DNS Hosting With Azure DNS
DNS is not only needed for on-premise infra, but for the cloud as well. This article will help you to understand how to use Azure PaaS-based DNS service.
Join the DZone community and get the full member experience.Join For Free
What Is DNS Service?
DNS service plays a vital role in any infrastructure as it is always easy to remember English text than IP address. It is responsible to resolve a domain name to an IP address or vice versa for any computer or user.
Domain Name System (DNS) is one of the industry-standard suites of protocols defined by Engineers in the Internet Engineering Task Force (IETF).
The way DNS is important for on-premise infra similarly it is needed in the cloud as well.
When you provision the IaaS and PaaS-based resources in the cloud, you need to use DNS services for internal and external communication. Azure DNS does that for you. We will see more about it below.
This article will help you to understand how to use Azure PaaS-based DNS service.
How to Use Azure DNS
Azure DNS is a hosting service for DNS domains that provide name resolution by using Microsoft service infrastructure. It manages your DNS records and provides name servers that will respond to DNS queries from end-users. DNS zones can be moved between resource groups or between subscriptions.
Azure DNS does not currently support DNSSEC (DNS Security Extension). It strengthens authentication in DNS using digital signatures. From a security standpoint, if DNSSEC is a critical requirement then you can host zones with third-party DNS hosting providers.
DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received.
Azure DNS supports alias record sets. You can use an alias record set to refer to an Azure resource. If the IP address of the underlying resource changes, the alias record set seamlessly updates itself during DNS resolution.
An important point to highlight is that Azure DNS does not work as a Domain registrar that allows you to purchase and register domain names. If you want to buy a domain, then you can contact companies like GoDaddy, Bluehost, etc. AWS Route 53 Cloud service also provides a new domain but you need to pay for it.
You can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services. Azure guarantees that valid DNS requests receive a response from at least one Azure DNS name server 100% of the time. Azure DNS name servers are dual-stack. Azure DNS doesn't currently support zone transfers.
Until now, you must have got information about the Azure DNS service. Let's go deep into public and private DNS zones services available in Azure DNS.
Public DNS ZONE
You have taken public domain from a domain registrar. In that case, you have two options, either you can host your domain on their public DNS servers, or else you can use the DNS Zone service.
Refer to the below diagram; I have purchased sagarcloud.cf domain and hosted the website in one Azure VM. To make that site publish to the internet, I have created a new DNS zone with the name sagarcloud.cf, and created an A record for the public IP of Azure VM. Any user DNS query for a website over the internet will be answered by the azure public DNS zone.
With every DNS zone, NS, and SOA records are automatically created. Only the A record has been added manually.
After setting up a record, you can browse the website without any issue:
If DNS zone does public domain hosting then the following is what Private DNS does. Azure Private DNS provides a DNS service for your virtual network. It manages and resolves domain names in the virtual network without the need to configure a custom DNS solution.
To resolve the records of a private DNS zone from your virtual network, you must link the virtual network with the zone. You can also enable auto registration on a virtual network link. When you enable auto registration on a virtual network link, the DNS records for the virtual machines in that virtual network are registered in the private zone.
The Azure DNS private zones feature is available in all Azure regions in the Azure public cloud.
In the below example, I have created a private DNS zone and added A records for VMs. When VM1 connects to VM2 by using FQDN (vm2.contoso.com), DNS query sends to the private DNS zone, it returns the private IP address of VM2.
With a private DNS zone, it creates SOA records automatically.
To auto-register the VM, you need to link private DNS with a virtual network where VM is running. The link takes a few minutes to complete.
One virtual network link with one private zone. Auto-registration works with Virtual machines. For other Azure services like LB, you have to do manual entry in DNS records.
Overall, you can create more than 250+ zones in one subscription and more than 10000+ records under the Azure DNS service. This DNS service can be controlled by RBAC and can be monitored by Activity logs.
One more point I have kept separate to talk about is the private link. When you use a private link for any PaaS-based service, you will notice new private DNS will be created automatically. To understand it better, you need to refer to a private endpoint DNS documentation.
For Demo on Public and Private DNS zone, refer to my Youtube video.
Opinions expressed by DZone contributors are their own.