HomeAzure NetworkingAzure DNS
Last updated: May 2026
Azure Networking Beginner AZ-104 ⏱ 12 min read

Azure DNS

Azure DNS is a hosting service for DNS domains — providing name resolution using Microsoft Azure infrastructure. By hosting your DNS zones in Azure, you manage all your DNS records using the same credentials and billing as your other Azure resources. Azure DNS also provides Private DNS Zones for internal name resolution within VNets — so VMs can resolve each other by name without external DNS.

What you'll learn Public DNS zones — hosting your domains · DNS record types (A, AAAA, CNAME, MX, TXT, NS, SOA) · Alias records · Private DNS zones · Auto-registration of VMs · Linking Private DNS zones to VNets · Azure-provided DNS vs custom DNS · Creating zones and records via CLI
Table of Contents
  1. Public DNS Zones
  2. DNS Record Types
  3. Alias Records
  4. Private DNS Zones
  5. Auto-Registration of VMs
  6. DNS Resolution in VNets
  7. Creating Zones and Records
  8. Practice Questions

Public DNS Zones

A DNS zone holds the DNS records for a domain. Azure DNS hosts your public DNS zones — managing records for your domain (like contoso.com). Azure DNS uses a global anycast network, providing high availability and fast name resolution from anywhere.

ℹ️
Azure DNS is not a Domain Registrar Azure DNS hosts DNS zones but cannot purchase domain names. Buy your domain from a registrar (GoDaddy, Namecheap, Google Domains) and then delegate DNS management to Azure by updating the registrar's nameservers to point to Azure DNS nameservers.

Delegating to Azure DNS

  1. Create a DNS zone in Azure for your domain (e.g., contoso.com)
  2. Azure assigns 4 nameservers (e.g., ns1-01.azure-dns.com)
  3. Log in to your domain registrar and change the NS records to point to these 4 Azure DNS nameservers
  4. All DNS lookups for contoso.com now resolve via Azure DNS

DNS Record Types

Record TypePurposeExample
AMaps hostname to IPv4 addresswww → 1.2.3.4
AAAAMaps hostname to IPv6 addresswww → 2001:db8::1
CNAMEAlias — maps hostname to another hostnameblog → mysite.azurewebsites.net
MXMail exchange — routes email@ → mail.contoso.com (priority 10)
TXTText record — domain verification, SPF@ → "v=spf1 include:..."
NSNameserver records (auto-created)@ → ns1-01.azure-dns.com
SOAStart of Authority (auto-created)Zone metadata
PTRReverse DNS — maps IP to hostname4.3.2.1.in-addr.arpa → www.contoso.com
SRVService location record_sip._tcp → sip.contoso.com:5061
⚠️
CNAME at Zone Apex is Not Allowed You cannot create a CNAME record at the zone apex (root domain, e.g., contoso.com). The zone apex must have NS and SOA records. For root domain aliasing, use an Alias record instead.

Alias Records

Azure DNS Alias records are an extension of standard DNS records. They allow an A, AAAA, or CNAME record to directly reference an Azure resource — and automatically update when the resource's IP changes.

Target ResourceUse Case
Azure Public IP addressPoint root domain to a dynamic public IP
Azure Traffic Manager profilePoint root domain to Traffic Manager
Azure Front Door profilePoint root domain to Front Door
Azure CDN endpointPoint root domain to CDN
💡
Alias Records Solve the Zone Apex Problem You can't use a CNAME at contoso.com (zone apex). But you can use an Alias A record at the apex — pointing to Traffic Manager or Front Door. This is the correct way to map a root domain to a load balancer or CDN.

Private DNS Zones

Private DNS Zones enable name resolution for resources within Azure VNets — using your own domain names (like internal.contoso.com) that are only resolvable from within the VNet.

Key Differences from Public Zones

Public DNS ZonePrivate DNS Zone
Resolvable fromThe entire internetOnly linked VNets
Use casePublic websites and servicesInternal VM communication
Auto-registrationNoYes — auto-registers VMs
Linked toNothing (global)Specific VNets

Auto-Registration of VMs

When you link a Private DNS Zone to a VNet with auto-registration enabled, Azure automatically creates DNS A records for all VMs in that VNet. When a VM is created, its hostname is registered. When deleted, the record is removed. VMs can then resolve each other by name (e.g., vm1.internal.contoso.com).

ℹ️
Auto-Registration Limits A VNet can only have auto-registration enabled for one Private DNS Zone. You can link a VNet to multiple zones, but only one can have auto-registration.

DNS Resolution in VNets

Three options for DNS in Azure VNets:

  • Azure-provided DNS (168.63.129.16) — Default. Resolves Azure internal names and internet names. No configuration needed.
  • Azure Private DNS Zones — Custom domain names within VNets. Link zones to VNets for resolution.
  • Custom DNS servers — Your own DNS servers (on-premises AD, custom resolvers). Configure at VNet level.

Creating Zones and Records

Azure CLICreate public DNS zone and records
# Create a public DNS zone
az network dns zone create \
  --resource-group myRG \
  --name contoso.com

# Create an A record
az network dns record-set a add-record \
  --resource-group myRG \
  --zone-name contoso.com \
  --record-set-name www \
  --ipv4-address 1.2.3.4

# Create a CNAME record
az network dns record-set cname set-record \
  --resource-group myRG \
  --zone-name contoso.com \
  --record-set-name blog \
  --cname myblog.azurewebsites.net
Azure CLICreate Private DNS zone and link to VNet
# Create private DNS zone
az network private-dns zone create \
  --resource-group myRG \
  --name internal.contoso.com

# Link to VNet with auto-registration
az network private-dns link vnet create \
  --resource-group myRG \
  --zone-name internal.contoso.com \
  --name myVNetLink \
  --virtual-network myVNet \
  --registration-enabled true
💡
AZ-104 Exam Tip Know that Azure DNS can't register domains — only host zones. Know alias records solve zone apex CNAME limitations. Know private DNS zones are linked to VNets for internal resolution. Know that auto-registration automatically creates DNS records for VMs.
📝 Practice Questions
Click an option to check your answer.
Q1. A company wants to map their root domain (contoso.com) to an Azure Traffic Manager profile. What DNS record type should they use?
A — CNAME record
B — A record pointing to the Traffic Manager IP
C — Alias record pointing to the Traffic Manager profile
D — MX record
Q2. What is the purpose of Azure Private DNS Zones?
A — To protect public DNS zones from internet access
B — To enable custom domain name resolution within Azure VNets (not visible on the internet)
C — To register domain names without needing a domain registrar
D — To cache DNS queries for faster resolution
Q3. When auto-registration is enabled on a Private DNS Zone link, what happens automatically?
A — Public DNS records are created for all VMs
B — DNS A records for all VMs in the VNet are automatically created and maintained
C — NSG rules are automatically created for all VMs
D — Static IP addresses are automatically assigned to all VMs
Q4. What DNS record type maps a hostname to an IPv4 address?
A — A record
B — CNAME record
C — MX record
D — TXT record
Q5. Can Azure DNS purchase and register domain names (like contoso.com)?
A — Yes — Azure DNS is a full domain registrar
B — No — Azure DNS only hosts zones; you must buy the domain from a registrar
C — Only for .com domains
D — Only with Enterprise Agreement subscriptions
Related Topics
Azure NetworkingVirtual Networks (VNet) Azure NetworkingAzure Traffic Manager Azure NetworkingAzure Private Endpoints
← PreviousVNet Peering
Comments
Disclaimer: RedKite Cloud is an independent educational resource and is not affiliated with Microsoft Corporation.