1.2 Design and Implement Name Resolution
📘Microsoft Azure Networking Solutions (AZ-700)
1. What is a DNS Zone in Azure?
A DNS zone is a container that holds DNS records.
DNS records map names (like app.contoso.com) to values (like IP addresses).
In Azure, DNS zones are managed using Azure DNS, which is a fully managed DNS service.
Azure supports two main types of DNS zones:
- Public DNS zones
- Private DNS zones
Understanding when and how to configure each type is critical for the AZ-700 exam.
2. Public DNS Zones in Azure
2.1 What is a Public DNS Zone?
A Public DNS zone is used to resolve domain names over the internet.
If a resource must be accessed from:
- The public internet
- External users
- Public services
then a public DNS zone is required.
2.2 Key Characteristics of Public DNS Zones
- Domain names are publicly resolvable
- Records are visible to any internet DNS resolver
- Used for internet-facing Azure resources
- Hosted and managed by Azure DNS
- Highly available and globally distributed
3. Creating and Configuring a Public DNS Zone
3.1 Steps to Create a Public DNS Zone
- Go to Azure Portal
- Search for DNS zones
- Click Create
- Enter:
- Subscription
- Resource group
- DNS zone name (example:
contoso.com)
- Click Create
Once created, the zone is ready to store DNS records.
3.2 Name Servers (NS Records)
- Azure automatically assigns name servers to the public DNS zone
- These name servers must be configured at the domain registrar
- This step allows internet traffic to reach Azure DNS
Important for exam:
If NS records are not updated at the registrar, the public DNS zone will not work.
4. Public DNS Records
Common record types you must know:
4.1 A Record
- Maps a name to an IPv4 address
- Example use: mapping a domain to a public IP of an Azure VM
4.2 AAAA Record
- Maps a name to an IPv6 address
4.3 CNAME Record
- Maps one name to another DNS name
- Often used for services like Azure Web Apps
4.4 MX Record
- Used for email routing
- Points to mail servers
4.5 TXT Record
- Used for:
- Domain verification
- Security settings (SPF, DKIM)
4.6 NS Record
- Defines authoritative name servers for the zone
5. When to Use a Public DNS Zone (Exam Focus)
Use a public DNS zone when:
- Resources must be accessed from the internet
- Applications are internet-facing
- DNS names must be publicly resolvable
6. Private DNS Zones in Azure
6.1 What is a Private DNS Zone?
A Private DNS zone is used to resolve domain names inside Azure virtual networks only.
These names:
- Are not accessible from the internet
- Work only within linked VNets
Private DNS zones are essential for internal name resolution.
7. Key Characteristics of Private DNS Zones
- DNS records are private
- No internet exposure
- Integrated with Azure Virtual Networks
- Supports automatic DNS record registration
- Used for internal services and private endpoints
8. Creating and Configuring a Private DNS Zone
8.1 Steps to Create a Private DNS Zone
- Go to Azure Portal
- Search for Private DNS zones
- Click Create
- Enter:
- Subscription
- Resource group
- Zone name (example:
internal.contoso.com)
- Click Create
9. Linking a Private DNS Zone to a VNet
A private DNS zone does nothing by itself.
It must be linked to a Virtual Network.
9.1 VNet Link Types
When linking a VNet, you must choose:
a. Registration Enabled
- VMs automatically register their DNS records
- Used for internal workloads
b. Registration Disabled
- Only name resolution
- No automatic record creation
- Common for shared services VNets
Exam Tip:
Only one VNet can have auto-registration enabled per private DNS zone.
10. DNS Record Types in Private DNS Zones
Private DNS zones support:
- A records
- AAAA records
- CNAME records
- PTR records
These records resolve:
- VM hostnames
- Internal services
- Private endpoints
11. Private DNS and Azure Private Endpoints
11.1 Why Private DNS is Required
Private Endpoints use private IP addresses.
Without private DNS:
- Services resolve to public IPs
- Connectivity fails
Azure automatically creates:
- Required private DNS zones
- DNS records when configured correctly
Example private DNS zones (must know for exam):
privatelink.blob.core.windows.netprivatelink.database.windows.netprivatelink.web.core.windows.net
12. Public vs Private DNS Zones (Comparison)
| Feature | Public DNS Zone | Private DNS Zone |
|---|---|---|
| Internet accessible | Yes | No |
| VNet required | No | Yes |
| Auto-registration | No | Yes |
| Used for | Public apps | Internal apps |
| Visibility | Global | VNet-only |
13. Common Exam Scenarios
Scenario 1
Requirement: Internet users must access an application using a domain name
Solution: Public DNS zone
Scenario 2
Requirement: Internal VMs must resolve names privately
Solution: Private DNS zone + VNet link
Scenario 3
Requirement: Azure PaaS accessed using private IP
Solution: Private Endpoint + Private DNS zone
14. Important AZ-700 Exam Points to Remember
- Public DNS zones require name server delegation
- Private DNS zones must be linked to VNets
- Private DNS records are not publicly resolvable
- Auto-registration works only with registration-enabled VNet links
- Private Endpoints depend on Private DNS zones
- Azure-provided DNS can resolve private zones automatically when linked
15. Summary
- Public DNS zones are for internet-facing name resolution
- Private DNS zones are for internal Azure name resolution
- Correct configuration ensures:
- Secure connectivity
- Proper name resolution
- Exam success
Understanding when to use, how to configure, and how they integrate with VNets and private endpoints is essential to pass AZ-700.
