I have an Azure VM that is being used as a webserver. Right now it hosts 1 site in IIS. I have a domain name for this site, an SSL cert and have it binding to port 443. This site works fine and has for over 1 year.
As an example let's say this site's domain is mytest.com.
I recently installed a second site in IIS, that works perfectly when browsing locally on the webserver (not a surprise.) I have 1 dedicated IP address in this Azure VM so when setting up the bindings, the new site and my existing site will have to use the same IP address. My understanding was that the simple way to have two sites on the same IP address in IIS was to simply have different hostnames for each site.
In this case, I figured I could just create a subdomain. As a test I entered this as the hostname in the site's binding:
sub1.mytest.com
I then edited my HOSTS file to refer sub1.mytest.com to 127.0.0.1, as I was lead to believe this was necessary for this to work. This then allowed me to navigate to the site on the local machine using sub1.mytest.com no problem. I understood I would need to update DNS records for the outside world to use this URL.
I also needed to give this new site an SSL cert, I do not have a wildcard cert, so I purchased another cert for the subdomain and was able to get it correctly configured (when browsing on the local server it shows the cert.) The only hitch is IIS wouldn't let me have two sites on the same IP address use the same port and different certs, so instead of running the second site on port 443, I am running it on port 8443. I then updated my Azure network security group to open up inbound tcp on port 8443, just as already is done for 80, 443 etc.
After this point, I go into my DNS Zone in Azure and start trying to get this configured. I consult this article:
https://docs.microsoft.com/en-us/azure/dns/delegate-subdomain
As per the instructions in this article, I created new DNS zone for my subdomain, so in Azure I now have a DNS zone for mytest.com, and one for sub1.mytest.com. As per the instructions in that article, I created an A record in the sub1.mytest.com DNS Zone and pointed it to the IP address of my web server (the article says to point it to 10.10.10.10 but I assume that was just for example's sake.)
Then as per the instructions, I created a NS record in the parent DNS zone (mytest.com), and added in the name server information viewable in the child (sub1.mytest.com) DNS zone. I named the NS entry "sub1", the same name as the subdomain.
I then do an nslookup on sub1.mytest.com, and it resolves to the IP address of my webserver, so I suspect it will then work. But despite repeated attempts, when I browse to sub1.mytest.com, it never resolves a website, always just giving an ERR_CONNECTION_TIMED_OUT in the browser.
I'm assuming that I have made a mistake either in the Azure DNS zone configuration, or perhaps in the IIS configuration, while I'm middling to fair at configuring IIS, messing with site bindings and such isn't something I have to do often, and I'm not very experienced at updating DNS entries or using Azure's DNS Zones, any guidance would be much appreciated.
