Azure DNS is a resource to host Domain Name System (DNS) in Azure, with this comes:
- Ultra-high availability
- Fast DNS queries
- Further redundancy of DNS due to Azure DNS being classified with ultra-high availability
- No additional Virtual Machine (VM) to act as a DNS server if further Active Directory Integration is not required
- Ability to automate and be deployed in a pipeline!
Along with this, comes the ability to create a DNS Private zone – meaning a secure DNS service that sits within your Virtual Network (vNET) that will manage and resolve names without the necessary need to create an additional VM for DNS service.
In this blog, I will detail the creation of an Azure Private DNS zone using Azure CLI along with a simple ping test to show the connectivity.
Sound good so far? Have a read of some of these limitations and restrictions when setting up an Azure Private DNS Zone:
- The vNET must be completely empty the first time you link a private DNS zone to your vNET. Once this has been completed, from there you can in future linking additional linking can be done in a non-empty vNET
- Only one registration vNET per private zone
- Currently in preview, up to 10 resolution virtual networks are allowed per private zone
- Reverse DNS works only for private IP space in the registration virtual network.
I would also advise reading the Azure DNS FAQ for further restrictions and limitations
Time to deploy..
I have created a blank vNET already called tamops-vnet inside Resource Group: tamops-dns
Now lets create an Azure Private DNS Zone using Azure CLI:
az network dns zone create -g tamops-dns ` -n tamops.local ` --zone-type Private ` --registration-vnets tamops-vnet
The above with create a private DNS zone called tamops.local inside Resource Group tamops-dns and register the DNS zone to vNET tamops-vnet
I have now created two VM’s inside vNET tamops-vnet:
- VM1: tamops1 IP: 192.168.0.4
- VM2: tamops2 IP: 192.168.0.5
I then created an A-record inside the private DNS zone
az network dns record-set a add-record ` -g tamops-dns ` -z tamops.local ` -n tamops2vm ` -a 192.168.0.5
I logged into VM: tamops1 and within seconds of applying the above A-record I was able to complete a ping.
As I configured the DNS zone for automatic registration using –registration-vnets this allows the automatic registration of virtual machines, once they are created an A-record can be added automatically to the private zone with their public IP. This configuration can be done by Azure CLI
Lets test this from VM: tamops2
Pretty cool eh? If you don’t want automatic registration configured, use –resolution-vnets instead
Thanks for reading, hopefully this gives you an insight into setting up an Azure DNS Private Zone!