Skip to main content

WebTitan

Deploying WebTitan DNS Proxy in Azure

DNS Proxy is available through an Azure app from the Community Marketplace on Azure. Follow the steps below to deploy DNS Proxy to Azure.

Note

Within Azure there are numerous flows you can follow to deploy DNS Proxy. As an experienced Azure Admin, you may chose a different process flow, or select different settings, than described below.

This documentation makes recommendations, but assumes that you understand the most appropriate selections to make within your own Azure environment.

1. Sign in to Azure

  1. Sign in to your Microsoft Azure portal at https://portal.azure.com.

  2. Enter subscriptions in search and select subscriptions-icon.jpg Subscriptions to open the Subscription page.

  3. Select the subscription to which you want to deploy DNS Proxy and that Subscription page opens.

2. Create or access a resource group

  1. Enter resource groups in search and select resource-groups-icon.jpg Resource groups to open the Resource groups page.

  2. If you are are deploying DNS Proxy to an existing resource group, select that resource group and the resource group page opens. Otherwise, follow these steps to create a new resource group now:

    1. Select create-icon.jpgCreate and the Create a resource group page displays.

    2. In the Resource group field, enter a name for this resource group:

      WT-AAD-resource-group-name.jpg

    3. Select Review + create.

    4. Select Create.

3. Create a virtual machine

Next, create a virtual machine in your resource group.

  1. Enter resource groups in search and select resource-groups-icon.jpg Resource groups to open the Resource groups page.

  2. Select the resource group to which you are deploying DNS Proxy. This can be an existing resource group or one you created in Step 2 above.

  3. Select create-icon.jpg Create and the Marketplace page opens.

  4. Search the marketplace for "virtual machine"

    WT-AAD-search-for-virtual-machine.jpg

  5. Locate the Azure Service Virtual machine and select Create > Virtual Machine.

    WT-AAD-Azure-service-virtual-machine.jpg

  6. The Create a virtual machine page opens. Move through each of the tabs, making the preferred selections for your own environment.

    WT-AAD-create-virtual-machine-tabs.jpg

    Note

    Within Azure there are numerous flows you can follow to deploy DNS Proxy. As an experienced Azure Admin, you may chose a different process flow, or select different settings, than described below.

    This documentation makes recommendations, but assumes that you understand the most appropriate selections to make within your own Azure environment.

    1. From the Basics tab, the following selections are necessary or recommended:

      • Give your virtual machine a name In the Virtual machine name field.

      • From the Region dropdown, it is recommended you select your closest geographic region for speed of download.

      • Below the Image dropdown, select See all images.

        WT-AAD-virtual-machine-image-settings.jpg

        • The Marketplace page opens. From the sidebar menu, select Community Images (PREVIEW).

        • Search for DnsProxy-2.06:

          WT-AAD-search-for-DNSProxy.jpg

        • To help speed up deployment, select the DNSProxy-2.06 image from your closest geographic location.

      • From the Sizes dropdown, select your preferred virtual machine size. Keep the following in mind:

        • B-series sizing is suitable for initial test deployment, but should be resized to D-series for production. B-series sizing uses CPU credits and using the DNS Proxy web UI could potentially use your burstable (B-series) CPU budget quickly.

        • For production, using D-Series sizing is preferable. D2as_v4 is recommended as it is general purpose and does not use CPU credits.

      • Select SSH public key as the Authentication type. By default, a new key pair is generated when you create the virtual machine. Alternatively, you can enter an existing public key by selecting a different option from the SSH public key source dropdown menu.

        Important

        DNS Proxy will not successfully deploy with username/password authentication.

      • Select inbound ports: Ports 22, 80, 443 and 7780 are required for DNS Proxy deployment.

        By default, port 22 is already selected. You can also select ports 80 and 443 when creating your virtual machine. However, port 7780 is a custom port and can only be opened after the virtual machine is created.

      • From the Licensing type dropdown select Other.

        Note

        The Licensing field displays after you have selected the DNSProxy-2.06 image.

    2. From the Disks tab, it is optimal to select Standard HDD from the OS disk type dropdown menu.

    3. From the Networking tab, note that it is necessary to create a public IP if you require DNS Proxy to be accessed from outside your network.

    4. There are no further mandatory or recommended selections on the remaining tabs, but if you wish to make your own selections, move through the remaining tabs - Management, Monitoring, Advanced and Tags.

    5. Select Review + create and then select Create to create the virtual machine.

    6. If you selected SSH authentication above, and opted to generate a new key pair as your SSH public key source, then select Download private key and create resource when prompted and save your key.

  7. Your virtual machine will now deploy. It normally takes 5 - 7 minutes for the deployment to complete.

4. Open Required Ports On Your Virtual Machine

Ports 22, 80, 443 and 7780 must be open for DNS Proxy deployment:

  • Port 22 is used for SSH communication and opened by default when you create a virtual machine.

  • Ports 80 (HTTP) and 443 (HTTPS) are required to access the DNS Proxy web interface. These can be selected when creating a virtual machine, or opened after following the steps below.

  • Port 7780 Is required to communicate with other DNS Proxies within your Azure estate. It is a custom port and must be opened following the steps below after a virtual machine is created.

Follow the steps below to manually open a port on an existing virtual machine.

  1. In your Subscriptions, select resource-groups-icon.jpg Resource Groups from the sidebar menu and the Resource groups page opens.

  2. Open the resource group that contains the virtual machine to which you have deployed DNS Proxy.

  3. Open the Network Security Group (NSG) for the virtual machine. For example, if your virtual machine is ExampleVirtualMachine the network security group is ExampleVirtualMachine-nsg.

    WT-AAD-example-nsg.jpg

  4. Under Settings in the side menu, select Inbound security rules.

  5. In the Inbound security rules list, you will see port 22 - and if they were added when creating the virtual machine, you will also see ports 80 and 443:

    WT-AAD-inbound-security-rules-ports.jpg

    Continue with the steps below to add port 7780.

  6. Select WT-AAD-plus-icon.jpg Add and the Add inbound security rule window opens.

  7. Enter 7780 in the Destination port ranges field.

  8. In the Priority field, enter a priority, for example 600. Keep the following in mind:

    • Rules are read from top to bottom in the rules list and the priority is used to create an order. Lower priority has precedence.

    • It is good practice to increment rules by a priority of 100. This allows for an additional ninety nine rules to be added between rules if needed without modifying any existing rules.

    • Consider not applying priority 100, instead leave it for emergencies only.

  9. Select Add to add the inbound rule.

  10. Using rule priorities, the following is the suggested order:

    WT-AAD-inbound-security-rule-priorities.jpg

5. Accessing DNS Proxy

Once deployed and correct ports are open, open your virtual machine and copy the Public IP address (if using). This is the pubic IP address for your DNS Proxy. Follow the steps below to locate the public IP address for your deployed DNS Proxy:

  1. Enter virtual machine in search and select virtual-machines-icon.jpg Virtual machines to open the Virtual Machines page.

  2. Select the virtual machine to which you deployed DNS Proxy.

  3. From the Overview page, copy the Public IP address:

    WT-AAD-DNSProxy-public-ip.jpg

  4. Paste into new browser tab.

In this section: