Azure DNS Cheat Sheet

• Enables you to host your DNS zone and manage your DNS records.
• DNS zone allows you to configure a private and public DNS zone.
• Alias recordsets:
  • A – maps the host to IPv4.
  • AAAA – maps the host to IPv6.
  • CNAME – create a record to point to another domain.
• A limit of 20 alias record sets per resource.
• Uses Anycast networking to route users to the closest name servers.

• You can monitor your DNS zone metrics using Azure Monitor.
  • QueryVolume – query traffic received.
  • RecordSetCount – the number of recordsets in your DNS.
  • RecordSetCapacityUtilization – percentage of utilization of your recordset capacity.
• Azure Private DNS allows you to use your custom domain name in your private VNet.
• Alias record allows you to point your naked domain or apex to a traffic manager or CDN endpoint.
• DNS Security Policy with Threat Intelligence (GA): This is a major security update. It allows you to filter DNS queries at the virtual network level to block or alert on known malicious domains (like phishing sites) using Microsoft’s managed threat intelligence feed.
• DNS Security Extensions (DNSSEC) for Public Zones (GA): Adds cryptographic signing to your DNS records to protect them from spoofing and cache poisoning attacks, ensuring DNS responses are authentic.
• Azure DNS Private Resolver (GA): This is a crucial new component for hybrid scenarios. It enables reliable, bi-directional DNS query resolution between your Azure Virtual Networks and on-premises networks or other clouds, without using custom DNS servers.

Private DNS

• Allows you to manage and resolve domain names in a virtual network.
• Configure a split-horizon DNS to create zones with the same name.
• It also supports all types of DNS records types: A, AAAA, CNAME, MX, PTR, SOA, SRV, and TXT.
• A virtual network can be linked to only one private zone. But you can link multiple virtual networks to a single DNS zone.
• Private IP space in the linked virtual network allows reverse DNS.
• Internet resolution for Azure Private DNS zones (Preview): This feature improves hybrid resolution by allowing a Private DNS zone to forward unresolved queries to the public internet.

Azure DNS Security

• To prevent accidental zone deletion, you can apply a ‘CanNotDelete’ lock.
• Create a custom role to ensure it doesn’t have a zone delete permission.
• You can deploy a DNS firewall to mitigate DNS-related security issues. You can deploy a DNS firewall using the managed DNS Security Policy to filter malicious traffic, or use DNSSEC to cryptographically sign your zones

Azure DNS Pricing

• Billed on the number of hosted DNS zones.
• You are charged based on the number of DNS queries received.

Validate Your Knowledge

Question 1

Question Type: Single choice

You have an Azure subscription that contains an Azure DNS zone named tutorialsdojo.com.

There is a requirement to delegate a subdomain named portal.tutorialsdojo.com to another Azure DNS zone.

What solution would satisfy the requirement?

1. Navigate to tutorialsdojo.com and add a PTR record named portal.
2. Navigate to tutorialsdojo.com and add an NS record named portal.
3. Navigate to tutorialsdojo.com and add a CNAME record named portal.
4. Navigate to tutorialsdojo.com and add a TXT record named portal.

For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Azure DNS Cheat Sheet Resources:

https://azure.microsoft.com/en-us/services/dns/
https://docs.microsoft.com/en-us/azure/dns/dns-overview