Skip to content

Latest commit

 

History

History
79 lines (73 loc) · 3.73 KB

6.1.2. Networking - Virtual Network (VNet) - DNS & Name Resolution.md

File metadata and controls

79 lines (73 loc) · 3.73 KB

DNS & Name Resolution

Azure-provided name resolution

  • No configuration required
  • All VMs within a VNet can resolve each others' host names
  • ❗ Limitations
    • Cross-VNet name resolution
    • Issue: No custom DNS suffix
  • You can add custom DNS server IP addresses
    • E.g. in hybrid cloud if you want Azure VMs to have IP addresses from on-premises DNS server or vice versa.
    • E.g. stand up own DNS servers in VNet instead.
    • E.g. configure DNS forwarding between one DNS server in one VNet to another DNS server in another VNet

Azure DNS

  • Allows VNETs to resolve each others host names.
  • Host your public DNS domain in Azure
    • Use Azure geo-distributed name servers for high speed name resolution
    • Delegate a domain:
      1. Create a DNS Zone
      2. Copy an Azure DNS name server from the zone
      3. In the registrar's DNS management page, edit the NS records and replace the NS records with the Azure DNS name servers.
  • You manage in Portal -> DNS zone
    • Each DNS zone has
      • VNets of associated with it
      • Record-sets: IP addresses and host names of VMs
  • Create private DNS zones
    • Allows you to not route names in public DNS
    • Linked to VNets
      • Lets you avoid setting up own DNS infrastructure
    • Registration VNet
      • You create private DNS zone and registration VNet
      • Any VMs within that VNet will automatically have their names registered and DNS records created in Azure DNS
    • Resolution VNet
      • Allows you to have name resolution across VNets
      • Other VNets will be resolution VNets
      • Allows you to create records (hosts, alias) for VMs and it'll support name resolution across VNets

Hybrid Cloud

  • ❗Azure provided DNS won't work with peering.
  • A potential solution:
    • On-prem: Configure own DNS server and configure forward queries to Azure.
    • In Azure
      • Connect VNets (peer or VPN)
      • Deploy own DNS servers in VNets and configure forwarding there
    • ❗ Too much overhead
  • 💡 Use Azure DNS Private Zones instead
    • Configure Azure DNS servers specifically for private zones.
    • One network: Registration network
      • Hosts will have their names auto-registered in private zones.
    • Other networks: Resolution networks
      • You need to manually create hosts in CNAME/MX records.
    • Set-up DNS name for peered Virtual Appliance and a VNet in a Hub & Spoke topology
      • Existing VMs
        • [Host (spoke) VM] in [Host (spoke) VNet]
        • [Hub (virtual appliance, hybrid)] VM in [Hub (virtual appliance, hybrid) VNet]
      1. Create & set-up route table
        1. Create a route table -> Routes -> Add ->
          • Name: E.g. subnet1-nva
          • Address prefix: If destination IP of a packet matches this then it matches the rules. E.g. 192.168.8.0/24
          • Next hop type: Virtual network gateway, virtual network, internet, virtual appliance, none.
            • Choose [Hub (virtual appliance, hybrid) VM]
          • Set next-hop address to IP of [Hub (virtual appliance, hybrid) VM]
        2. Associate route table to related subnets
          • Route-table -> Subnets -> Associate subnet
      2. Set-up peering
        • You can ping to VNets as name resolution does not work across VNets
        • Set-up without any allow forwarded traffic, allow gateway transit, use remote gateways configuration
          • [Hub (virtual appliance, hybrid) VNet] <=> [Host (spoke) VNet]
      3. Create DNS Zone
        • In portal -> DNS zone -> Add DNS zone
        • Create private DNS zone in VA (hybrid) VNet
        • Create DNS zone
          • Register record set with IP and name of each VM
          • Register two VNets
            • Registration VNET for [Hub (virtual appliance, hybrid) VM]
            • Resolution VNET for [Host (spoke) VM]