azure.microsoft.com
Cloud can be tricky sometimes. Find out what scenarios we've ran into that are worth being mentioned and explained.
Introduction:
Azure Private DNS is a robust and secure DNS service designed for virtual networks, offering seamless management and resolution of domain names within the virtual network without the complexities of configuring custom DNS solutions. This article explores the key aspects of Azure Private DNS, including its benefits, capabilities, and a step-by-step guide on how to configure it using PowerShell.
Azure Private DNS: A Closer Look
Azure Private DNS is a cornerstone for creating a reliable and secure DNS service tailored for virtual networks. It enables users to utilize their custom domain names, providing flexibility and adaptability to meet specific organizational requirements. The service facilitates naming resolution for virtual machines (VMs) within a virtual network and connected virtual networks. Moreover, it supports configuring zone names with a split-horizon view, allowing private and public DNS zones to share names seamlessly.
Benefits of Azure Private DNS:
1. Eliminates the need for custom DNS solutions: Azure Private DNS eliminates the burden of creating and managing custom DNS solutions within virtual networks, offering a more streamlined and native approach to DNS management.
2. Automatic hostname record management: Azure automatically maintains hostname records for VMs in specified virtual networks, optimizing domain names without requiring custom DNS solutions or application modifications.
3. Hostname resolution between virtual networks: Private DNS zones support shared usage between virtual networks, simplifying cross-network and service-discovery scenarios, such as virtual network peering.
4. Familiar tools and user experience: The service leverages well-established Azure DNS tools, ensuring a familiar and user-friendly experience for users accustomed to Azure portal, Azure PowerShell, Azure CLI, Azure Resource Manager templates, and the REST API.
5. Available in all Azure regions: Azure DNS private zones feature is accessible across all Azure regions in the Azure public cloud, providing comprehensive coverage.
Azure DNS Capabilities:
• Automatic registration of virtual machines: Azure Private DNS enables automatic registration of virtual machines from a linked virtual network to a private zone, with auto-registration capturing VMs as A records with their private IP addresses.
• Forward DNS resolution: Supported across linked virtual networks, enabling cross-virtual network DNS resolution without explicit dependencies between networks.
• Reverse DNS lookup: Supported within the virtual-network scope, providing FQDNs that include host/record names and zone names as suffixes.
Exercise: Creating a Private DNS Zone in Azure with PowerShell
Objective:
Deploy a private DNS zone in Azure named "contoso.com.ro". Create a Resource Group, an Azure VNET, and deploy two Windows Server 2016 VMs (Standard B1ls). Verify DNS resolution within the private zone.
Step 1: Connect to Azure
Open PowerShell and connect to your Azure account:
Connect-AzAccount
Step 2: Set Variables
Set the variables for resource group, VNET, private DNS zone, VMs, and location:
$resourceGroup = "rg-dns"
$vnetName = "MyVnet"
$dnsZoneName = "private.contoso.com"
$vm1Name = "VM1"
$vm2Name = "VM2"
$location = "YourAzureRegion"
Step 3: Create a new resource group:
New-AzResourceGroup -ResourceGroupName $resourceGroup -Location $location
Step 4: Create an Azure Vnet
New-AzVirtualNetwork -ResourceGroupName $resourceGroup -Name $vnetName -AddressPrefix 192.168.0.0/16 -Location $location
Step 5: Currently, the creation of the private DNS zone is facilitated through a standalone PowerShell module provided by Azure. This implies that you must install the module independently to initiate the zone creation process.
Install-Module -Name Az.PrivateDns
Step 6: Create an Azure Private DNS Zone:
New-AzPrivateDnsZone -ResourceGroupName $resourceGroup -Name $dnsZoneName
Step 7: To enable VMs to register within this zone, it is essential to establish a "link" between the VNet and the zone, designating it as a registration network. Consequently, DNS records for any VMs deployed in this network will be automatically created and maintained by the DNS zone over time.
$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroup -Name $vnetName
$vnetLink = New-AzPrivateDnsVirtualNetworkLink -ZoneName $dnsZoneName -ResourceGroupName $resourceGroup -Name "vnetLink" -VirtualNetworkId $vnet.id -EnableRegistration
Now we can browse to the DNS zone in the Azure portal and check that the VNet is linked to the DNS zone.
Step 8: Deploy Windows Server 2016 VMs
VM1
New-AzVm -ResourceGroupName $resourceGroup -Name $vm1Name -Image "MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest" -Size "Standard_B1ls" -Location $location -VirtualNetworkName $vnetName -SubnetName "default" -PublicIpAddressName "PublicIP1"
VM2
New-AzVm -ResourceGroupName $resourceGroup -Name $vm2Name -Image "MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest" -Size "Standard_B1ls" -Location $location -VirtualNetworkName $vnetName -SubnetName "default" -PublicIpAddressName "PublicIP2"
Following the setup, our initial step involves verifying whether the resources have successfully registered in our private DNS zone. To accomplish this, we will utilize the command:
Get-AzPrivateDnsRecordSet -ZoneName private.contoso.com -ResourceGroupName $resourceGroup
We can see the VM names and that the records were auto-registered.
Step 9: Verify DNS Resolution
RDP into the VMs using the following command:
mstsc.exe /v:<VM1-public-ip-address>
mstsc.exe /v:<VM2-public-ip-address>
Once connected to the VMs, open Command Prompt from each machine and enter the following commands:
nslookup VM1.private.contoso.com
nslookup VM2.private.contoso.com
Conclusion:
Azure Private DNS emerges as a powerful tool for managing DNS within virtual networks, offering benefits like eliminating the need for custom DNS solutions and providing automatic management of hostname records. Its capabilities span from automatic VM registration to cross-network DNS resolution, making it a versatile solution for organizations leveraging Azure's cloud infrastructure. By configuring Azure Private DNS using the Azure portal, users can harness its capabilities effectively to tailor their virtual network architecture according to specific needs.
Transform your business.
Run adaptive.
Phone: +40 73 523 0005
Email: hello@adaptive.run
