Thomas Thornton

Microsoft Azure Blog – Microsoft MVP

Azure DNS:- Creating a Private DNS Zone

on by 5 Comments

Azure DNS is a resource to host Domain Name System (DNS) in Azure, with this comes:

  • Ultra-high availability
  • Fast DNS queries
  • Further redundancy of DNS due to Azure DNS being classified with ultra-high availability
  • No additional Virtual Machine (VM) to act as a DNS server if further Active Directory Integration is not required
  • Ability to automate and be deployed in a pipeline!

Along with this, comes the ability to create a DNS Private zone – meaning a secure DNS service that sits within your Virtual Network (vNET) that will manage and resolve names without the necessary need to create an additional VM for DNS service.

In this blog, I will detail the creation of an Azure Private DNS zone using Azure CLI along with a simple ping test to show the connectivity.

Sound good so far? Have a read of some of these limitations and restrictions when setting up an Azure Private DNS Zone:

  • The vNET must be completely empty the first time you link a private DNS zone to your vNET. Once this has been completed, from there you can in future linking additional linking can be done in a non-empty vNET
  • Only one registration vNET per private zone
  • Currently in preview, up to 10 resolution virtual networks are allowed per private zone
  • Reverse DNS works only for private IP space in the registration virtual network.

I would also advise reading the Azure DNS FAQ for further restrictions and limitations

Time to deploy..

I have created a blank vNET already called tamops-vnet inside Resource Group: tamops-dns

Now lets create an Azure Private DNS Zone using Azure CLI:

az network dns zone create -g tamops-dns `
   -n tamops.local `
  --zone-type Private `
  --registration-vnets tamops-vnet

The above with create a private DNS zone called tamops.local inside  Resource Group tamops-dns and register the DNS zone to vNET tamops-vnet

I have now created two VM’s inside vNET tamops-vnet:

  • VM1: tamops1 IP: 192.168.0.4
  • VM2: tamops2 IP: 192.168.0.5

I then created an A-record inside the private DNS zone

  az network dns record-set a add-record `
  -g tamops-dns `
  -z tamops.local `
  -n tamops2vm `
  -a 192.168.0.5

I logged into VM: tamops1 and within seconds of applying the above A-record I was able to complete a ping.

As I configured the DNS zone for automatic registration using –registration-vnets this allows the automatic registration of virtual machines, once they are created an A-record can be added automatically to the private zone with their public IP. This configuration can be done by Azure CLI

Lets test this from VM: tamops2

Pretty cool eh? If you don’t want automatic registration configured, use –resolution-vnets instead

Thanks for reading, hopefully this gives you an insight into setting up an Azure DNS Private Zone!

5 comments

  1. an the Private DNS details be configured through the CLI ONLY ?
    can you please let me know how to do that using the GUI

    Reply

    2. Please note, as of currently writing this. Private DNS is only done via CLI / PowerShell.

      Previous comment I linked the article for GUI on Azure DNS.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s