Understand and Configure Azure Private DNS Zone for Custom Domain Names


Do you want to use custom domain names for your  workloads on azure rather than using the default FQDNs or you can say the domain names provided by Azure? Private DNS Zones provides name resolutions for the workloads within the virtual network and between the virtual networks and allows to tailor the virtual networks that fits your organizational needs.

What is Private DNS Zone?

As I mentioned, Private DNS Zone can be used when you wish to use a custom domain name for your Azure resources rather than using the Azure  provided domain names. This helps in syncing up with your organizational needs. One important point to note is that this domain name may or may not be a domain that is registered with a domain registrar and in case it is registered with a domain registrar and you wish to create a Public DNS Zone as well, then you can configure both Public and Private DNS Zone with the same name and it is called split horizon view.

A simple scenario would be that a user wishes to connect to VM2 with a URL from within VM1. He requests for a URL, which is a custom FQDN. This request goes to the Private DNS Zone to look for the URL, as the request is coming in locally from a VM within the virtual network. The Private DNS Zone tries to resolve the URL by looking for the URL locally in it’s cache or the database of the hostname and IP address, and if it is able to find the match for the requested URL, it returns the mapped private IP address of target workload, corresponding to the  URL. Now that the source has the private IP address, the request flows to the destination VM. This is a very basic request flow.

One interesting fact is that the DNS records for the private DNS zone are not viewable or retrievable. But, the DNS records are registered and will resolve as  expected.

Private DNS Zone Benefits

It’s important  for you to understand the benefits that you can get while using the Private DNS Zone. There are seven main benefits. Let’s discuss them one at  a time.

Removes the need for custom DNS solutions. Many organizations had to use the custom DNS solutions in their virtual network for the DNS Zone management. With Private DNS Zone, you can now perform DNS zone management by using the native Azure infrastructure.

Use all common DNS records types. Azure DNS supports A, AAAA, CNAME, MX, PTR, SOA, SRV, and TXT records.

Automatic hostname record management. Azure automatically maintains hostname records for the VMs in the virtual network once registered in the DNS Zone. In this scenario, you can optimize the domain names without worrying about the IP address it has been mapped to. That will be taken care by the DNS Zone itself.

Hostname resolution between virtual networks. Private DNS zones can be shared between virtual networks. In this case, the hostname resolution between the Vnets will be taken case by the Private DNS Zone. This capability simplifies cross-network and service-discovery scenarios, such as virtual network peering.

Familiar tools and user experience. We can use the well established tools like PowerShell, Azure Resource Manager templates, and the REST API for creating and managing the Private DNS Zone.

Split-horizon DNS support. With Azure DNS, you can create zones with the same name that resolve to different answers from within a virtual network and from the public internet. A typical scenario for split-horizon DNS is to provide a dedicated version of a service for use inside your virtual network.

Available in all Azure regions. The Azure DNS private zones feature is available in all Azure regions in the Azure public cloud.

Private DNS Zone Scenarios

Scenario 1: Name resolution scoped to a single virtual network

In this scenario, you have a virtual network in Azure that has many resources including the virtual machines. Your requirement is to resolve these resources using custom domain name. Additionally, you also need the naming resolution to be private and not accessible from the internet and the VMs must automatically register into the DNS zone.

Scenario 2: Name Resolution across virtual networks

In this scenario, you need to associate a private zone with more than one virtual networks. This is mainly when the network configuration is such that a central hub virtual network is used to connect multiple spoke virtual networks. The central hub VNet is linked as the registration virtual network and the spoke VNets are linked as resolution virtual networks.

Scenario 3: Split-Horizon functionality

In this scenario, you may have both, the private and a public version of your application, that is, accessible from public internet as well as locally. This application may or may not have the same functionality, but you wish to use the same domain name for both versions. This scenario can be accomplished by creating a Public and Private zone in Azure DNS with the same name and this is called the split horizon view.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: