1. *UPDATED* Azure DNS Services
So let’s talk about how the domain name system works within Microsoft Azure. Now, the domain name is sometimes abbreviated as DNS, and it’s almost like the phone directory for the Internet. It’s how a domain name like Microsoft. com gets turned into an IP address and an IP address that computers and servers use to communicate with each other. Now, this is an IPV four address. Also supports IPV six, which is a different address format. Your computer uses a domain name system probably provided by your employer or by your Internet provider to look up any domain that you’re interested in visiting that gets converted into an IP address. And it actually gets cached or stored on your local computer for a short period of time, and you don’t go and look it up every single time. Now, within Microsoft Azure for virtual machines, there are three options for domain services.
Now, Azure does provide a DNS service by default. You can also provide your own S, as if you’re running your own DNS server, maybe inside your corporation or inside of Azure. Finally, there’s a service called the Azure Private DNS Service that allows you to run your own DNS services. Now, the Azure provided DNS is, like I said, the default. So when you create a new virtual machine, it does have access to the Internet, has access to other computers on the same virtual network, and it can address using their domain names. And that’s provided by Azure’s DNS.
Now, you don’t have to do anything to configure it. The other benefit of using the Azure provided DNS is that you can use what are called host names to connect to. So if you have a virtual machine and on the same network as another, then you can just refer to it by its host name and it will be able to address it. And so you don’t have to have Microsoft. com example to fully qualify the domain in the traditional sense. Now, there is also this private DNS service. This is a feature of the exam.
Now, private DNS service only exists for your own benefit. It’s not like you’re buying a domain name on GoDaddy and having it registered in the public Internet domain registry. You can create your own custom domain names and have them recognized by your virtual machines. And you can call them by familiar names like dev local, staging localproduction local. It’s only valid on your network. And that means that you would not be able to access those domains from the public Internet. Now, it doesn’t have to be registered. It’s not like a valid top domain or even a valid domain. The way that the Azure private DNS works, it requires they call them labels. And so there’s a two label minimum, and labels are separated by a period.
And so it’s like dev local, valid two label domain name within the private DNS, and you can have up to 34 of them. And that would be excessive but that might be something that you’re interested in doing now, I should say there are some caveats. This is pretty much exclusive to virtual machines. If you wanted to have Azure App services addressing virtual machines by some private DNS, you wouldn’t be able to do it. You can’t modify the name services, the DNS services for the Azure App services like the platforms as a services like basis and stuff. So this is only for VNETs where you do have access to modify their IP settings. And what they use for DNS services should also say the big benefit to this is being able to address servers by a friendly name instead of having to rely on memorizing an IP address so that you have local you know, that’s your dev environment. And even if the IP changes, you can map the dev the new IP and you never have to remember it. And if the IP changes, you don’t have to go in 50 different places and update all of that. So this is why you would use Azure private DNS service. And that is.
2. Create a Private DNS Zone
All right, we’re going to switch over to the Azure Portal and we’re going to look at the two different types of DNS zones that you create. Now I’m going to go under the top search box here and I’m going to type DNS. And we can see that there are two sisters in Azure that respond to DNS. There are public DNS zones and private DNS zone. To remind you from the last video, public DNS zones are Internet recognizable. These have to be domains that are registered in a public registry. You have to prove that you have control of them and then would be able to accept any requests that come to it from that DNS. You would have to even modify your registry name servers in the private DNS zones. It’s internal to Azure only.
You can servers refer to each other by a friendly name, but it’s not going to be recognized outside of Azure. So let’s see private ones first. It’s probably the easiest to demonstrate because we’re not involved with a public domain name. I go into private DNS zones and right now I don’t have one. So I’m going to say create. Now we have to put this in a resource group. I’m going to put say a z SGD new DNS. You can call it whatever you want. Now this is the instance. Details is the zone name. Now the zone name is going to be that label label that we talked about in last video. So I can call the DevServer local. Now you could use a call net if you wanted to, but then you’re going to end up with some type of conflict. Let’s say I did put Microsoft. com in here.
Then my own servers would not be able to access the realmicrosoft. com. You’re going to end up causing confusion for yourself. So Dev Server Local or Dev or something like that is going to be the preferred way. Now they do give us a warning here that domain names ending in local may not work as expected with some op systems. I’ve never had a problem with it. So we can leave that for now. But if maybe you have company name right, you could have it as a custom subdomain that doesn’t exist in the real world. That might be a clever one. But let’s say though, the location of the resource group, I’m going to create this in Canada. Okay? So once I’ve created this private Dzones, then I’m going to be able to link virtual networks to that zone.
