When we create Azure PostgreSQL, we have seen there is one of the mandatory key resource cannot Azure Private DNS. In that we couldn’t cover very much depth about Private DNS, in this section lets discuss in detail with other related details. Before that we may recommend to check what is DNS and how that works on What is DNS and How it works – Domain Name System (foxutech.com)
Before we see about Azure private DNS, lets understand how it was handled before, so that will help us to understand how this service helps and solves our problem.
Earlier in Azure, or still we have the solutions like setting up own custom DNS solution, like running BIND on Linux VMs, like below. This solution has lot of drawback and main reason could be maintaining the VM, like patching, monitoring etc. If there is any issue this may affect complete service down.
Why this Private DNS important, as growing organizations cloud adaptation not all the components expose the service to public. They have their own limit and restrictions. In this case, Private DNS should be only option to handle all the internal services, components etc. Hope this gave some hints why we are using private DNS, let’s see in detail what is Azure Private DNS and benefits and how to use it.
Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today.
Please note: The records contained in a private DNS zone aren’t resolvable from the Internet. DNS resolution against a private DNS zone works only from virtual networks that are linked to it.
Benefits:
- Available in all Azure regions
- Supports common DNS record types, i.e. A, MX, PTR etc.
- Shared hostname resolution across VNETs
- Automatic registration of virtual machines
- Removes the need for custom DNS solutions. As many customers needs to create custom DNS solutions to manage DNS zones earlier in their virtual network.
Options:
Before checking how to create private DNS, let’s check how virtual network associated with private DNS zone,
- Registration network
- Resolution network
Registration Network
A virtual network can be configured as a registration network against a specific DNS zone. Once registered, any virtual machines within that virtual network will automatically register their hostname with the private DNS zone.
For example, consider a private DNS zone, tech.foxinternal, that has a VNET configured as a registration network against it. A VM residing within that VNET with a hostname of “host1” and IP address of 10.1.0.4 will register the following A record within DNS.
Bear in mind that a registration network also acts as a resolution network. Therefore, any services within that VNET can resolve hostnames in the private DNS zone.
If you don’t have a requirement to automatically register VM’s then a resolution network (see below) may be more suitable.
Resolution Network
A virtual network configured as a resolution network behaves slightly differently. Virtual machines won’t automatically register themselves in DNS, but all services within that network can still resolve hostnames in the private DNS zone.
One of the benefits of resolution networks is that a single DNS zone can have multiple resolution networks registered against it. This allows multiple VNET’s to share a common DNS zone. This is ideal for where an application environment is split across several VNET’s.
Limitations:
There are a few limitations with Azure Private DNS. Refer the official page for more details here,
- Only one registration virtual network is allowed per private zone, same time multiple resolution networks are allowed per zone.
- A virtual network can only be linked to one private zone as a registration network, where resolution network can be linked to multiple zones.
- Virtual networks must be registered with Azure DNS before any services are deployed.
Please be note the last one, as this may impact your existing services if you are trying to enable for existing infrastructure.
Another advantage here is no need create induvial DNS zone for each domain and subdomains. Instead, you can create one domain and you can add the environments as shown below.
- App1.dev.tech.foxinternal 10.1.0.4
- App1.test.tech.foxinternal 10.1.0.5
- App1.stage.tech.foxinternal 10.1.0.6
This is useful if you want to manage multiple environments under a single DNS zone that contain same hostname.
The other thing to highlight is that it’s possible to have both a single registration network and multiple resolution networks associated with a single DNS zone. This is potentially useful in a hub and spoke architecture where VM’s in the hub network auto-register but clients in the spoke networks are manually registered.
Create Azure Private DNS via Terraform
Replace all the files in var.NAME with your variable or enter the variables in variables.tf file.
provider "azurerm" {
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
features {}
}
resource "azurerm_resource_group" "foxdns" {
name = "foxprivatedns"
location = "east us"
}
resource "azurerm_private_dns_zone" "default" {
name = "tech.foxinternal"
resource_group_name = azurerm_resource_group.foxdns.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "default" {
name = "vnetlink"
private_dns_zone_name = azurerm_private_dns_zone.default.name
virtual_network_id = azurerm_virtual_network.foxdns.id
resource_group_name = azurerm_resource_group.foxdns.name
}
More details can be find in below URL: