Configure DNS settings for a VNet - Learn Tech From Zero

1.2 Design and Implement Name Resolution

📘Microsoft Azure Networking Solutions (AZ-700)

1. Why DNS Settings Are Important in a VNet

In Azure, resources such as virtual machines, web apps, databases, and services communicate using names, not IP addresses.

DNS (Domain Name System) helps Azure resources:

Convert hostnames to IP addresses
Find other resources inside the VNet
Connect to on-premises networks
Access Azure and internet services

If DNS is not configured correctly:

VMs cannot communicate properly
Hybrid connectivity may fail
Applications may not resolve internal or external names

2. Default DNS Behavior in Azure VNet

Azure-Provided DNS (Default Setting)

By default, every VNet uses Azure-provided DNS.

Key characteristics:

No configuration required
Automatically enabled when a VNet is created
Uses Azure internal DNS servers
Supports name resolution only inside the same VNet

What Azure-provided DNS can resolve:

VM hostnames inside the same VNet
Azure platform services
Public internet domain names

What it cannot do well:

Resolve on-premises DNS names
Resolve names across multiple VNets
Apply custom DNS records
Support advanced DNS control

📌 Exam Tip:
If no custom DNS is configured, Azure automatically uses Azure-provided DNS.

3. Custom DNS Settings for a VNet

When Azure-provided DNS is not enough, you must configure custom DNS servers.

What Are Custom DNS Servers?

Custom DNS servers are DNS servers you control, such as:

Windows Server DNS
Linux-based DNS (Bind)
On-premises DNS servers
DNS servers running on Azure VMs
Azure Firewall DNS proxy
Azure Private DNS Resolver

4. How to Configure DNS Settings for a VNet

DNS settings are configured at the VNet level.

Steps (Conceptual – Exam Focus):

Go to Virtual Network
Select DNS servers
Choose one of the following:
- Default (Azure-provided)
- Custom
If custom:
- Enter one or more DNS server IP addresses
Save changes
Restart VMs (required for changes to apply)

📌 Important Exam Point:
DNS changes do NOT apply automatically to running VMs.
VM restart is required.

5. DNS Options Available for a VNet

Option 1: Azure-Provided DNS

Best for:

Simple environments
Single VNet
No on-premises integration

Limitations:

No custom records
No cross-VNet name resolution
No hybrid DNS support

Option 2: Custom DNS Servers in Azure

DNS servers hosted on Azure VMs.

Used when:

Full DNS control is required
Custom DNS records are needed
Applications rely on Active Directory DNS

Considerations:

High availability must be designed
DNS servers must be secured
DNS servers must be reachable from all subnets

Option 3: On-Premises DNS Servers

DNS servers hosted in an on-premises network.

Used when:

Hybrid environments exist
On-premises resources must be resolved
Active Directory is hosted on-premises

Requirements:

VPN Gateway or ExpressRoute
Proper routing and firewall rules
DNS forwarding configured correctly

6. DNS Forwarding and Hybrid Name Resolution

In hybrid environments, DNS forwarding is critical.

How DNS Forwarding Works

Azure VM sends DNS request
Request goes to custom DNS server
If name is not found:
- Forward request to on-premises DNS
- Or forward to Azure DNS
- Or forward to internet DNS

This allows:

Azure → On-premises name resolution
On-premises → Azure name resolution

📌 Exam Tip:
Azure does not perform DNS forwarding automatically.
You must configure it on your DNS servers.

7. DNS Settings Scope and Inheritance

VNet Level

DNS settings are applied at the VNet level
All subnets and VMs inherit these settings

NIC Level Override

DNS settings can be overridden on a VM network interface
Used for special cases
Not recommended for large environments

📌 Exam Tip:
VNet DNS settings apply to all VMs unless overridden at NIC level.

8. Azure Private DNS Zones and VNet DNS Settings

Private DNS Zones

Used to provide name resolution for private endpoints and private services.

Examples:

privatelink.database.windows.net
privatelink.blob.core.windows.net

VNet Link

A Private DNS Zone must be linked to a VNet
Once linked, VMs in that VNet can resolve private DNS records

📌 Important:
Private DNS Zones work independently of VNet DNS server settings.

9. Azure Private DNS Resolver (Important for AZ-700)

Azure Private DNS Resolver allows:

DNS queries between Azure and on-premises
Centralized DNS resolution
No need to deploy DNS VMs

Components:

Inbound endpoint – Azure receives DNS queries
Outbound endpoint – Azure forwards DNS queries
Ruleset – Controls where queries are sent

Use cases:

Hybrid name resolution
Central DNS architecture
Reduced DNS management

📌 Exam Tip:
Private DNS Resolver is managed, scalable, and highly available.

10. High Availability for DNS Servers

When using custom DNS servers:

Always deploy at least two DNS servers
Place them in different availability zones
Configure both IP addresses in VNet DNS settings

Why:

DNS is a critical service
Single DNS server = single point of failure

11. Common Exam Scenarios

Scenario	Correct DNS Choice
Simple Azure-only VNet	Azure-provided DNS
Hybrid Azure + on-prem	Custom DNS or Private DNS Resolver
Active Directory in Azure	Custom DNS on Azure VMs
Private Endpoints	Private DNS Zones
Central DNS architecture	Azure Private DNS Resolver

12. Key Exam Takeaways (Must Remember)

✔ DNS settings are configured at the VNet level
✔ Azure-provided DNS is default
✔ VM restart is required after DNS change
✔ Custom DNS enables hybrid name resolution
✔ Private DNS Zones resolve private endpoints
✔ Azure Private DNS Resolver simplifies hybrid DNS
✔ DNS must be highly available
✔ No automatic DNS forwarding in Azure

13. Final Summary

Configuring DNS settings for a VNet is a core networking skill in Azure.
For the AZ-700 exam, you must understand:

Default Azure DNS behavior
When and how to configure custom DNS
Hybrid name resolution concepts
Private DNS Zones and Private DNS Resolver
DNS design best practices

Mastering this topic ensures:

Reliable communication
Secure hybrid networking
Correct application connectivity