The Microsoft public cloud offers various services including Azure DNS, that allows you to host and manage domains DNS (Domain Name System) public and private in the Azure environment. This article lists the characteristics of the solution, the possible use cases and discusses the advantages of adopting this solution.
Public name resolution
The Azure DNS service can be used to resolve public domain names. Azure does not allow direct purchase of public domains, but assuming that you have a public domain, you can use the Azure DNS to resolve domain names.
To do so you need to proceed with the creation of a Dns Zone, this is the procedure to activate it from the portal Azure:
In the activation process of a DNS zone you are prompted to specify the location of the Resource Group, that determines where the metadata associated with the DNS zone are maintained. The Azure DNS service is indeed global and not associated with a specific Azure location.
The creation process is very quick and, at the end of the service creation, you can identify the name servers that you can use for the zone created.
After you create the DNS zones in Azure, you must delegate the name resolution for the domain to name servers in Azure. Every Registar has its own tool for managing names, where you can specify NS records, making them point to the four Name Servers provided by Azure DNS service.
At this point you can add and manage any public DNS records on yours DNS zone hosted in Azure environment.
Private name resolution
In Azure Virtual Networks the DNS is integrated into the platform and it is available by default, which allows the resolution of the system names on them attested (Azure-provided). Alternatively, you can specify custom DNS Servers. The Azure DNS service extends these capabilities by enabling new scenarios, thanks to the possibility to use the Azure DNS service, not only to handle name resolution for public domains, currently in preview, you are given the option to enable a private DNS zone. For private DNS zones the virtual networks that can take advantage of the name resolution service, are called resolution virtual networks. While the registration virtual network are those VNet for which it is expected the maintenance of the hostname when you create a VM, when this changes its IP address, or when it is removed.
The creation of a private DNS zone can be done with PowerShell commands and not by the portal Azure.
By using the PowerShell command New-AzDnsZone you can specify that it is a private zone with parameter ZoneType valued at Private. If you want to use the private zone just for name resolution, without making any future automatic creation of DNS records, you can specify the parameterResolutionVirtualNetworkId, otherwise, if you want the automatic registration of names you should specify the parameterRegistrationVirtualNetworkId. In this regard, currently the initial pairing as RegistrationResolution Virtual Network is only possible if the VNet has not attested systems on it.
At the end of the execution of the PowerShell commands it will be possible to see the private zone also in the Azure portal. The private zones at the moment are distinguished from the others because it does not have the list of Name Servers. It is still possible to register and manage your DNS records, not only using PowerShell or CLI, but also from the portal.
Usage scenarios
The presence of the Private Zone in the Azure DNS service allows to be adopted in different scenarios.
Name resolution for a single Virtual Network
This scenario has a single virtual network that takes advantage of the Azure private DNS to resolve internal names. That resolution is totally private and can be used by all resources attested on that specific VNet.
Name resolution between different Virtual Networks
This scenario is commonly used when multiple virtual networks have access to the same Azure private DNS service. The adoption of this scenario is typical in the presence of architectures Hub-Spoke, where the Hub network can be associated with the private Azure DNS zone in mode Registration, while the various spoke networks may be associated as Resolution virtual network.
Split-Horizon capabilities
It falls in this scenario when for the same DNS zone there is the need to obtain different resolution of the names depending on where the client is located, Azure environment or in Internet.
The Cost of the Solution
The Azure DNS cost is given by two elements:
- Number of DNS zones hosted in Azure (public or private).
- Number of DNS queries received.
To get the details of the Azure DNS costs you can see the official page.
Advantages
The ability to host DNS zones in Azure introduces a number of benefits, including:
- The DNS service can be provided using the native tools offered by the Azure platform, without having to use custom DNS solutions, thus saving on time and costs.
- The service allows you to use all the most common types of DNS records: In, AAAA, CNAME, MX, PTR, SOA, SRV, and TXT.
- It provides automatic management of the DNS records for virtual machines on specific Azure Virtual Networks.
- Private DNS name resolution can be shared between different Virtual Networks, unlike as it offers the service of name resolution provided by default on the VNet. This expands possible usage scenarios and simplify the architecture, thanks to the Split-horizon capabilities.
- The solution can be fully managed via the Azure tools (PowerShell, Azure Resource Manager templates, and REST API), reducing the learning curve for the actual adoption.
Conclusions
The Azure DNS service allows you to host your own DNS domains in Azure, providing the ability to manage them with the same credentials, the same billing policies and support of the other Azure services. The introduction of Private Azure DNS Zones introduces an important element that, when it is officially released, will be taken into consideration in the design of Azure architectures, in order to simplify them and make them more efficient. Azure DNS also provides reliability, scalability, security and availability, as it is based on the Microsoft global network, hardly obtainable with third-party solutions.