Table of Contents
In this post we will look at the overview on how DNS works for the resources deployed as a part of the Azure Virtual Networks. VM and other resources deployed within a VNET need to communicate with other resources in Azure or some may be required to access over the internet i.e., web-servers. This communication can be allowed based on the IPs addresses but a more feasible approach is to access them via the user-friendly domain names that can be remembered easily.
DNS is mainly split into two areas:
- Public DNS
- Private DNS
Azure Public DNS
Azure Public DNS is used to resolve the names for the Azure resources or services that are accessed over the internet i.e., web-servers. Azure public DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without needing to add a custom DNS solution.
Azure DNS is a service hosted by Microsoft to provide the name resolution for Azure resources. Behind the scenes this Azure DNS service uses Microsoft’s global network of DNS name servers. It uses anycast networking so that each DNS query is answered by the closest available DNS server.
In order to host domain names in Azure DNS, first you define zones then you can create records manually within these zones. Majorly used record types on Azure DNS are:
- A record
- CNAME records
Consideration for DNS Zones
- Zone names must be unique in a resource group.
- Same zone names can exist in different resource groups or subscriptions.
- Root/Parent domain is registered at the registrar and pointed to Azure NS.
- Child domains are registered in Azure DNS directly.
- In cases where there are multiple zones with the identical name, each one is assigned its own unique name server addresses.
Default Azure DNS limits
In order to register a domain to Azure DNS one has to be the owner of the domain. These domains on Azure can be managed via the Azure Portal, Azure CLI or PowerShell.
Delegating domain to Azure DNS
Azure DNS assigns four name servers for each zone created on it. This is done to achieve fault tolerance and achieve higher resiliency. Once name servers are assigned to a zone Azure DNS automatically creates NS records in your zone. So, before delegating your domain to Azure DNS you need to know the four name servers for the zone.
Now once the zone is created, you need to update the parent domain in domain registrar’s DNS management tool to point to the NS records created by Azure DNS.
5 Key Points: Azure Public DNS
Lastly, let us close this post with few important pointers on Azure DNS:
- You can move your Azure DNS zones between resource groups or subscriptions without any impact.
- New DNS zones & records can be created within a few seconds while changes on existing zones or records usually take around 60 seconds or more to reflect.
- To prevent accidental deletion of DNS zones & records you could use Azure resource locks. For even better security it is recommended to control the access to Azure DNS via RBAC (Role-based access control).
- Azure DNS name servers are dual stack means they have IPv4 and IPv6 addresses
- Azure guarantees a SLA of 100% for valid DNS requests.
In our upcoming post we will cover the Azure Private DNS Service options to help resolve internal private IPs within the Virtual Networks (VNETs).
If you want to learn more about Microsoft Azure, then check our e-book on Azure Interview Questions and Answers in easy to understand PDF Format explained with relevant Diagrams (where required) for better ease of understanding.