Azure DNS for Public and Private Hosting

Let’s learn how to configure Azure DNS to host your public site as well as link Azure VM with a private domain

What Is DNS Service?

DNS service plays a vital role in any infrastructure as it is always easy to remember English text than IP address. It is responsible to resolve a domain name to an IP address or vice versa for any computer or user. 

Domain Name System (DNS) is one of the industry-standard suites of protocols. Engineers in the Internet Engineering Task Force (IETF) defined it

The way DNS plays an important role for on-premise infra similarly it does for the cloud as well. 

When you provision the IaaS and PaaS-based resources in the cloud, you need to use DNS services for internal and external communication. Azure DNS does that for you. We will see more about it below. 

This article will help you to understand how to use Azure PaaS-based DNS service. 

How to Use Azure DNS

Azure DNS is a hosting service for DNS domains that provide name resolution by using Microsoft service infrastructure. It manages your DNS records and provides name servers that will respond to DNS queries from end-users. You can move DNS zones between resource groups or between subscriptions. 

Azure DNS does not currently support DNSSEC (DNS Security Extension). It strengthens authentication in DNS using digital signatures. From a security standpoint, if DNSSEC is a critical requirement then you can host zones with third-party DNS hosting providers.

DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received.

Azure DNS supports alias record sets. You can use an alias record set to refer to an Azure resource. If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution. 

An important point to highlight is that Azure DNS does not work as a Domain registrar that allows you to purchase and register domain names. If you want to buy a domain, then you can contact companies like GoDaddy, Bluehost, etc. AWS Route 53 Cloud service also provides a new domain but you need to pay for it.  

You can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services. Azure guarantees customers that valid DNS requests receive a response from at least one Azure DNS name server. Azure DNS name servers are dual-stack. It doesn’t currently support zone transfers.

Until now, you must have gotten information about the Azure DNS service. Let’s go deep into public and private DNS zone services available in Azure DNS. 

Public DNS ZONE

You have taken public domain from a domain registrar. In that case, you have two options, either you can host your domain on their public DNS servers, or else you can use the DNS Zone service. 

Refer to the below diagram. I have purchased sagarcloud.cf domain and hosted the IIS website in one Azure VM. To make that site published to the internet, I have created a new DNS zone with the name sagarcloud.cf,  and created an A record for the public IP of Azure VM. The Azure public DNS Zone response to DNS query for a website coming over the internet.

With every DNS zone, NS, and SOA records automatically creates. Only the A record has to add manually. 

After setting up a record, you can browse the public website without any issue:

Private DNS

If DNS zone does public domain hosting then the following is what Private DNS does. Azure Private DNS provides a DNS service for your virtual network. It manages and resolves domain names in the virtual network without the need to configure a custom DNS solution.

To resolve the records of a private DNS zone from your virtual network, you must link the virtual network with the zone. You can also enable auto registration on a virtual network link. After enabling auto- registration on a virtual network link, the DNS records get added for the virtual machines.

The Azure DNS private zones feature is available in all Azure regions in the Azure public cloud.

In the below example, I have created a private DNS zone and added A records for VMs. When VM1 connects to VM2 by using FQDN (vm2.contoso.com), DNS query sends to the private DNS zone, it returns the private IP address of VM2.

With a private DNS zone, it creates SOA records automatically. 

To auto-register the VM, you need to link private DNS with a virtual network where VM is running. The link takes a few minutes to complete. 

One virtual network link with one private zone. Auto-registration works with  Virtual machines. For other Azure services like LB, you have to do manual entry in DNS records.

Overall, you can create more than 250+ zones in one subscription and more than 10000+ records under the Azure DNS service. This DNS service can be controlled by RBAC and can be monitored by Activity logs. 

This article has covered Azure DNS services and implementations in an easy way.