Using Azure DNS

• This lesson explains how DNS works in Azure and demonstrates private DNS configuration using Azure DNS.

Azure DNS provides hosted DNS zones for:

• 🌐 Public name resolution (internet-facing)
• 🔒 Private name resolution (inside virtual networks)

1️⃣ What is DNS in Azure?#

DNS (Domain Name System) translates:

• www.contoso.com → 20.x.x.x
• vm-web-01.private.contoso.com → 172.16.x.x

Azure DNS is a fully managed DNS hosting service that replaces:

• On-prem Windows DNS
• Linux BIND DNS servers

Azure handles:

• High availability
• Scalability
• Global distribution

2️⃣ Two Types of Azure DNS Zones#

🌐 Public DNS Zone#

Used for:

• Internet-facing resources
• Public websites
• Public Load Balancers
• Public App Services

Example:

• contoso.com → A record → Public IP of Load Balancer
• Records are publicly resolvable.

🔒 Private DNS Zone#

Used for:

• VMs inside VNet
• Internal Load Balancers
• Private endpoints
• Microservices architectures

Records are only resolvable:

• Within linked VNets
• Peered VNets
• Connected on-prem networks (via resolver)

3️⃣ Public DNS – Key Concepts#

If you create a public zone like:

• contoso.com

You can create records such as:

• ⚠ Azure DNS does NOT support DNSSEC directly.

Microsoft recommends:

• Use TLS encryption instead.

4️⃣ Private DNS – Demonstration Summary#

In the demo:

• Created private zone: private.contoso.com
• Linked to VNet: vnet-prod-01
• Enabled Auto Registration
• VMs automatically registered A records

Example record created automatically:

• vm-web-prod-01.private.contoso.com → 172.16.0.4
• vm-web-prod-02.private.contoso.com → 172.16.0.5

Then:

• SSH into VM
• Ping other VM using FQDN
• Successfully resolved to private IP

5️⃣ What is Auto Registration?#

When enabled:

• Azure automatically creates DNS records
• For VMs connected to the VNet
• Records are updated if IP changes

Without auto-registration:

• You must manually create A records

Use auto-registration when:

• You want automation
• You don't need selective exclusions

6️⃣ Virtual Network Link#

• Private DNS zones must be linked to VNets.

This link:

• Enables DNS resolution
• Allows auto-registration
• Controls which VNets can resolve zone
• Without VNet link: → No resolution happens.

7️⃣ DNS Resolution Flow (Private)#

• VM → Uses Azure-provided DNS (168.63.129.16) → Checks private zone → Resolves private IP

If VM DNS settings are changed to custom:

• It may NOT use Azure Private DNS
• Must configure conditional forwarding manually
• Important check: VM → Network Interface → DNS Settings → Inherit from VNet

8️⃣ Advanced Private DNS Architecture#

Private DNS can support:

• Hub-Spoke architecture
• VNet peering
• On-prem via VPN/ExpressRoute

For hybrid:

• Use Azure DNS Private Resolver

It allows:

• Conditional forwarding
• On-prem DNS integration
• Hybrid DNS resolution

9️⃣ When to Use Public vs Private DNS#

🔟 Real-World Example#

Architecture:

• Internet → Public DNS Zone → Public Load Balancer → Web Tier (Private IPs)

Inside network:

• Web Tier → Private DNS → Database Tier

11️⃣ Common Troubleshooting Issues#

A. Records Not Appearing#

• Auto-registration not enabled
• VM not in linked VNet
• DNS propagation delay

B. Cannot Resolve Name#

• VNet not linked
• Custom DNS configured incorrectly
• NSG blocking traffic
• Using wrong FQDN

C. Hybrid Resolution Not Working#

No DNS Private Resolver

Missing conditional forwarder

12️⃣ Azure DNS vs On-Prem DNS#

13️⃣ Best Practices#

✔ Use Private DNS for internal workloads ✔ Enable auto-registration when possible ✔ Use Private Resolver for hybrid ✔ Use meaningful subdomain naming ✔ Monitor zone changes ✔ Keep DNS simple (avoid overengineering)

14️⃣ Reference Documentation#

• Azure DNS Overview
• Private DNS zones
• Virtual network links
• DNS record types
• Azure DNS Private Resolver

Interview-Ready Key Points#

Q: Difference between Public and Private DNS? → Public resolves over internet, Private resolves inside VNets.

Q: What enables private resolution? → Virtual network link.

Q: What is auto-registration? → Automatic A record creation for VMs.

Q: What DNS IP do Azure VMs use by default? → 168.63.129.16 (Azure-provided DNS).

Q: How to integrate on-prem DNS? → Azure DNS Private Resolver.

Key Takeaways#

• Azure DNS is fully managed.
• Public DNS = internet resolution.
• Private DNS = internal resolution.
• VNet link is mandatory.
• Auto-registration simplifies management.
• Hybrid scenarios require DNS Private Resolver.

If you'd like, I can now convert this into:

• 📊 PowerPoint-ready slides
• 🧠 50–100 Interview Q&A
• 🏗 Hub-Spoke DNS architecture deep dive
• 🧾 One-page cheat sheet
• 🔬 Hands-on lab guide
• Just tell me your preferred format.

Hands-on: Create a Public Azure DNS Zone#

Goal: Host DNS records for a public domain in Azure DNS.

1. Open DNS zones > Create.
2. Enter your domain name, such as example.com.
3. Create the zone.
4. Copy the Azure name server values.
5. At your domain registrar, update the domain to use those name servers.
6. Create an A record named www that points to a test public IP.
7. Test resolution:

nslookup www.example.com

8. Lower TTL during migration windows, then raise it after cutover.

Hands-on: Private DNS Zone for VMs#

1. Create a Private DNS zone named corp.internal.
2. Link it to az104-vnet.
3. Enable auto-registration if VM hostnames should be automatically registered.
4. Create two VMs in the linked VNet.
5. Confirm their private DNS records appear.
6. From one VM, resolve the other VM name.
7. Disable auto-registration if you only want manually managed records.