Configure Azure DNS

Configure name resolution and load balancing

📘Microsoft Certified: Azure Administrator Associate (AZ-104)

1. What Is Azure DNS?

Azure DNS is a hosting service for Domain Name System (DNS) domains in Azure.
DNS converts names (like app.company.com) into IP addresses (like 52.160.1.20) so that clients can reach applications and services.

Azure DNS allows you to host your DNS records in Azure so that:

  • name resolution is fast
  • the DNS zones are globally available
  • you can manage DNS along with your Azure infrastructure
  • DNS changes integrate easily with Azure services

Important:
Azure DNS is only a hosting service. It does not register or sell domain names.
You must buy your domain name from an external registrar.

2. Azure DNS Components You Must Know for the Exam

Azure DNS supports two major categories:

A. Public DNS Zones

Used when you want your domain to be accessible from the Internet.
Example IT use-case:
You host a website in Azure and want www.company.com to point to your public IP.

B. Private DNS Zones

Used for internal name resolution inside Azure virtual networks.
Example IT use-case:
Your VMs need to resolve internal names like dbserver.internal.cloud without exposing anything to the Internet.

Both are important for AZ-104.

3. Public DNS Zones (Detailed)

✔ What Is a Public DNS Zone?

A public DNS zone stores DNS records for a domain that must be reachable from the Internet.

Example:
company.com hosted as a public DNS zone in Azure DNS.

✔ Common DNS Record Types in Azure DNS

You must know these for the exam:

Record TypePurpose
AMaps a hostname to an IPv4 address
AAAAMaps to IPv6 address
CNAMEMaps a name to another name
MXMail server records
TXTVerification, security policies (SPF, DKIM)
NSNameserver records for delegation
SOAZone metadata

✔ How Public DNS Zone Resolution Works

  1. User enters a domain name (e.g., app.company.com).
  2. DNS resolver checks the root DNS servers.
  3. The request is directed to the DNS provider (Azure DNS).
  4. Azure DNS returns the corresponding IP address.

✔ Steps to Configure a Public DNS Zone (AZ-104 skills)

  1. Create a DNS Zone in Azure.
  2. Add required records (A, CNAME, etc.).
  3. Update your domain registrar to use Azure’s NS servers.
  4. Test DNS using:
    • nslookup
    • dig
    • Azure portal testing tools

Important exam point:
You must update the registrar with the nameservers shown in the Azure DNS zone.

4. Private DNS Zones (Detailed)

✔ What Is a Private DNS Zone?

A private DNS zone is used for resolving names inside virtual networks, not exposed to the Internet.

Example IT use-case:
VMs in a virtual network resolve internal service names like:
web01.corp.internal

✔ Key Azure Feature: Azure Private DNS

Azure provides internal DNS resolution without needing custom DNS servers.

✔ When to Use Private DNS Zones

  • Internal application communication
  • Hybrid networks
  • Virtual network peering
  • Private Endpoints (very important!)

✔ Linking a Private DNS Zone to Virtual Networks

This is called Virtual Network Link.

Exam Tip:

  • A private DNS zone must be linked to the VNet for name resolution to work.
  • Linking enables automatic DNS registration if enabled (called auto-registration).

✔ Auto-Registration

Auto-registration automatically adds DNS records for VMs in a VNet to the private DNS zone.

Exam Focus:

  • Only Azure-provided DNS supports auto-registration
  • Not supported with custom DNS servers

5. Azure DNS and Private Endpoints (Must Know!)

Private Endpoints create private IPs for Azure PaaS services like:

  • Azure Storage
  • Azure SQL
  • Azure Web Apps
  • Key Vault

When you create a private endpoint, Azure will create a special private DNS zone such as:

  • privatelink.blob.core.windows.net
  • privatelink.database.windows.net

Azure recommended configuration:

  1. Create a private endpoint
  2. Azure automatically suggests a private DNS zone
  3. Link private DNS zone to your VNet
  4. DNS records are created automatically

Exam Tip:
Private endpoints depend on DNS to work correctly.

6. DNS Resolution in Azure (Exam-critical)

Azure VMs use Azure-provided DNS by default

Default IP: 168.63.129.16

This DNS server supports:

  • Internal name resolution
  • Public name resolution
  • Auto-registration (only for private DNS zones)

Custom DNS Servers

You may use:

  • Windows Server DNS
  • Linux BIND server
  • On-prem DNS servers (connected via VPN/ExpressRoute)

Important:
If you use a custom DNS server, you must configure forwarders so the DNS server can resolve Azure internal names.

7. Azure DNS Zones vs. Private DNS Zones: Quick Comparison for Exam

FeaturePublic DNS ZonePrivate DNS Zone
Accessible from InternetYesNo
Used with Private EndpointsNoYes
Supports auto-registrationNoYes
Needs registrar updateYesNo
Used for private VNet name resolutionNoYes

8. How to Create and Manage DNS Records (AZ-104 Tasks)

Creating an A Record (Public Zone)

  1. Go to your DNS zone
  2. Select Record Set
  3. Name: www
  4. Type: A
  5. Value: Public IP
  6. Save

Creating a Private DNS Entry

Azure automatically creates records if auto-registration is enabled.
Otherwise, manually create:

  • A Record
  • CNAME
  • PTR (reverse lookup, optional)

9. Important Exam Scenarios and Solutions

✔ Scenario 1:

VMs cannot resolve internal names in a private DNS zone.
Solution: Link the VNet to the private DNS zone.

✔ Scenario 2:

Private endpoint cannot be reached.
Solution: Ensure private DNS zone for the service exists and is linked.

✔ Scenario 3:

Public DNS zone does not work from the Internet.
Solution: Update registrar to point to Azure DNS nameservers.

✔ Scenario 4:

You need hybrid DNS resolution between Azure and on-premises.
Solution: Configure DNS forwarders on on-prem DNS servers.

10. Azure DNS Pricing (Exam Awareness Only)

You are billed for:

  • Zone hosting (per zone/month)
  • DNS queries (per million queries)

Summary for AZ-104 Exam

To pass the exam, you must clearly understand:

  • Difference between public DNS zones and private DNS zones
  • How to create, link, and manage private DNS zones
  • How Azure DNS integrates with private endpoints
  • How DNS resolution works inside virtual networks
  • How to update a domain registrar for public DNS
  • When to use custom DNS servers vs. Azure-provided DNS
  • Auto-registration and VNet links
  • DNS record types

Mastering these ensures you can correctly configure name resolution in real Azure environments and answer all exam questions confidently.

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by