Name Resolution in Azure

Name resolution is essential to communicate all the resources inside our network the same way works for Azure, here we have two options Private zones and Public zones, we’ll start from the easiest to understand, these because we all use public records to browse a page or access a service over the internet.

Public DNS Zone

A Public DNS Zone in Azure is used to host DNS records for a domain that is accessible from the internet. This allows you to manage DNS records for your public-facing domain names using Azure's globally distributed and high-availability name server infrastructure. Public DNS zones are ideal for websites, email servers, and other services that need to be accessible to users over the internet. So, if you wonder where I can host my DNS zone for my public services? Then you can use an Azure DNS public zone to create all your A hostnames ALIASES, or SRV records, just don’t forget to add the NS servers IP address to the domain registrar.

Private DNS Zone

A Private DNS Zone in Azure allows you to manage and resolve domain names within your virtual network without needing a custom DNS solution. The records in a private DNS zone are not accessible from the internet; they are only resolvable from virtual networks linked to the zone. This is useful for internal domain name resolution within your Azure environment.

Comparative Table

Here you can see a simple comparative table to show the principal differences

When to Use a Private DNS Zone

You should use a private DNS zone when you need to manage and resolve domain names within your Azure virtual network. This is particularly useful for scenarios such as:

• Internal Applications: When you have applications that need to communicate within your virtual network using custom domain names.
• Private Endpoints: When you need to resolve private endpoints for Azure services, ensuring that traffic stays within your virtual network.
• Enhanced Security: When you want to ensure that DNS resolution is restricted to your internal network and not exposed to the internet.

There is a way to redirect the queries or apply DNS resolution rules for the DNS, here comes in action the Azure DNS Private Resolver

Azure DNS Private Resolver is a new service that enables seamless DNS resolution between Azure private DNS zones and on-premises environments without the need for VM-based DNS servers. Here are the key points:

• How It Works: The resolver operates within an Azure Virtual Network, establishing inbound and outbound endpoints for DNS queries. Inbound endpoints handle queries from on-premises, while outbound endpoints manage conditional forwarding to external DNS servers.
• Benefits: Fully Managed: High availability and zone redundancy. Cost Reduction: Lower operating costs compared to traditional IaaS solutions. Private Access: Securely resolve private DNS zones from on-premises. Scalability: High performance per endpoint. DevOps Friendly: Integration with Terraform, ARM, or Bicep.
• Restrictions: Includes limits on the number of resolvers, endpoints, forwarding rules, and virtual network links.

Use Cases:

• Hybrid DNS: Resolve DNS queries between Azure and on-premises environments.
• Private Link: Enhance security by resolving private endpoints within your virtual network.

With this information I’m sure you’ll see that this feature is very useful when you plan the name resolution inside your network.