And then the virtual networks are going to be able to access the domains as registered in that zone. So let’s create the private DNS zone called Create takes about two minutes. So I’ll pause the video and we’ll let that create so we can see that it created. It says 34 seconds, but yeah, just under a minute. So now we have a private DNS zone that we can work with. Now the next thing that we need is a Virtual Network. Now, I do have some existing Virtual Networks, but I’m creating a new Virtual Network, so I’m going to say Add, and we’re going to put it into the same resource Group. So there was a TNS group group, and we’re going to call this as Phoenix, and it’ll also go into Canada Central. And I’ll say create. So you see, that took literally seconds. Now, if we go to the group level and refresh this, then we can see both the DN and the Virtual Network. Let’s go back into the DNS zone. And what we’re going to want to do is link this DNS Zone to the Virtual Network that we just created. So we’ll go into Virtual Network links and we’ll say Add. So we’re going to have to give it a name, and we can call this first link, and we can choose DNS VNet that we created. We also want to enable auto registration. So as we create servers in the Virtual Machine on the Virtual Network, then it’ll get auto registered into the DNS Zone, say, okay, so as we can see, DNS link is being established, and now it’s completed. Next up, we’re going to want to create Virtual Machine. So let’s go back to the DNS Group, the resource Group, and we will add a Virtual Machine. So I’m going to choose the Windows Server virtual machine. Hopefully you’ve done this a few times, sort of dnsbm going to take all the defaults here, and we can leave RDP, save that. Now, instead of we don’t want it to create a new VP, we want to place this which location? I want to put this in Canada. One which I created. Canada central. So we want this to be in DNS VNet.
So you see, once I put it into Canada Central, it switched over to the Venet. It’s going to create a brand new IP address for this security group, et cetera, et cetera. We’re going to then I always turn off diagnostics. I think it’s a little bit faster to create. All right, so we’ve now kicked off a Virtual Machine that’s going to be on the VNet that we just created. I’m going to go through the process of creating another VM because we need the two VMs on the same network to be able to talk to each other. So I’m going to fast forward through that. So now the VM is being created on the same VNet in the same region, of course. All right, so we should have two Virtual Machines so we can see that.
Let’s see how that goes. We’ve got new DNS VM as one Virtual Machine and Azns VM two as the other two public IP addresses on the same Vnep. Now, a step we’re going to do is we’re going to go into the private DNS Zone. Now, we can see that the two Virtual Machines were registered. So the IP address for the machines were pulled from the VNet and was auto assigned from the VNet, but it was auto registered into the private DNS zone. What I might want to do is assign one of these to be the web server and one of these to be the database server. So for new DNS VM, I can copy the IP address and say web server. And so we will have this custom web server dev server local, maybe just web web dev server local.
And if I just apply the P address that it was assigned, this custom private DNS assigned to this virtual and we can do that and then we can create a similar record set for the back end server and call this DB. So that’s the database server. So by doing this we can see, we’ve got maybe call it a friendly naming structure where the web dever local is the web machine. The DB dev server local is the database Irrespective host name and this is not available from outside. But if I was to remote into this web server, it should be able to access the database by DB dev server local and we can add even so, both machines have been created on the left. Here I am in the VP session for the new DMs VM which we created as the web alias. The right, this is the AZ DNS VM two, which is the DB alias. Now normally we want to be able to ping the two, but the ping turned off inside of the windows firewall and so I can basically set a command there’s a PowerShell command I can type here that will enable the ping through the firewall. So it was able to run the shell command. And now what I should be able to do is say ping DB dev server local and we can see that the DB dev server local is returning and I should be able to say ping DevServer local and the web server which is this machine is returning. So we set up a private DNS zone where we’re able to their own labels for servers, which is a human readable friendly way. Maybe a likelihood of error reduces your dependency on private IP addresses where you can just rely on more friendly names. And that’s how you set up a private DNS zone inside of Azure.
3. Create a Public DNS Zone
All right. So that was the private DNS zone. Let’s look at what are called public DNS zones. I’m going to go back to the search box, enter DNS, and we’ll see. The server is called DNS zones. I don’t any. Now, in order to operate here, we’re going to have to have a domain name registrar that we have a spare domain name that would be recognized from the open Internet. Azure does not have a domain registrar in the traditional sense. And so this is going to require an external service. If you don’t want to go and purchase a domain name, you don’t have one available. You can just watch this video. You don’t have to follow. But if you do, then you can certainly go and try this yourself. So let’s create a DNS. So I’m going to put this in the same resource group.
