AZ-104: Host your domain on Azure DNS

3. What type of DNS record should you create to map one or more IP addresses against a single domain?

A or AAAA The A or AAAA record maps an IP address to a domain. Multiple IP addresses are known as a record set.

How does DNS work?

A DNS server carries out one of two primary functions: Maintains a local cache of recently accessed or used domain names and their IP addresses. This cache provides a faster response to a local domain lookup request. If the DNS server can't find the requested domain, it passes the request to another DNS server. This process repeats at each DNS server until either a match is made, or the search times out. Maintains the key-value pair database of IP addresses and any host or subdomain that the DNS server has authority over. This function is often associated with mail, web, and other internet domain services.

Prevents dangling DNS records

A dangling DNS record occurs when the DNS zone records aren't up-to-date with changes to IP addresses. Alias records prevent dangling references by tightly coupling the lifecycle of a DNS record with an Azure resource.

Step 2: Get your Azure DNS name servers

After you create a DNS zone for the domain, you need to get the name server details from the name servers (NS) record. You use these details to update your domain registrar's information, and point to the Azure DNS zone.

Hosts load-balanced applications at the zone apex

Alias records allow for zone apex resource routing to Traffic Manager.

Step 3: Update the domain registrar setting

As the owner of the domain, you need to sign in to the domain management application provided by your domain registrar. In the management application, edit the NS record, and change the NS details to match your Azure DNS name server details. Changing the NS details is called domain delegation. When you delegate the domain, you must use all four name servers provided by Azure DNS.

Private domains

Azure DNS handles the translation of external domain names to an IP address. Azure DNS lets you create private zones. These provide name resolution for virtual machines (VMs) within a virtual network, and between virtual networks, without having to create a custom DNS solution. This allows you to use your own custom domain names rather than the Azure-provided names. To publish a private DNS zone to your virtual network, you specify the list of virtual networks that are allowed to resolve records within the zone. Private DNS zones have the following benefits: There's no need to invest in a DNS solution. DNS zones are supported as part of the Azure infrastructure. All DNS record types are supported: A, CNAME, TXT, MX, SOA, AAAA, PTR, and SRV. Host names for VMs in your virtual network are automatically maintained. Split-horizon DNS support allows the same domain name to exist in both private and public zones. It resolves to the correct one based on the originating request location.

What is Azure DNS?

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. In this unit, you'll learn what DNS is and how it works. You will also learn about Azure DNS, and why you would use it.

Security features

Azure DNS provides the following security features: Role-based access control, which gives you fine-grained control over users' access to Azure resources. You can monitor their usage, and control the resources and services they have access to. Activity logs, which let you track changes to a resource, and pinpoint where faults occurred. Resource locking, which gives a greater level of control to restrict or remove access to resource groups, subscriptions, or any Azure resources.

What are alias records?

Azure alias records enable a zone apex domain to reference other Azure resources from the DNS zone. You don't need to create complex redirection policies. You can also use an Azure alias to route all traffic through Traffic Manager. The Azure alias record can point to the following Azure resources: A Traffic Manager profile Azure Content Delivery Network endpoints A public IP resource A front door profile Alias records provide lifecycle tracking of target resources, ensuring that changes to any target resource are automatically applied to the DNS zone. Alias records also provide support for load-balanced applications in the zone apex.

DNS record types

Configuration information for your DNS server is stored as a file within a zone on your DNS server. Each file is called a record. The following record types are the most commonly created and used: A is the host record, and is the most common type of DNS record. It maps the domain or host name to the IP address. CNAME is a Canonical Name record that's used to create an alias from one domain name to another domain name. If you had different domain names that all accessed the same website, you would use CNAME. MX is the mail exchange record. It maps mail requests to your mail server, whether hosted on-premises or in the cloud. TXT is the text record. It's used to associate text strings with a domain name. Azure and Microsoft 365 use TXT records to verify domain ownership. Additionally, there are the following record types: Wildcards CAA (certificate authority) NS (name server) SOA (start of authority) SPF (sender policy framework) SRV (server locations)

What is DNS?

DNS, or the Domain Name System, is a protocol within the TCP/IP standard. DNS serves an essential role of translating the human-readable domain names, for example, www.wideworldimports.com, into a known IP address. IP addresses enable computers and network devices to identify and route requests between themselves. DNS uses a global directory hosted on servers around the world. Microsoft is part of that network that provides a DNS service through Azure DNS. A DNS server is also known as a DNS name server, or just a name server.

A record

Each A record requires the following details: Name: The name of the custom domain, for example webserver1. Type: In this instance, it's A. TTL: Represents the "time-to-live" as a whole unit, where 1 is one second. This value indicates how long the A record lives in a DNS cache before it expires. IP address: The IP address of the server this A record should resolve to.

IPv4 and IPv6

Every computer, server, or network-enabled device on your network has an IP address. An IP address, within your domain, is unique. There are two standards of IP address: IPv4 and IPv6.

Domain lookup requests

Here's a simplified overview of the process a DNS server uses when it resolves a domain name lookup request: Checks to see if the domain name is stored in the short-term cache. If so, the DNS server resolves the domain request. If the domain isn't in the cache, it contacts one or more DNS servers on the web to see if they have a match. When a match is found, the DNS server updates the local cache and resolves the request. If the domain isn't found after a reasonable number of DNS checks, the DNS server responds with a domain cannot be found error.

