In many companies and organizations, IT administrators typically configure internal private domain names that are inaccessible to the Internet for access to internal resources. For example, if my domain name is edi.wang, I want to use internal.edi.wang for access to the organization's internal resources. We have to install and configure our own DNS server on either Windows or Linux for this in the past, it is very complex and costs a lot of time. But now, with Microsoft Azure, you can easily set up a private DNS with a few mouth click in a few minutes. 

Create Private DNS zone

Sign in to Azure portal, create a new resource, search for private dns, select Private DNS zone

Choose your own subscription and resource group (preferably in the same group as the virtual network you need to use) and enter your private domain name in Name. E.g. internal.edi.wang

Once the creation is complete, you can see a default @ record

Click + Record set to add a test record, for example, empowerall.internal.edi.wang, which is an A record, pointing to the intranet address 192.168.101

Azure DNS also supports a variety of common record types, such as TXT, CNAME, MX, and so on. Here I add another TXT record:

achievemore.internal.edi.wang

Once added, you can see these two records

Link Virtual Network

After the records are configured, we need to associate this DNS domain to our own network, and then Azure VMs or your on-premises bridge to Azure can use this DNS.

Click +Add under Virtual network links

Type a name you like in Link name, this won't affect the DNS usage. Choose an existing network in Virtual network, which is the very network that my VMs on Azure are associated.

If you want to use it in your own on-premises environment, you can also bridge your on-premises computer to Azure Virtual Network, but it's not discussed in this article for now.

Test DNS Records

Launch a VM that is associated with the above virtual network. In my case, it's a Windows Server Core machine.

Use Powershell command to check DNS records

Resolve-DnsName <domain name> -type <record type>

And they are not accessible on the public internet.