Azure Private DNS Zones

This article provides an overview of Azure Private DNS Zones, a service that provides reliable and secure DNS naming solutions for your virtual networks in Azure. It allows you to use custom domain names rather than the Azure-provided domain names. Your virtual machines and other resources can resolve these custom DNS names from within your virtual networks.

What are Azure Private DNS Zones?

Azure Private DNS zones allow you to manage and resolve domain names in a virtual network without needing to deploy a custom DNS solution. Private DNS zones are linked to your virtual networks, providing name resolution for resources within those networks. They work in conjunction with Azure public DNS zones; you can have a private zone with the same name as a public zone.

Key Benefits

Secure Naming: Provides private namespace for your Azure resources.
Custom Domain Names: Use your own domain names for resources.
Automatic Registration: Resources can automatically register their DNS records.
Virtual Network Integration: Seamlessly integrates with Azure Virtual Networks.
High Availability: Azure DNS is a highly available and resilient service.

How it Works

When you create a private DNS zone, you can link it to one or more virtual networks. Resources within these linked virtual networks can then resolve hostnames in the private DNS zone. By default, records are automatically registered when a virtual machine is deployed, and automatically updated or deleted when they are deallocated or deleted.

Creating a Private DNS Zone

You can create a private DNS zone using the Azure portal, Azure CLI, or PowerShell.

Using Azure CLI:

az network private-dns zone create --resource-group myResourceGroup --name myPrivateZone.com

Linking a Virtual Network:

az network private-dns link vnet create --resource-group myResourceGroup --zone-name myPrivateZone.com --name myLink --virtual-network myVNet --registration-enabled true

Common Scenarios

Internal Application Naming: Name internal applications using custom domains like app.internal.corp.
Hybrid Connectivity: Resolve names for on-premises resources when using Azure ExpressRoute or VPN Gateway.
Azure Kubernetes Service (AKS): Provide DNS resolution for services within AKS clusters.

Record Types

Azure Private DNS zones support common DNS record types, including:

A records: Map hostnames to IPv4 addresses.
AAAA records: Map hostnames to IPv6 addresses.
CNAME records: Alias one name to another.
MX records: Specify mail servers.
TXT records: Store text information.
SRV records: Locate specific services.

Note: Private DNS zones do not support PTR records for reverse DNS lookups out of the box for automatically registered records. You may need to configure custom reverse lookup zones if required.

Pricing

Azure Private DNS Zones pricing is based on the number of hosted DNS zones and the number of DNS queries processed. For detailed pricing information, refer to the Azure DNS pricing page.