Use Azure DNS for private domains


A private DNS server allows you real-time control of your network's authoritative parent DNS server the one who knows how to resolve any address that your own server can't. Therefore you have the option to have a separate DNS server for your public domains, this DNS server knows nothing about the internal domain and thus cannot advertise domain names used internally. In this guide, we will demonstrate how to configure NSD to authoritatively serve a domain on two servers in a master-slave configuration. This is less important with IPv4, but with IPv6, having Internet-accessible IP addresses is much more widespread although not necessary. Using custom domain names helps you to tailor your virtual network architecture to best suit your organization's needs.

Your Answer

It provides name resolution for virtual machines VMs within a virtual network and between virtual networks. Additionally, you can configure zones names with a split-horizon view, which allows a private and a public DNS zone to share the same name.

This preview version is provided without a service level agreement, and it is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. Removes the need for custom DNS solutions. You can now perform DNS zone management by using the native Azure infrastructure, which removes the burden of creating and managing custom DNS solutions.

Use all common DNS records types. Automatic hostname record management. Along with hosting your custom DNS records, Azure automatically maintains hostname records for the VMs in the specified virtual networks. In this scenario, you can optimize the domain names you use without needing to create custom DNS solutions or modify applications. Hostname resolution between virtual networks. Unlike Azure-provided host names, private DNS zones can be shared between virtual networks.

This capability simplifies cross-network and service-discovery scenarios, such as virtual network peering. Familiar tools and user experience. With Azure DNS, you can create zones with the same name that resolve to different answers from within a virtual network and from the public internet. A typical scenario for split-horizon DNS is to provide a dedicated version of a service for use inside your virtual network.

Available in all Azure regions. Automatic registration of virtual machines from a single virtual network that's linked to a private zone as a registration virtual network. The virtual machines are registered added to the private zone as A records pointing to their private IPs. If you're not sure which lines to delete, they are marked with a "delete this line" comment above. At the end of the file, add your nameserver records with the following lines replace the names with your own.

Note that the second column specifies that these are "NS" records:. Then add the A records for your hosts that belong in this zone. This includes any server whose name we want to end with ". Using our example names and private IP addresses, we will add A records for ns1 , ns2 , host1 , and host2 like so:. On ns1 , for each reverse zone specified in the named. We will base our reverse zone file s on the sample db. Copy it to the proper location with the following commands substituting the destination filename so it matches your reverse zone definition:.

Edit the reverse zone file that corresponds to the reverse zone s defined in named. In the same manner as the forward zone file, you will want to edit the SOA record and increment the serial value. Now delete the two records at the end of the file after the SOA record. Then add PTR records for all of your servers whose IP addresses are on the subnet of the zone file that you are editing. In our example, this includes all of our hosts because they are all on the Note that the first column consists of the last two octets of your servers' private IP addresses in reversed order.

Be sure to substitute names and private IP addresses to match your servers:. Save and exit the reverse zone file repeat this section if you need to add more reverse zone files. If your named configuration files have no syntax errors, you will return to your shell prompt and see no error messages.

If there are problems with your configuration files, review the error message and the Configure Primary DNS Server section, then try named-checkconf again. The named-checkzone command can be used to check the correctness of your zone files. Its first argument specifies a zone name, and the second argument specifies the corresponding zone file, which are both defined in named.

For example, to check the " nyc3. And to check the " When all of your configuration and zone files have no errors in them, you should be ready to restart the BIND service.

Let's move on to creating the secondary DNS server. In most environments, it is a good idea to set up a secondary DNS server that will respond to requests if the primary becomes unavailable. Luckily, the secondary DNS server is much easier to configure. Save and exit named. This file should look exactly like ns1 's named.

Define slave zones that correspond to the master zones on the primary DNS server. Note that the type is "slave", the file does not contain a path, and there is a masters directive which should be set to the primary DNS server's private IP.

If you defined multiple reverse zones in the primary DNS server, make sure to add them all here:. Now you must configure your servers to use your private DNS servers. Before all of your servers in the "trusted" ACL can query your DNS servers, you must configure each of them to use ns1 and ns2 as nameservers. Add the following lines to the file substitute your private domain, and ns1 and ns2 private IP addresses:.

Then add the following lines to the TOP of the file substitute your private domain, and ns1 and ns2 private IP addresses:. Use nslookup to test if your clients can query your name servers.

You should be able to do this on all of the clients that you have configured and are in the "trusted" ACL. For example, we can perform a forward lookup to retrieve the IP address of host1.

Querying "host1" expands to "host1. The output of the command above would look like the following:. If all of the names and IP addresses resolve to the correct values, that means that your zone files are configured properly. If you receive unexpected values, be sure to review the zone files on your primary DNS server e.

Your internal DNS servers are now set up properly! Now we will cover maintaining your zone records. Now that you have a working internal DNS, you need to maintain your DNS records so they accurately reflect your server environment. Whenever you add a host to your environment in the same datacenter , you will want to add it to DNS.

Here is a list of steps that you need to take:. If you remove a host from your environment or want to just take it out of DNS, just remove all the things that were added when you added the server to DNS i.

Now you may refer to your servers' private network interfaces by name, rather than by IP address. This makes configuration of services and applications easier because you no longer have to remember the private IP addresses, and the files will be easier to read and understand.

Also, now you can change your configurations to point to a new servers in a single place, your primary DNS server, instead of having to edit a variety of distributed configuration files, which eases maintenance.

Once you have your internal DNS set up, and your configuration files are using private FQDNs to specify network connections, it is critical that your DNS servers are properly maintained.

If they both become unavailable, your services and applications that rely on them will cease to function properly. This is why it is recommended to set up your DNS with at least one secondary server, and to maintain working backups of all of them.

We hope you find this tutorial helpful. In addition to guides like this one, we provide simple cloud infrastructure for developers. Not using Ubuntu Choose a different version: CentOS 7 Debian 9 Ubuntu Ansible request Debian 8 request.

Introduction An important part of managing server configuration and infrastructure includes maintaining an easy way to look up network interfaces and IP addresses by name, by setting up a proper Domain Name System DNS.

Prerequisites To complete this tutorial, you will need the following: Example Hosts For example purposes, we will assume the following: Refer to the following table the relevant details: Our Goal By the end of this tutorial, we will have a primary DNS server, ns1 , and optionally a secondary DNS server, ns2 , which will serve as a backup. Here is a table with example names and IP addresses:


Private DNS servers are fully white-label DNS servers. When you get a Private DNS server, it will be linked with our network and web interface. The Server will be managed and supported by our system administrators and you will be able to manage all your domains via our web interface. Having private nameservers could be useful if you intend to resell hosting services or want to brand your business. Also, when using Private DNS, if a domain name is migrated to another server, there is no need to change any nameservers and the domain names will automatically point to the new location. Use Azure DNS for private domains. 03/15/; 5 minutes to read Contributors. In this article. The Domain Name System, or DNS, is responsible for translating (or resolving) a service name to its IP address.