As cloud network engineers, we should ensure that name resolution functions properly both in on-premises environments and public cloud infrastructure. As part of the AZ-700 Study Guide, this blog post will discuss the deployment of DNS service on Azure. It is vital to set up the DNS service because, like Microsoft Azure, we still need to resolve FQDNs to respective IP addresses on public cloud infrastructure. In addition, we might also need to utilize DNS to discover services. Microsoft Azure provides both public and private DNS zone for Internet and internal name resolution. There is also a built-in Azure-provides DNS that works by default on vNets, and if needed, there are custom DNS zones available to use.
Without any further ado, let’s get to it and discuss the different features of Azure DNS. As the name implies, Public DNS handles name resolution for Internet users like your public website, and Private DNS is used for internal name resolutions like discovering AD Domain Controllers. DNS service on Azure provides globally distributed and highly available name servers that we can use to host our domain. Therefore, we should set up a name resolution method in most use cases so our Azure virtual machine and other resources could resolve names and discover services. To be able to do such a thing, first, we should create DNS zones. The most crucial element of the zone is its name that comes with standard DNS names like vElement.net. To create a Public DNS zone, search for DNS zones under the Resources section on the Azure portal. On the Basic page, select the Subscription, Resource Group, and set your DNS zone name.
After this, go ahead and create the DNS zone and continue to the resource page. On the Overview section of the DNS zone that we just created, there are Azure name server’s FQDN that we can configure on our DNS registrar. This will direct public name queries to Azure name servers. Here, we can also create different types of record sets for the name resolution and use of Azure services. For instance, we can create an A record to resolve the IP address of our web server or a CNAME record to define an alias for a host in our domain.
In addition to public DNS zones, we can handle internal name resolution by creating Private DNS Zones. We can either use Azure-provided DNS or custom DNS zones. An Azure-provided DNS service works in the background to handle the name resolution for Azure virtual machines and other services. The Azure provided DNS serves by Virtual WireServer with IP address of 168.63.129.16 and DNS suffix of ax.internal.cloudapp.net. This public IP address is only accessible from Azure infrastructure internal resources. Even though a built-in name resolution method is available in azure, most organizations look into custom DNS configuration because of its flexibility. To create a Private DNS zone, search for DNS zones under the Resources section on the Azure portal. On the Basic page, select the Subscription, Resource Group, and set your DNS zone name.
The difference here is because of the private nature of this DNS zone, we don’t have any public name servers listed and assigned to it. Instead after creating a private DNS zone in Azure, we should associate and link it to vNets. By assigning the DNS zone to vNets, reousrces inside respective vNet can use this dns zone for name registartion andresolution. As it mentioned before, before linking vNets to a custom DNS zone, resources like virtual machines uses Azure-provided dns by default. To crate the link between vNet to private DNS zone, we should click on the Virtual network links under Settings section.
On the Virtual network links page, click on Add and the provide a Name and the rexpective subscription. Based on the selected subscription, you can choose your vNet from Virtual network drop-down menu. At the end you can select Enable auto registration option to enable the automatic record registration of the virtual machines that are connected to the vNet.
After configuring and linking a Private DNS zone, virtual machines can register and resolve fully qulified domain names or FQDNs.
In the next blog post, we will discuss the Design and implement cross-VNet connectivity.
You can read further about the Azure DNS on the Microsoft official documentation page.