Azure DNS Overview

Azure DNS is a reliable, scalable, and secure DNS hosting service that lets you manage and resolve domain names in your Azure environment without deploying a custom DNS solution. It supports both public and private DNS zones.

Domains in Azure

Initial Domain Name

• Created automatically with your Azure subscription in the format: domainname.onmicrosoft.com.

• Fully functional but intended as a temporary bootstrapping domain until a custom domain is verified.

Custom Domain Name

• You can add a routable custom domain you control, e.g., contosogold.com.

• Allows simpler user sign-on (familiar credentials).

• Global Administrator role required for domain management.

• Domain names must be globally unique across Azure AD.

• Custom domain must be verified before use.

Verifying Custom Domains

• Verification ensures ownership of the domain.

• Done by adding an MX or TXT record provided by Azure into your company’s DNS zone.

• Azure queries the DNS for the record; verification can take minutes to hours.

• Once verified, the domain can be used in Azure AD.

Azure DNS Zones

• A DNS zone hosts the DNS records for a domain.

• Steps to create a DNS zone:

  1. Create a DNS zone in Azure for your domain.

  2. Add DNS records inside the zone.

  3. Each zone has name, resource group, subscription, and name servers.

• Considerations:

  • Zone names must be unique within a resource group.

  • Same zone name can exist in different subscriptions/resource groups.

  • Azure assigns unique name server addresses.

DNS Delegation

• To delegate your domain to Azure DNS:

  1. Obtain the Azure-assigned name servers.

  2. Update the NS records at your domain registrar using these servers.

  • Use all four name servers for reliability.

• Child zones (sub-domains):

  • Delegate sub-domains in the parent zone using NS records.

  • Parent and child zones can be in different resource groups.

DNS Record Sets

• A record set: group of records with the same name and type.

• Constraints:

  • Up to 20 records per set.

  • CNAME sets can only contain 1 record.

• TTL (Time to Live) specifies how long the record is cached before re-querying.

Private DNS Zones

• Used for custom domain names within Azure virtual networks.

• Benefits:

  • Private name resolution for VMs.

  • Split-horizon DNS (different answers for internal vs. public queries).

  • Hostname resolution between virtual networks.

  • Automatic VM hostname record management.

  • Available in all Azure regions.

• Scenarios:

  1. Single VNet: Private DNS resolves VM names within the VNet.

  2. Multiple VNets: Shared DNS across Registration and Resolution VNets.

  3. Split-Horizon: Different internal vs. public DNS responses.

Demonstration: DNS Name Resolution in Azure

Create a DNS Zone

1. Go to Azure Portal → DNS zones → Create.

2. Enter:

   • Name: contoso.internal.com

   • Subscription & Resource Group

   • Location: Global

3. Wait for creation.

Add a DNS Record Set

1. Click +Record Set.

2. Select Type = A.

3. Enter:

   • Name: ARecord

   • IP Address: 1.2.3.4

4. Click OK.

Use PowerShell to View DNS

View Name Servers

Test Resolution

Explore Metrics

• In Azure Portal → DNS Zone → Metrics.

• Monitor Query Volume and chart types (Line, Area, Bar, Scatter).

Key Benefits of Azure DNS

• Removes need for custom DNS solutions.

• Supports all common DNS record types (A, AAAA, CNAME, MX, PTR, SOA, SRV, TXT).

• Automatic hostname management for VMs.

• Name resolution across VNets.

• Split-horizon DNS support.

• Familiar tools: PowerShell, ARM templates, REST API.

• Globally available.