DNS and Name Resolution

Reliable networking depends on correct name resolution. Learn Azure DNS zones, private DNS, and hybrid resolution patterns that keep traffic on intended private paths.

What Is It? (Simple Explanation)

DNS translates names to IP addresses so users and applications do not need to remember numeric addresses.

Why Do We Need It?

• Human-friendly service names.
• Seamless failover by changing DNS records.
• Private endpoint resolution inside VNets and hybrid networks.

How It Works (Technical)

Private DNS and Private Endpoints

For private endpoints, public service names should resolve to private IP addresses in your VNet. This requires private DNS zones and VNet links.

Visual Representation

Hands-on Commands

# Create private DNS zone
az network private-dns zone create -g rg-dns -n privatelink.database.windows.net

# Link zone to VNet
az network private-dns link vnet create -g rg-dns -n link-vnet-prod \
  -z privatelink.database.windows.net -v /subscriptions//resourceGroups/rg-net/providers/Microsoft.Network/virtualNetworks/vnet-prod -e false

# Create A record
az network private-dns record-set a add-record -g rg-dns -z privatelink.database.windows.net \
  -n sql-prod --ipv4-address 10.20.3.4

# Test DNS from VM
nslookup sql-prod.privatelink.database.windows.net

Real-world Use Case

A platform team moves PaaS services behind private endpoints and links private DNS zones to hub and spoke VNets, ensuring database traffic stays on private routes.

Debugging Scenario

Issue: Service resolves to public IP instead of private IP.

• Confirm private DNS zone exists and has correct record.
• Confirm VNet link is attached to the querying VNet.
• Check custom DNS forwarder rules for private zones.
• Flush DNS cache on client and retest.

Interview Questions

Summary

DNS errors often look like network outages. Proper private DNS design is critical for secure private traffic flow and reliable hybrid architectures.