Azure DNS and Domain Management

# CHAPTER 8

Azure DNS and Domain Management #

1. Introduction #

Your highly available web application is running perfectly behind an Azure Load Balancer, but currently, your customers have to type a clunky IP address (like 20.120.45.67) into their browser to reach it. To make your application accessible to humans, you must map that IP address to a memorable domain name (like mycompany.com). In this chapter, we will demystify the Domain Name System (DNS) and utilize Azure DNS—Microsoft's highly resilient, ultra-fast DNS hosting service—to connect the world to our infrastructure.

2. Learning Objectives #

By the end of this chapter, you will be able to:

• Define the function of the Domain Name System (DNS).

• Understand the purpose of a DNS Zone.

• Differentiate between core DNS Records: A, CNAME, and TXT.

• Create an Azure DNS Zone.

• Map a custom domain to an Azure Load Balancer or VM IP address.

3. Beginner-Friendly Explanation #

Imagine the Contacts app on your smartphone.

• The IP Address (The Phone Number): Computers only talk in numbers (20.120.45.67). But you cannot memorize 500 different 10-digit phone numbers.

• The Domain Name (The Contact Name): You memorize "Mom" or "Pizza Shop" (microsoft.com or amazon.com).

• Azure DNS (The Contacts App): When you tap "Mom" in your phone, the Contacts app instantly looks up the hidden phone number and dials it for you. Azure DNS is the massive address book of the internet. When a user types mycompany.com, Azure DNS translates it into 20.120.45.67 and routes the traffic to your server.

4. DNS Zones #

In Azure DNS, a DNS Zone is the container that holds all the routing rules (records) for a specific domain. If you buy the domain example.com, you create a DNS Zone named example.com. Inside that zone, you write the rules for where www.example.com and api.example.com should route.

5. Core DNS Records #

Inside your DNS Zone, you will create specific "Records" to route traffic:

1. 1. A Record (Address Record): The most common. Maps a domain name directly to an IPv4 address. (e.g., example.com -> 20.120.45.67).

1. 2. CNAME Record (Canonical Name): Maps a domain name to *another domain name*, not an IP. (e.g., www.example.com -> routes to -> example.com).

1. 3. TXT Record (Text Record): Used to prove you own the domain. When setting up Office 365 or verifying domain ownership for SSL certificates, you paste a random string of text into a TXT record.

6. The Domain Registrar vs. Azure DNS #

This is a critical distinction for beginners:

• Domain Registrar (e.g., GoDaddy, Namecheap): Where you *purchase* the rights to the name mycompany.com for $12 a year.

• Azure DNS: Where you *manage* the traffic routing for that name using Microsoft's global network.

*The Handshake:* To connect the two, you must log into GoDaddy and change the "Name Servers" to point to Microsoft's Name Servers (e.g., ns1-01.azure-dns.com). This tells GoDaddy: "Let Microsoft handle the traffic routing from now on."

7. Mini Project: Connect a Custom Domain #

Let's route a domain to an Azure Public IP.

Step-by-Step Tutorial: *(Assumption: You have purchased a domain name from a Registrar).*

1. 1. In the Azure Portal, search for DNS zones.

1. 2. Click + Create.

1. 3. Resource group: rg-networking-demo.

1. 4. Name: Type your exact domain (e.g., mycompany.com). Click Review + create, then Create.

1. 5. Click into your new DNS Zone. You will see an NS (Name Server) record already created. It lists 4 Microsoft Azure domains.

1. 6. The Handshake: Log into your Domain Registrar (GoDaddy/Namecheap). Find "Custom DNS" or "Name Servers". Paste the 4 Microsoft NS addresses there.

1. 7. Go back to Azure DNS. Click + Record set at the top.

1. 8. Name: Leave blank (or type @ to route the root domain).

1. 9. Type: A.

1. 10. IP address: Paste the Public IP address of your VM or Load Balancer. Click OK.

1. 11. Click + Record set again.

1. 12. Name: Type www.

1. 13. Type: CNAME.

1. 14. Alias: Type mycompany.com. Click OK.

1. 15. *The Result:* Within a few minutes (DNS propagation), anyone typing mycompany.com or www.mycompany.com in their browser will successfully reach your Azure architecture!

8. Real-World Scenarios #

A company relies heavily on their website. If their DNS goes offline, the entire company effectively disappears from the internet, even if their servers are running perfectly! By utilizing Azure DNS, they leverage the exact same massive, globally distributed infrastructure that hosts xbox.com and office.com. Azure DNS guarantees a 100% SLA (Service Level Agreement), meaning Microsoft promises it will literally never go offline.

9. Best Practices #

• Private DNS Zones: Azure DNS isn't just for public websites. You can create Private DNS Zones that only exist *inside* your VNet. Instead of your backend servers talking to each other via internal IP addresses (10.0.1.5), you create a private zone so they can securely communicate using database.internal.mycompany—a name completely invisible to the outside world.

10. Common Mistakes #

• DNS Propagation Panic: Beginners change a DNS record and immediately refresh their browser. When the old website loads, they panic and change the settings again. DNS changes take time to propagate across the globe's internet service providers (from 5 minutes to 24 hours). Be patient, and use tools like whatsmydns.net to verify global propagation before making drastic changes.

11. Exercises #

1. 1. What is the fundamental difference between an A Record and a CNAME Record?

1. 2. Why is a Name Server (NS) update required at your Domain Registrar to utilize Azure DNS?

12. FAQs #

Q: Why should I pay for Azure DNS when GoDaddy gives me free DNS management? A: Basic registrars often have slow DNS resolution and are vulnerable to DDoS attacks. Azure DNS utilizes an Anycast network, offering sub-millisecond global resolution times, infinite scalability, programmable APIs (for automation like Terraform), and Microsoft-grade security protection.

13. Interview Questions #

• Q: Explain the necessity of the Domain Name System (DNS) in web architecture. Detail the roles of the Registrar, the Name Server, and the A Record in resolving a user's web request.

• Q: Contrast the architectural use cases of a Public DNS Zone versus a Private DNS Zone within Azure. How do Private Zones enhance internal microservice security?

14. Summary #

In Chapter 8, we bridged the gap between machine addresses and human readability. We demystified the Domain Name System, establishing Azure DNS as our highly resilient global address book. We explored the core routing mechanisms—A Records, CNAMEs, and TXT Records—and successfully executed the "Handshake" required to transfer routing authority from a third-party Registrar directly into our Azure environment, completing the public-facing architecture of our applications.

15. Next Chapter Recommendation #

Virtual Machines are powerful, but managing Linux or Windows OS updates is a hassle. What if we just want to upload our code and let Azure handle the servers? Proceed to Chapter 9: Azure App Service.