In many companies and organizations, IT administrators typically configure internal private domain names that are inaccessible to the Internet for access to internal resources. For example, if my domain name is edi.wang, I want to use internal.edi.wang for access to the organization's internal resources. We must install and configure our own DNS server on either Windows or Linux for this in the past, it is extraordinarily complex and takes a lot of time. But now, with Microsoft Azure, you can easily set up a private DNS with a few clicks in a few minutes.
Create Private DNS zone
Sign in to Azure portal, create a new resource, search for private dns, select Private DNS zone
Choose your own subscription and resource group (preferably in the same group as the virtual network you need to use) and enter your private domain name in Name. E.g. internal.edi.wang
Once the creation is complete, you can see a default @ record
Click + Record set to add a test record, for example, empowerall.internal.edi.wang, which is an A record, pointing to the intranet address 192.168.101
Azure DNS also supports a variety of common record types, such as TXT, CNAME, MX, and so on. Here I add another TXT record:
achievemore.internal.edi.wang
Once added, you can see these two records
Link Virtual Network
After the records are configured, we need to associate this DNS domain to our own network, and then Azure VMs or your on-premises bridge to Azure can use this DNS.
Click +Add under Virtual network links
Type a name you like in Link name, this won't affect the DNS usage. Choose an existing network in Virtual network, which is the very network that my VMs on Azure are associated.
If you want to use it in your own on-premises environment, you can also bridge your on-premises computer to Azure Virtual Network, but it's not discussed in this article for now.
Test DNS Records
Launch a VM that is associated with the above virtual network. In my case, it's a Windows Server Core machine.
Use Powershell command to check DNS records
Resolve-DnsName <domain name> -type <record type>
And they are not accessible on the public internet.
Learn more about Azure DNS here.
Shawn Mansour
Hi Edi Wang,
I have a question. What if I wanted to resolve a hostname on an Azure VPN via a client machine connected through a VPN. Is it possible with the private DNS?
Matt
Hi Edi, I have Expressroute link between Azure and our onprem network. would i be able to resolve to my onprem VM IP address if I create this internal private DNS setup in Azure? My onprem hosts CIDR range is being advertised through the dedicated link.