In many companies and organizations, IT administrators typically configure internal private domain names that are inaccessible to the Internet for access to internal resources. For example, if my domain name is edi.wang, I want to use internal.edi.wang for access to the organization's internal resources. We have to install and configure our own DNS server on either Windows or Linux for this in the past, it is very complex and costs a lot of time. But now, with Microsoft Azure, you can easily set up a private DNS with a few mouth click in a few minutes.
Create Private DNS zone
Sign in to Azure portal, create a new resource, search for private dns, select Private DNS zone
Choose your own subscription and resource group (preferably in the same group as the virtual network you need to use) and enter your private domain name in Name. E.g. internal.edi.wang
Once the creation is complete, you can see a default @ record
Click + Record set to add a test record, for example, empowerall.internal.edi.wang, which is an A record, pointing to the intranet address 192.168.101
Azure DNS also supports a variety of common record types, such as TXT, CNAME, MX, and so on. Here I add another TXT record:
Once added, you can see these two records
Link Virtual Network
After the records are configured, we need to associate this DNS domain to our own network, and then Azure VMs or your on-premises bridge to Azure can use this DNS.
Click +Add under Virtual network links
Type a name you like in Link name, this won't affect the DNS usage. Choose an existing network in Virtual network, which is the very network that my VMs on Azure are associated.
If you want to use it in your own on-premises environment, you can also bridge your on-premises computer to Azure Virtual Network, but it's not discussed in this article for now.
Test DNS Records
Launch a VM that is associated with the above virtual network. In my case, it's a Windows Server Core machine.
Use Powershell command to check DNS records
Resolve-DnsName <domain name> -type <record type>
And they are not accessible on the public internet.