Understanding Private and Public DNS in Azure

To facilitate communication between resources in Azure deployed in virtual networks, we can use domain name resolution over relying on IP address, making the communication process simpler. In Azure, DNS is split into two areas: Public DNS, and Private DNS. Domain Name System, otherwise known as DNS, is responsible for resolving a service name to an IP address. Azure DNS provides DNS hosting, resolution, and load balancing for your Azure applications. In this article, I'll talk about the differences between Public DNS Domains and how we can delegate DNS domains. Then i'll talk about how Private DNS works in Azure, and how we can set up Private DNS Zones in Azure. Azure Public DNS Public DNS services resolve names and IP addresses for services over that are accessible over the internet. Azure Public DNS is a hosting service for DNS domains that provides name resolution in Azure. Using Public DNS, we can manage our DNS records in the same way as we would manage our other Azure infrastructure. Public DNS isn't used to buy domain names (you can use App Service Domains or a 3rd party to do that), but your domains can be hosted in Azure Public DNS to manage the records. DNS domains in Azure are hosted on Azure's global network of DNS name services using anycast networking. Using Azure DNS, we can manage and resolve domain names securely and reliably in our virtual networks without having to add custom DNS solutions. A DNS Zone is used to host the DNS records for a particular domain. We first need to create a DNS Zone to host our domain in Azure DNS. Each DNS record for your domain is then created inside the DNS zone. When you create a DNS zone in Azure DNS, you need to keep in mind: The name of the zone has to be unique within the resource group, and it can't exist already. You can reuse the same name in a different resource group or subscription, and; Where multiple zones share the same name, each instance will be assigned a different name server address. Only one set of those can be configured with the domain name register that you use. For more on how Zones and records work in Public DNS, check out the documentation. Delegating DNS Domains and Child Domains We can use Azure DNS to host a DNS zone and manage DNS records for that domain in Azure. We have to delegate the domain to Azure DNS from the parent domain in order for DNS queries for a domain to reach Azure DNS. We'll need to know the name server names for our zone. Every time a DNS zone is created, Azure DNS will allocate name servers from a pool. Once these are assigned, Azure DNS will automatically create the authoritative NS records in your zone. After the zone is created and we know the name servers, we'll need to update the parent domain by editing the NS records with the ones that Azure DNS creates. If we want to setup separate child zones, we can delegate a subdomain in Azure DNS. So if I've configured willvelida.com, I can go ahead an configure a separate child zone for shop.willvelida.com (I don't know what I'd actually sell though...anyone want a hat? I could etsy some

Jan 16, 2025 - 06:50

Understanding Private and Public DNS in Azure

To facilitate communication between resources in Azure deployed in virtual networks, we can use domain name resolution over relying on IP address, making the communication process simpler. In Azure, DNS is split into two areas: Public DNS, and Private DNS.

Domain Name System, otherwise known as DNS, is responsible for resolving a service name to an IP address. Azure DNS provides DNS hosting, resolution, and load balancing for your Azure applications.

In this article, I'll talk about the differences between Public DNS Domains and how we can delegate DNS domains. Then i'll talk about how Private DNS works in Azure, and how we can set up Private DNS Zones in Azure.

Azure Public DNS

Public DNS services resolve names and IP addresses for services over that are accessible over the internet. Azure Public DNS is a hosting service for DNS domains that provides name resolution in Azure. Using Public DNS, we can manage our DNS records in the same way as we would manage our other Azure infrastructure.

Public DNS isn't used to buy domain names (you can use App Service Domains or a 3rd party to do that), but your domains can be hosted in Azure Public DNS to manage the records.

DNS domains in Azure are hosted on Azure's global network of DNS name services using anycast networking. Using Azure DNS, we can manage and resolve domain names securely and reliably in our virtual networks without having to add custom DNS solutions.

A DNS Zone is used to host the DNS records for a particular domain. We first need to create a DNS Zone to host our domain in Azure DNS. Each DNS record for your domain is then created inside the DNS zone.

When you create a DNS zone in Azure DNS, you need to keep in mind:

The name of the zone has to be unique within the resource group, and it can't exist already.
You can reuse the same name in a different resource group or subscription, and;
Where multiple zones share the same name, each instance will be assigned a different name server address. Only one set of those can be configured with the domain name register that you use.

For more on how Zones and records work in Public DNS, check out the documentation.

Delegating DNS Domains and Child Domains

We can use Azure DNS to host a DNS zone and manage DNS records for that domain in Azure. We have to delegate the domain to Azure DNS from the parent domain in order for DNS queries for a domain to reach Azure DNS.

We'll need to know the name server names for our zone. Every time a DNS zone is created, Azure DNS will allocate name servers from a pool. Once these are assigned, Azure DNS will automatically create the authoritative NS records in your zone.

After the zone is created and we know the name servers, we'll need to update the parent domain by editing the NS records with the ones that Azure DNS creates.

If we want to setup separate child zones, we can delegate a subdomain in Azure DNS. So if I've configured willvelida.com, I can go ahead an configure a separate child zone for shop.willvelida.com (I don't know what I'd actually sell though...anyone want a hat? I could etsy some