1.2 Design and Implement Name Resolution
📘Microsoft Azure Networking Solutions (AZ-700)
1. What Is Name Resolution?
Name resolution is the process of converting a resource name (like a server name) into an IP address so that systems can communicate.
In Azure:
- Virtual machines
- Applications
- Services
do not communicate using names internally by default — they communicate using IP addresses.
DNS (Domain Name System) makes name-based communication possible.
2. Why Name Resolution Is Important Inside a VNet
Inside a Virtual Network (VNet), name resolution is required for:
- VM-to-VM communication using names
- Application tier communication (web → app → database)
- Hybrid environments (Azure + on-premises)
- Active Directory domain services
- Service discovery and scalability
- Easier management (names instead of IPs)
Without proper name resolution:
- Applications fail to connect
- Domain joins fail
- Authentication and service communication break
3. Default Name Resolution in Azure VNets
Azure-Provided DNS
By default, every VNet uses Azure-provided DNS unless you change it.
Key Characteristics
| Feature | Azure-Provided DNS |
|---|---|
| DNS server IP | Automatically assigned |
| Configuration required | No |
| Resolves VM names in same VNet | Yes |
| Resolves across VNets | No |
| Custom domain names | No |
| On-premises name resolution | No |
How It Works
- Azure automatically assigns a DNS service
- VMs get DNS settings through DHCP
- VM names are resolved only within the same VNet
- Uses internal Azure DNS suffix
Exam Tip
Azure-provided DNS is simple but limited. It is suitable for basic workloads only.
4. Limitations of Azure-Provided DNS (Very Important for Exam)
Azure-provided DNS cannot:
- Resolve names across VNets
- Resolve on-premises domain names
- Support custom DNS zones
- Be extended or customized
- Work with Active Directory environments properly
Because of these limitations, custom DNS solutions are often required.
5. Custom DNS in a VNet
What Is Custom DNS?
Custom DNS means you provide your own DNS servers instead of using Azure’s default DNS.
These DNS servers can be:
- Azure virtual machines
- On-premises DNS servers
- Azure Private DNS Resolver
- Domain controllers
How Custom DNS Is Configured
Custom DNS servers are configured at:
- VNet level (recommended)
- Network interface level (overrides VNet)
6. DNS Configuration Scope (Exam Critical)
1. VNet-Level DNS Settings
- Applied to all VMs in the VNet
- Configured in VNet DNS settings
- Requires VM restart to take effect
2. NIC-Level DNS Settings
- Applied to individual VM
- Overrides VNet DNS
- Rarely recommended
Exam Rule
NIC-level DNS always overrides VNet-level DNS.
7. Using Azure VMs as DNS Servers
When Is This Used?
- Active Directory Domain Services (AD DS)
- Hybrid name resolution
- Custom internal DNS zones
Architecture
- DNS service installed on one or more VMs
- VNet configured to use VM IP addresses as DNS servers
- VMs resolve names through these DNS servers
High Availability Requirement
- Always deploy at least two DNS servers
- Place them in different availability zones or sets
Exam Tip
Single DNS VM = Single point of failure
8. Name Resolution for Active Directory in a VNet
Active Directory Requirements
Active Directory requires custom DNS.
Azure-provided DNS:
- Cannot register domain records
- Cannot support AD service discovery
Correct Design
- Deploy domain controllers in Azure
- Install DNS role on domain controllers
- Configure VNet to use domain controller IPs as DNS servers
Exam Rule
Never use Azure-provided DNS for Active Directory.
9. Azure Private DNS Zones (Inside a VNet)
What Is Azure Private DNS?
Azure Private DNS provides DNS zones that are accessible only inside VNets.
Key Features
| Feature | Description |
|---|---|
| Private DNS zone | DNS zone not accessible from internet |
| Automatic registration | Optional |
| VNet linking | Required |
| Supports A, CNAME records | Yes |
Example Use Cases
- Name resolution for private endpoints
- Application name resolution inside VNets
- Multi-tier applications
10. Automatic vs Manual Record Registration
Automatic Registration
- VMs automatically register their names
- Only one VNet can have auto-registration enabled
Manual Registration
- Records created manually
- Useful for services and endpoints
Exam Tip
Automatic registration works only for one VNet per DNS zone.
11. Name Resolution Across VNets
Problem
Azure-provided DNS:
- Cannot resolve names across VNets
Solutions
- Azure Private DNS + VNet Peering
- Custom DNS servers
- Azure Private DNS Resolver
12. Azure Private DNS Resolver (Important for AZ-700)
What Is It?
A managed Azure service that:
- Allows DNS queries between VNets
- Allows DNS queries between Azure and on-premises
- Eliminates need for DNS VMs
Components
| Component | Purpose |
|---|---|
| Inbound endpoint | DNS queries from outside |
| Outbound endpoint | DNS queries to external DNS |
| Ruleset | Conditional forwarding |
Benefits
- Fully managed
- High availability
- No VM maintenance
- Scalable
Exam Focus
Azure Private DNS Resolver is the recommended modern solution.
13. Name Resolution in Hybrid Environments
Hybrid Scenarios
- Azure + on-premises DNS
- Azure workloads accessing on-premises services
- On-premises users accessing Azure services
Required Design Elements
- VPN Gateway or ExpressRoute
- Custom DNS or Private DNS Resolver
- Conditional forwarding
Exam Rule
Azure-provided DNS cannot resolve on-premises names.
14. DNS and Private Endpoints (Frequently Tested)
Private Endpoints:
- Use private IP addresses
- Require Private DNS zones
Example Private DNS Zones
| Service | Private DNS Zone |
|---|---|
| Azure Storage | privatelink.blob.core.windows.net |
| Azure SQL | privatelink.database.windows.net |
Best Practice
- Link Private DNS zone to the VNet
- Enable auto-registration if required
15. DNS Design Best Practices (Exam Gold)
- Use Azure-provided DNS only for simple workloads
- Use custom DNS for Active Directory
- Use Azure Private DNS for private endpoints
- Use Azure Private DNS Resolver instead of DNS VMs
- Avoid NIC-level DNS unless necessary
- Deploy DNS with high availability
- Centralize DNS design for hub-and-spoke networks
16. Common Exam Mistakes to Avoid
❌ Using Azure-provided DNS for AD
❌ Expecting cross-VNet name resolution by default
❌ Deploying single DNS VM
❌ Forgetting VM restart after DNS change
❌ Not linking Private DNS zones to VNets
17. Summary for AZ-700 Exam
- Azure-provided DNS is default but limited
- Custom DNS is required for enterprise workloads
- Active Directory must use custom DNS
- Azure Private DNS enables private name resolution
- Azure Private DNS Resolver is the preferred modern solution
- DNS scope and override rules are exam critical
