Hello. And thanks for joining me again for Cyber Aires. Microsoft Azure Administrator A Z 103 course.
I'm your instructor, Will Carlson. And this is Episode 38 Azure D. N s.
In today's episode, we're gonna talk about a whole host of topics regarding D. N s here in Azure. The first thing we're gonna do is set up a custom domain name. We're also gonna go through and set up some public D. N s here in Azure as well and then
at a record set to that zone and discuss delegation so we can use as your d n s for any of our public needs.
And we're also finally, thanks to a preview version of Azure private D. N s, we're gonna be able to set up private D. N s as well.
The first thing we're gonna do today is get into portal and set up a custom domain name
and to create a custom domain name here in Azure, we're gonna go down for the first time in tow. Azure active directory. Now we will have a module or a series of episodes all about Azure active directory. But for now, just know that this is where we're gonna go to create a custom domain.
We're gonna click into the active at Azure Active Directory blade and then come down to custom domain names.
And you can see this, William. We'll see about that dot on Microsoft dot com domain.
That's going to be the domain that was created for me. You will have one very similar. It's gonna be whatever email address you used, minus the at symbol and the dot com dot net at the end, all mashed up with the domain on Microsoft dot com. And that is going to be the tenant u R l
for your azure account.
You can see here that I've also gone ahead, and I've already associated accustomed domain with this account as well. But toe add a custom domain. You click on add custom domain here in the blade, and you put in the custom domain that you would like to use.
Once you learn that in, you can select add domain.
Now, this is gonna bring you to the phase where you have to verify ownership of the domain that you just entered in because this is going to allow some public features. You cannot register in azure of domain name. You do not own
the way Azure enforces. That is by requiring you to validate or verify the domain that you entered in.
You can do that by entering in a T X T or an MX record into your D. N s hosting provider. One thing to keep in mind is that it will take a little bit of time for these T, X, T and DMX records to propagate through the D. N s system. Depending on who your DNA's provider is, sometimes it's much faster than that. I've seen it take up to
the 48 hours as well.
Once you've played this information into your registrar,
you can go ahead, wait a little while and then come back and hit. Verify? Do know that you can hit. Verify as many times as you would like to. There's no penalty. And once these records propagate through and Microsoft is able to validate these records in your registrar,
you click verify, and that will give you the ability to use custom domains here within azure. There are a number of places that you'll see this show up, but one good example would be in a previous storage video that we had.
You were able to select both the really long You are l that had the storage account I d and we were also able to select the We'll see about that dot address as well. Moving on now to public d. N s here in Azure. We're gonna go up to create a resource
moving on from custom domain names. We're gonna talk about D. N s here in Azure as well. And right now we're talking about
We're gonna go up here and select create resource, and we're gonna search for D. N s.
We'll select Deanna's Zone and then we're gonna go ahead and select, create, as with many of the configuration steps here in Portal that we've gone through, will select a subscription and resource group, and then we get to name the D. N s zone.
Now it's important here that the name for the instance is a complete and functional domain name, so you'll have to have the first part dot com dot net dot or ge
in any of the features after the end. If we go ahead and remove that here. You'll see that it's requiring two labels, as Azure wants to call it. So soon as I put the dot com back in,
I can go ahead and select review and create
wants validation passes. I can go ahead and create that resource. Once a resource finishes deploying, I can click to go to the resource,
and that's all there is to creating a d n a zone here in azure. Now, this zone doesn't do us a whole lot of good until we begin to put records here into the zone.
Before we do that, I want to call your attention here to the name servers up here in the top. And these names servers are gonna be what we would use to allow d. N s delegation.
So we would take these name servers and plug them into the registrar of our domain name. And that would point any resolution of rul or of our domain name to these names servers. So, again, this just drives home the point that what we have set up here is public D N s here in azure.
No, we're gonna go up and add some records to this d N s zone by clicking records set. And this is where we can add sub domains four hour D. N s records, for example. We could go ahead and put a W W W in here.
We could change the timeto live to be whatever unit we wanted it to be. And then we can come in here and set an I P address either public or private.
For the record that we wanted to create. You'll notice that when we create the record, we have a whole host of options of record types. B I p b six records, see name are gonna be a liest records mx our mail records all the way through to pointer records for reverse lookup.
And that's how we set up public D. N s here in the azure environment and add records to that
D N s. Now a service that is in preview, currently here in the azure environment that is featured on the A Z 103 exam for the exam outline is going to be private D. N s.
Not to create a private D. N s. We're gonna go ahead and select, create a resource
and create a private DNA zone. Now, you may be wondering why in the world we would want to set up a private DNA zone, and the answer to that is really quite simple. So let's say, for example, that we wanted to use D. N S on Lee internal to our organization and that D. N s was not gonna be accessible for security reasons and a whole host of other reasons
it was not gonna be accessible to the public
private D. N S is how we would do that.
Previously here in the azure environment, when customers needed to get that done, you would simply have to roll your own private D N S B that through a window's environment or on a virtual machine on a Lennox box,
no matter how you did it, your options in azure used to be when you wanted private D. N s. You would have to create and roll your own virtual machine running your own D. N s server.
Now Azure is allowing that functionality out of the box as an azure resource
to deploy that, as with most things again, will select our subscription.
We'll select our resource group
and we'll name this instance and you'll see here that is going to require a to label name as well.
Now we're going to review and create this resource
past validation so I can go ahead and create it. Now that our deployment is finished, we can go ahead and go to that resource, and this should look very similar. This looks almost identical to the public D and S zone that we just set up all the way down to adding record sets.
Now, one thing that is going to be different here than our public DNA's is our ability to link our private D. N s to certain virtual networks here in Azure. Now
you'll notice that we created this private D. N s in a resource group, and all we've done with many other of our resource is is just created. We have no associations or connections here to this resource. And one way to make some connections here and allow communication from our virtual networks into this
is to come here to settings, click on virtual network links
We'll name this link and then we'll select the virtual network that we would like to connect in via this link, have selected the IittIe Resource Group Virtual Network here. And I also have the option under configuration to enable auto registration. And what this does is that any resource is created in the I T resource group
will be automatically registered within my private DNA zone,
similar to the way resource is due in a domain controller environment On your on premise set up,
I can select. Okay, here
and now we can see that I've linked my I T resource group here into the private DNA zone that I just created. In today's episode, we covered a number of functions here of D. N s in the azure environment all the way from setting a public, D. N s and azure to creating a custom domain that we can use an azure and how to verify that domain.
We also enabled a private Deanna's zone and connected that with a virtual network as well.
Coming up next, we're going to segue way back into some discussion about security and relation to networking because we definitely know we don't want to leave everything as wide open as we have up to this point. Thanks for joining me today, and I'm looking forward to the next episode about network security groups.