You’ve got a network of Azure VMs, and you want to refer to them by names like:
web1.internal.cloud dbserver.dev.local…not by private IPs like 10.1.4.25.
Here’s where Azure Private DNS Zones come in — they enable internal DNS resolution across one or more VNets, without ever exposing anything to the internet.
🧠 What Is an Azure Private DNS Zone?
A Private DNS Zone is a DNS namespace (like contoso.internal) that exists entirely within your Azure environment.
It lets you:
- Automatically resolve VM names to private IPs
- Define custom records (A, CNAME, TXT, etc.)
- Link one or more VNets to the zone
- Optionally allow auto-registration of VM hostnames
🛠️ Step-by-Step: How to Create & Configure a Private DNS Zone
✅ Step 1: Create the Private DNS Zone
- Go to Azure Portal → “Private DNS Zones”
- Click + Create
- Name your zone: e.g.,
mycompany.internal - Select the resource group and location
- Click Create
✅ Step 2: Link Virtual Network to the DNS Zone
- In the newly created zone → click Virtual Network Links
- Click + Add
- Choose:
- VNet you want to link
- Link name (just a friendly label)
- Enable auto-registration? ✅ Yes (if you want VMs to auto-register)
- Click OK
🧠 Now the VNet is “connected” to the DNS zone. All VMs in this VNet can:
- Resolve names defined in this zone
- Be resolved by others (if auto-registered)
✅ Step 3: Enable Automatic Hostname Registration (Optional)
- If auto-registration is enabled during linking, VMs deployed in that VNet automatically register their private hostname
- Example: A VM named
web1becomesweb1.mycompany.internal
- Example: A VM named
- DNS records (A records) are created automatically
- Deleting the VM removes its record too
📘 Step 4: Create DNS Records Manually (Optional)
You can also add custom records:
- A Record: maps name to private IP
- CNAME: alias for another name
- TXT, MX, PTR: for custom needs
Example:
Name: db01 Type: A IP: 10.1.2.8 FQDN: db01.mycompany.internal🔍 Step 5: Resolving the DNS from a VM
Now from any VM inside the linked VNet (or a peered VNet):
nslookup web1.mycompany.internalReturns:
Name: web1.mycompany.internal Address: 10.1.4.25✅ Resolution is done via Azure’s internal DNS resolver — no internet required.
🧠 Bonus Tips for IP Address Resolution
- Only VMs in linked VNets can resolve the zone
- To resolve across VNets, they must either:
- Be linked to the same zone
- Or be peered to a VNet that’s linked
- Use 168.63.129.16 as the default DNS IP in Azure — it automatically understands private zones
- Don’t override DNS in NIC settings unless you’re using a custom DNS server
🔐 Security Note
- Private DNS zones are completely internal to Azure — they don’t touch public DNS
- Great for internal microservices, DB references, hybrid identity, or anything requiring name resolution without exposing data
🧠 AZ-104 Nuggets
- ✅ Private DNS Zones = internal name resolution
- ✅ Must be linked to a VNet
- ✅ Auto-registration = optional, but makes hostname management easy
- ✅ DNS records can be created manually or automatically
- ✅ Works across peered VNets if zone is linked properly
🏁 TL;DR – Azure Private DNS Setup
| Step | Action |
|---|---|
| 1 | Create Private DNS Zone (e.g., corp.internal) |
| 2 | Link VNet to zone (enable auto-registration if needed) |
| 3 | Let VMs auto-register, or create records manually |
| 4 | Resolve using internal DNS (168.63.129.16) |
| 5 | Test with nslookup or ping FQDN |
“Azure Private DNS is the internal phonebook your VMs always wanted — clean, automatic, and offline.”
Until your next name resolution adventure,
Cya & keep resolving smart 🚀
BrontoWise 
Leave a comment