DNS server assignment

In order for a computer, server, or other network-enabled device to access web-based resources, it must reference a DNS server. When you connect by using your on-premises network, the DNS settings come from your server. When you connect by using an external location, like a hotel, the DNS settings come from the internet service provider (ISP).

Step 1: Create private DNS zone

In the Azure portal, search for private dns zones. To create the private zone, you need enter a resource group and the name of the zone. For example, the name might be something like private.wideworldimports.com.

Step 2: Identify virtual networks

Let's assume that your organization has already created your VMs and virtual networks in a production environment. Identify the virtual networks associated with VMs that need name resolution support. To link the virtual networks to the private zone, you need the virtual network names.

1. What does Azure DNS allow you to do?

Manage and host your registered domain and associated records. Azure DNS allows you to host your registered domains. You can control and configure the domain records, like A, CNAME, MX, and setup alias records.

2. What security features does Azure DNS provide?

Role-based access control, activity logs, and resource locking Azure DNS is built on Azure Resource Manager, which provides security across all resources in Azure DNS.

CNAME record

The CNAME is the canonical name, or the alias for an A record. Use CNAME when you have different domain names that all access the same website. For example, you might need a CNAME in the wideworldimports zone, if you want both www.wideworldimports.com and wideworldimports.com to resolve to the same IP address. You would create the CNAME record in the wideworldimports zone with the following information: NAME: www TTL: 600 seconds Record type: CNAME If you exposed a web function, you would create a CNAME record that resolves to the Azure function.

What is an apex domain?

The apex domain is the highest level of your domain. In our case, that's wideworldimports.com. Note that the apex domain is also sometimes referred to as the zone apex or root apex. It's often represented by the @ symbol in your DNS zone records. If you check the DNS zone for wideworldimports.com, you'll see there are two apex domain records: NS and SOA. The NS and SOA records are automatically created when you created the DNS zone. CNAME records that you might need for an Azure Traffic Manager profile or Azure Content Delivery Network endpoints aren't supported at the zone apex level. Alias records are supported at the zone apex level.

Step 5: Configure your custom DNS settings

The domain name is wideworldimports.com. When it's used in a browser, the domain resolves to your website. But what if you want to add in web servers, or load balancers? These resources need to have their own custom settings in the DNS zone, either as an A record or a CNAME.

Dynamically resolve resource name by using alias record

You have now successfully delegated the domain from the domain registrar to your Azure DNS, and configured an A record to link the domain to your web server. The next phase of the deployment is to improve resiliency by using a load balancer. Load balancers distribute inbound data requests and traffic across one or more servers. They reduce the load on any one server, and improve performance. This technology is well established, and will be used throughout your on-premises network. You know that the A record and CNAME record don't support direct connection to Azure resources like your load balancers. You've been tasked with finding out how to link the apex domain with a load balancer.

Configure Azure DNS to host your domain

The new company website is in final testing. You're working on the plan to deploy the wideworldimports.com domain by using Azure DNS. You need to understand what steps are involved. In this unit, you'll learn how to: Create and configure a DNS zone for your domain by using Azure DNS. Understand how to link your domain to an Azure DNS zone. Create and configure a private DNS zone.

Step 4: Verify delegation of domain name services

The next step is to verify that the delegated domain now points to the Azure DNS zone you created for the domain. This can take as few as 10 minutes, but might take longer. To verify the success of the domain delegation, query the start of authority (SOA) record. The SOA record was automatically created when the Azure DNS zone was set up. You can do this by using a third-party tool, like nslookup. The SOA record represents your domain and will become the reference point when other DNS servers are searching for your domain on the internet.

Step 3: Link your virtual network to a private DNS zone

To link the private DNS zone to a virtual network, you create a virtual network link. In the Azure portal, go to the private zone, and select Virtual network links.

Configure private DNS zone

To provide name resolution for virtual machines (VMs) within a virtual network and between virtual networks, create a private DNS zone.

Updates DNS record set automatically when IP addresses change

When the underlying IP address of a resource, service, or application is changed, the alias record ensures that any associated DNS records are automatically refreshed.

DNS settings for your domain

Whether the DNS server for your domain is hosted by a third party or managed in-house, you'll need to configure it for each host type you're using. Host types include web, email, or other services you're using. As the administrator for your company, you want to set up a DNS server by using Azure DNS. In this instance, the DNS server will act as a start of authority (SOA) for your domain.

Points zone apex to Azure Content Delivery Network endpoints

With alias records, you can now directly reference your Azure Content Delivery Network instance.

Step 1: Create a DNS zone in Azure

You used a third-party domain-name registrar to register the wideworldimports.com domain. The domain doesn't point to your organization's website yet. To host the domain name with Azure DNS, you first need to create a DNS zone for that domain. A DNS zone holds all the DNS entries for your domain.

IPv6

is a relatively new standard and will eventually replace IPv4. It's made up of eight groups of hexadecimal numbers, each separated by a colon. Example: fe80:11a1:ac15:e9gf:e884:edb0:ddee:fea3.

IPv4

is composed of four sets of numbers, in the range 0 to 255, each separated by a dot. Example: 127.0.0.1. Today, IPv4 is the most commonly used standard. Yet, with the increase in IoT devices, the IPv4 standard will eventually be unable to keep up.