So I do have my DNS resource group. And again, we’re going to call it we have to give it a name. And this name is going to be the registered domain. Now, I happen to own a lot of domain names. Don’t ask me why I’m going to use this one, Scottduffytraining. com. And I paste that here. So I am basically delegating Microsoft Azure to manage and to respond to this domain. For me, the implications of this, I would not use a domain that you’re already using for something else. So don’t choose your main website domain. Don’t choose your email address domain. Because when you set this up, you’re basically telling the world that anyone who has any questions about Scott Duffytrain. com comes to the Azure DNS to get the answers. If you use an actual in production live domain name here, you are basically break that domain name.
So always do one that you’re willing to play around with. So didn’t point to anything. Right now it’s a parking parking page. Usually I can kind of prove that we continue. So Scott Duffy training, it’s basically a parked web page with nothing on. So let us create that as a brand new DNS zone. Really, doing this doesn’t actually affect anything, right? So just the fact that Azure has a DNS zone with a domain name is nothing is going to change because what I have to do is I have to modify my registrar. So now that I’ve created this DNS zone, I can see in the right corner four name servers that are being given to me. Now I basically go into my registrar and say, this is the place that’s going to answer the question. So flip to my registrar and I’m going to I think it’s under the domain tab.
I’m going to switch over to custom DNS. Now your registrar is all going to be different. I can’t help you with GoDaddy or whoever you use. This is name cheap. So I just start copying these domains here. Now, two is the minimum. You’ll notice that one, one’s a. Net, one’s A. org and one’s a dot info. So they’re using all of the top level domains for maximum availability. So if I say save, I am now saying that this domain name is Azure, is the controller of it. Now, DNS propagations take a long time. Now I would imagine that there’s nobody in the world that’s going to Scott Duffytraining. com. And so it’s going to be very easy in this case. But I just went to Scott Duffytraining. com, so my ISPs registrar already has a memory of where to send people for this. It’s going to take some time for them to clear that out. So I’ve done that, I’ve hit save. And now we just have to wait for this to propagate. I can’t tell how long it’s going to take, but we can, you know, hopefully within 6 hours it’s going to have taken effect. Now, the way that you know that it’s worked is when you’re able to do an NS lookup of the domain name, you’re going to get the Microsoft Azure response and not what was there before the parking. So we can see here, oh, it’s already saying NS one, Azure dns. com. So the propagation has effectively worked and we can continue adding this domain, like creating a VM with this or web app or any of the other places where custom domains in Azure work. We can now continue because now we’ve basically sending traffic. Anyone who goes to Azuretrain. com is going to be sent to Azure. And now when I go to my web browser and enter it, there’s no response because there’s nothing within Azure that is responding.
We don’t have even have the parking web page anymore, which is exactly what we expect and set it up yet. So one of the easiest things we can do is to go to the VM that we created for the last lesson, if you still have that, and turn this into a server. So I can add features, go down into web server. I don’t really have to set this up. I don’t really care about the features as long as there’s a web server. So I’m just going to have it become a web server really quick. Remember, we had delegated this to web DevServer local, I could delegate it to Wwwtraining. com. Both work in tandem. So I’m going to accept the web server here and then I’m going to add a record for the Www in the DNS here. So installation of IAS, I can go into the server, open up Internet Explorer and then see local host. We can see that is successful here. I have to go back to here, go up to the resource group DNS.
All right, so there’s two more things that we need to do in order to get this new custom domain name recognized from the Internet. One of the things we need to do is we need to allow port 80 traffic through the security group. So you need to find the network security group that belongs to the web server. So web is new DNS VM in my case. And so I need this network security group. I need to go into on security rules. When we set this up, we only allowed RDP traffic. We do need to allow web traffic. And so I’m going to switch over to the basic setup and I’m going to pick Http, I’m going to rename this to port 80 and say add.
And so you’ll see port 80 got added as an underworld. Now if I wanted secure traffic, I would have to add four for three as well. We don’t need to do that. That’s the first 2nd thing we need to do is go into the DNS zone and we need to allow the www sub domain to pass through to the correct IP address. So I’m going to say record set, I’m going to say www and we’re going to make this an A record, which means it accepts an IP address. Now, the IP address of the server, public IP address, we know it from our recession, it’s also in Azure. So I’m going to just type in the public IP address 2233-1183 and say, okay, right now the DNS zone recognizes the subdomain and we know the traffic is going to be allowed. The network security group, let us test it to see that it works. Back to the browser on my local machine here and it does hide the www but you can see that that’s the fully qualified name and it brings me up the IIS loading screen. Effectively. We’ve successfully created a public DNS zone in Azure.
We’ve successfully created a domain name associated with that at the resource group at the registrar level. And then we’re able to basically pass traffic over our sub domain here to web server using an A record inside of that DNS zone. So that’s how custom domains work. Now we could do the same thing for web apps. There are other services within Azure that allow custom domains and so same basic concept except within the web app. You have to figure the web app to allow custom domain.