DNS Zone:

Azure DNS Creation Pane

The pane itself didn't make any surprise for me. But a term "Advanced Management Portal" from the info call-out attracted me.

Find the lost "Advanced Management Portal"

The hint from the pane suggests one probably can manage the DNS by so called Advanced Management Portal instead of Azure DNS zone. However, It's a bummer that I cannot find it across the entire Azure site. I am sure it existed before but got vanished some day. It seems Azure is intentionally dispose the advanced portal and force us to use Azure DNS (which means nameservers are also limited inside Azure).

The good news is I finally found the entrance of the portal from a Q&A thread:

It doesn't show up in the menu. I don't know why either.
But you can access it from the URL below.
https://dcc.secureserver.net/domains
I was able to use this to transfer my DNS server from Azure to AWS Route 53.

The bad news is the url will redirect to a login page and Microsoft account didn't work. It seems users can directly access it by a button from Azure before, but now the button has gone, Microsoft's credential cannot automatically pass onto the portal anymore.

Acquire an account

As the instruction, I started the "find my username" process, to my surprise, it only required an email address, but it turns out I must use the email of my Microsoft account, other emails won't receive any response.

With the username, I successfully got the password similarly. Just when I was about to celebrate my findings, another issue occurs: The redirected page after login became a white screen. A React error came out in the Devtool console: picture 5

Bypass the white screen

The light was almost shaded because of the bug while loading https://dcc.secureserver.net, I was about to give up. But hope rekindled again when I noticed the slight difference between redirected url and the url given by the previous thread. Yes, the latter one has an extra path /domains. So I tried to add it manually, it successfully loaded and I saw my domain being displayed in the dashboard: picture 7

Finally, I changed the nameservers in that dashboard, what a tough journey!

In sum

Although I did it eventually, I still feel disappointed at Azure. Hope we can gain the full control back one day.

Comments