Sajal Choudhary

Azure DNS

Last updated:

AZURENETWORK
  • [[202404121703 Azure VNet|VNet]] can use Azure DNS or custom/private DNS
  • Azure DNS - 168.63.129.16
  • From a [[202404121703 Azure VNet|VNet]] auto-register to one private DNS zone (check-box in [[202404141442 Azure Private Link|Private Link]])
    • Can resolve to upto a 1000 DNS zones
  • Each private DNS zone can link to a 1000 [[202404121703 Azure VNet|VNet]]s
  • Types:
    • Private
      • Create a [[202404141442 Azure Private Link|Private Link]] to [[202404121703 Azure VNet|VNet]] which needs DNS resolution
    • Public
  • NS record for delegating a sub-domain
  • [[202407271215 Create Azure DNS zone and records|Create Azure DNS zone and records]]
  • For [[202404011327 Entra ID|“Entra ID”]] only TXT or MX records
  • For [[202404201400 Azure App service|app service]] to register dns TXT or CNAME record

Private DNS Resolver service

  • Inbound (just an IP) and Outbound endpoint
  • My on prem DNS can forward to inbound endpoint (which is just an IP)
  • Forwarding rule sets can be created to resolve in [[202312231415 Azure Master|Azure]] my onprem DNS
    • Can be linked to different [[202404121703 Azure VNet|VNet]]s

Dangling DNS

  • Create an alias to a resource
  • After time resource is deleted
  • But alias still points to it
  • Bad actor can create a service with the same record name
  • So now my alias points to bad actor’s service

split horizon scenario

  • [[202404161835 Azure VM Basics|Azure VM]] has [[202407271143 Public IP address allows inbound access based on tier in Azure|Public IP Address]] and [[202407281228 Azure Private IP Address|Azure Private IP Address]]
  • We create 2 zones - public and private
  • Configure the associated [[202404121703 Azure VNet|VNet]] to register to dns automatically
  • Then private dns zone will have A record with private ip
  • Public dns zone will have public ip

references:

MS Learn

  • A is the host record, and is the most common type of DNS record. It maps the domain or host name to the IP address.
  • CNAME is a Canonical Name record that’s used to create an alias from one domain name to another domain name. If you had different domain names that all accessed the same website, you’d use CNAME.
  • MX is the mail exchange record. It maps mail requests to your mail server, whether hosted on-premises or in the cloud.
  • TXT is the text record. It’s used to associate text strings with a domain name. Azure and Microsoft 365 use TXT records to verify domain ownership.

Additionally, there are the following record types:

  • Wildcards
  • CAA (certificate authority)
  • NS (name server)
  • SOA (start of authority)
  • SPF (sender policy framework)
  • SRV (server locations)

Enable Auto-registration

← Back to Til

3 Backlinks