{"id":20697528,"url":"https://github.com/epomatti/az-iotedge-dns","last_synced_at":"2026-04-21T00:04:40.872Z","repository":{"id":170211512,"uuid":"646337913","full_name":"epomatti/az-iotedge-dns","owner":"epomatti","description":"Azure IoT Edge using a custom DNS","archived":false,"fork":false,"pushed_at":"2023-05-31T11:23:11.000Z","size":107,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-17T18:37:10.397Z","etag":null,"topics":["azure","azure-iotedge","azure-iothub","bind9","dns","named","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/epomatti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-28T04:11:03.000Z","updated_at":"2025-01-01T18:46:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"039588fc-4892-421f-9180-9726fb3dfd5a","html_url":"https://github.com/epomatti/az-iotedge-dns","commit_stats":null,"previous_names":["epomatti/az-iotedge-proxy"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faz-iotedge-dns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faz-iotedge-dns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faz-iotedge-dns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faz-iotedge-dns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/epomatti","download_url":"https://codeload.github.com/epomatti/az-iotedge-dns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242961747,"owners_count":20213315,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azure-iotedge","azure-iothub","bind9","dns","named","terraform"],"created_at":"2024-11-17T00:18:52.936Z","updated_at":"2025-12-12T11:16:32.811Z","avatar_url":"https://github.com/epomatti.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure IoT Edge with Custom DNS\n\nAzure IoT Edge runtime using a custom DNS.\n\n\u003cimg src=\".assets/dns.png\" width=700 /\u003e\n\n## Infrastructure\n\n### 1 - Create the resources\n\nGenerate the test-only certificate chain:\n\n```sh\nbash scripts/generateCerts.sh\n```\n\nDeploy the resources:\n\n```sh\nterraform -chdir=\"infra\" init\nterraform -chdir=\"infra\" apply -auto-approve\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003e(Optional) Upgrade IoT Hub certificate to V2 (DigiCert)\u003c/summary\u003e\n\n  ```sh\n  az iot hub certificate root-authority set --hub-name \"iot-bluefactory\" --certificate-authority v2 --yes\n  ```\n\u003c/details\u003e\n\nMake sure the EdgeGateway has completed the installation:\n\n```sh\n# Connect to the IoT Edge VM\nssh edgegateway@\u003cpublic-ip\u003e\n\n# Check if the cloud-init status is \"done\", otherwise wait with \"--wait\"\ncloud-init status\n\n# Confirm that the IoT Edge runtime has been installed\niotedge --version\n```\n\nRestart the VM to activate any Linux kernel updates:\n\n```sh\naz vm restart -n \"vm-bluefactory-edgegateway\" -g \"rg-bluefactory\"\n```\n\n### 2 - Check the DNS provisioning\n\n```sh\n# Connect to the DNS server\nssh dnsadmin@\u003cpublic-ip\u003e\n\n# Check if the cloud-init status is \"done\", otherwise wait with \"--wait\"\ncloud-init status\n\n# Check the DNS installation\nsudo systemctl status named\n```\n\nRestart the VM to activate any Linux kernel updates:\n\n\u003e ℹ️ Check if there are no upgrades missing\n\n```sh\naz vm restart -n \"vm-bluefactory-dns\" -g \"rg-bluefactory\"\n```\n\n### 3 - DNS Setup\n\nUpload the config files to the remote DNS server:\n\n```sh\nbash ./scripts/uploadBind9Config.sh\n```\n\nConnect to the DNS server and run the config script:\n\n```sh\nsudo bash dnsConfig.sh\n```\n\nCheck the service status:\n\n```sh\nsudo systemctl status named\n```\n\nTesting the DNS resolution:\n\n```sh\n# Testing the EdgeGateway\ndig @10.0.90.4 edgegateway.bluefactory.local\n\n# Testing the IoT Hub\ndig @10.0.90.4 iot-bluefactory.azure-devices.net\n```\n\n### 4 - (Optional) Set DNS in the EdgeGateway host\n\nYou can change the DNS in the operating system of EdgeGateway if required.\n\nEdit `/etc/resolv.conf` and change the DNS:\n\n```\nnameserver 10.0.90.4\n```\n\n### 4 - Register the IoT Edge device\n\nRun the script to create the IoT Hub device registration:\n\n\u003e ⚠️ IoT Hub supports registering IoT Edge devices only through self-signed method (certificate thumbprint). For a CA-Signed configuration, you must implement device enrollment with DPS. See [this issue](https://github.com/MicrosoftDocs/azure-docs/issues/108363) for details.\n\n```sh\nbash scripts/registerEdgeGatewayDevice.sh\n```\n\nUpload the required configuration files to the EdgeGateway device:\n\n```\nbash scripts/uploadEdgeConfig.sh\n```\n\nConnect with SSH to the EdgeGateway and execute the configuration\n\n```sh\nsudo bash edgeConfig.sh\n```\n\nVerify the results:\n\n```sh\nsudo iotedge system status\nsudo iotedge system logs\nsudo iotedge check\n```\n\n### 5 - Deploy the modules\n\nNow that the device is properly registered and connected with IoT Hub, create a deployment:\n\n```sh\naz iot edge deployment create --deployment-id \"gateway\" \\\n    --hub-name $(jq -r .iothub_name infra/output.json) \\\n    --content \"@edgegateway/deployments/gateway.json\" \\\n    --labels '{\"Release\":\"001\"}' \\\n    --target-condition \"deviceId='EdgeGateway'\" \\\n    --priority 10\n```\n\nTo check the deployment in the EdgeGateway device:\n\n```sh\nsudo iotedge list\n```\n\nCheck and confirm that everything is OK:\n\n```sh\nsudo iotedge check\n```\n\n## Testing the DNS\n\nTo force the DNS error, one possibility is to disable forwarding. Edit the Bind9 options:\n\n```sh\nsudo nano /etc/bind/named.conf.options\n```\n\nDisable the forwarding by setting these properties:\n\n```options\nforwarders {};\n\nrecursion no;\n```\n\nAlso, add `forwarders {};` to the zone:\n\n```sh\nsudo nano /etc/bind/named.conf.local\n```\n\nConfiguration should look like this:\n\n```\nzone \"bluefactory.local\" {\n        type master;\n        file \"/etc/bind/db.bluefactory.local\";\n        notify no;\n        forwarders {};\n};\n```\n\nSave and restart the DNS:\n\n```sh\n# Restart the service\nsudo systemctl restart named\n\n# Check the status\nsudo systemctl status named\n```\n\nThis should allow only registered entries to resolve, and all others to fail.\n\n```sh\n# Testing the EdgeGateway\ndig @10.0.90.4 edgegateway.bluefactory.local\n\n# Testing the IoT Hub\ndig @10.0.90.4 iot-bluefactory.azure-devices.net\n\n# With NSLOOKUP\nnslookup iot-bluefactory.azure-devices.net 10.0.90.4\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Faz-iotedge-dns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fepomatti%2Faz-iotedge-dns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Faz-iotedge-dns/lists"}