|

AZ-104 Azure DNS Explained: Zones, Records, 168.63.129.16, and Private DNS Auto-Registration

ByTechieGeek

Study Guide: Azure DNS (AZ-104 Networking Fundamentals)

1) What DNS is

DNS (Domain Name System) is the “phonebook” of the internet and private networks.

  • Humans prefer names like app.contoso.com
  • Computers route using IP addresses like 10.0.0.5 or 20.x.x.x
  • DNS translates name → IP (and sometimes IP → name)

FQDN (Fully Qualified Domain Name) is the complete name, for example:
www.mydemystify.com

2) DNS hierarchy (how the internet resolves names)

DNS runs in a hierarchy:

  1. Root (.)
  2. TLD (Top-Level Domain) like .com, .net
  3. Authoritative DNS for the domain (where your zone lives)

When a user queries www.contoso.com, the resolver typically:

  • Contacts Root to find who handles .com
  • Contacts the .com servers to find who handles contoso.com
  • Contacts the authoritative DNS for contoso.com to get the record for www

3) Domain registrars vs DNS hosting

A domain registrar is where you buy/manage the domain name (examples: GoDaddy, Namecheap).

Azure DNS is a DNS hosting service, not a registrar.

Key point for exams

  • You cannot buy domains from Azure DNS.
  • You buy the domain from a registrar, then point the domain’s name servers to Azure DNS.

4) Azure DNS record basics

A DNS zone is a container for records for a domain (like contoso.com).

Common record types you’ll see:

  • A: name → IPv4 address
  • AAAA: name → IPv6 address
  • CNAME: alias name → another name
  • TXT: verification, SPF, etc.
  • MX: mail routing

5) Public DNS zones vs Private DNS zones

Public DNS zone

Use when the internet needs to resolve your names.

  • Example: www.contoso.com should resolve publicly.

Typical flow

  • Create Public DNS zone in Azure
  • Azure gives you name servers
  • Update the registrar to use Azure DNS name servers
  • Create record sets (A/CNAME/etc.)

Private DNS zone

Use when you want internal name resolution inside Azure VNets (and possibly hybrid networks).

  • Example: sql.internal.contoso.com resolves only inside your network.

Key setup

  • Create Private DNS zone
  • Link it to a Virtual Network
  • Optionally enable auto-registration (VM hostnames auto-create DNS records in the private zone)

6) Split-horizon (same name, different answers)

A common design is to have:

  • A Public zone for contoso.com (public answers)
  • A Private zone for contoso.com (private answers)

This is often referred to as split-horizon DNS:

  • Internal clients (in linked VNets) resolve the private zone
  • External clients resolve the public zone

7) The Azure DNS “special IP”: 168.63.129.16

In many Azure VM configurations you’ll see DNS server 168.63.129.16 in ipconfig /all.

This is a platform virtual IP used by Azure for services like:

  • DNS resolution (Azure-provided DNS)
  • DHCP-related platform functions

Exam take: Don’t block it casually. It can break core VM networking behaviors.

8) Custom domain for a website (high-level Azure steps)

If you want to use a custom domain (example: www.contoso.com) with an Azure-hosted app:

  1. Create a Public DNS zone in Azure.
  2. Add the needed record(s):
    • Often CNAME www → your Azure endpoint
    • Or A/ALIAS to an Azure public IP / supported Azure resource target
  3. Verify domain ownership if required (often via TXT record).
  4. Bind the custom domain in the service (App Service, Front Door, etc.).

Practice Questions (with Answers and Explanations)

Questions

  1. (MCQ) What is the primary purpose of DNS?
    A. Encrypt traffic between clients and servers
    B. Translate domain names into IP addresses
    C. Block inbound traffic by default
    D. Assign IP addresses to VMs
  2. (Short answer) What does FQDN stand for, and give an example.
  3. (MCQ) Which order best represents the public DNS hierarchy resolution path?
    A. TLD → Root → Domain
    B. Root → TLD → Domain authoritative DNS
    C. Domain → Root → TLD
    D. Root → Domain → TLD
  4. (True/False) You can purchase a domain name directly from Azure DNS.
  5. (Scenario) You bought contoso.com from Namecheap and created a public DNS zone in Azure DNS. What must you change at the registrar to make Azure DNS authoritative?
  6. (MCQ) What is a DNS Zone?
    A. A firewall policy
    B. A container that holds DNS records for a domain
    C. A VPN tunnel configuration
    D. A subnet routing table
  7. (MCQ) Which record type maps a hostname to an IPv4 address?
    A. CNAME
    B. A
    C. MX
    D. TXT
  8. (MCQ) Which record type is best for pointing www.contoso.com to another hostname like contoso.azurewebsites.net?
    A. A
    B. TXT
    C. CNAME
    D. MX
  9. (Short answer) When do you use a Public DNS zone vs a Private DNS zone?
  10. (True/False) Private DNS zones can be linked to VNets for internal name resolution.
  11. (Scenario) You create a Private DNS zone internal.contoso.com but VMs in your VNet cannot resolve names in it. What is the most likely missing step?
  12. (MCQ) “Split-horizon DNS” usually means:
    A. Two subnets with different route tables
    B. Same DNS name returns different answers depending on where the query originates
    C. DNS only works over ExpressRoute
    D. DNS is replaced by IPAM
  13. (Scenario) You want VM host records to be created automatically in a Private DNS zone when VMs are created. What should you enable?
  14. (Short answer) What is the significance of 168.63.129.16 on Azure VMs?
  15. (Calculation) A DNS record TTL is set to 3600 seconds. How many minutes is that?
  16. (Scenario) You need contoso.com to resolve publicly to a public endpoint, but inside Azure you want contoso.com to resolve to private IPs. What DNS zone design supports this?

Answers + Explanations

  1. B. DNS resolves names to IP addresses.
  2. Fully Qualified Domain Name, example: www.contoso.com.
  3. B. Root → TLD → authoritative DNS for the domain.
  4. False. Azure DNS hosts zones but does not sell domains.
  5. Update Name Server (NS) settings at the registrar to the Azure DNS name servers for the zone.
  6. B. A zone holds record sets for a domain.
  7. B. A records map name → IPv4.
  8. C. CNAME maps name → another name.
  9. Public for internet resolution, Private for internal resolution within VNets (and linked networks).
  10. True. That’s how private name resolution is enabled for VNets.
  11. Link the Private DNS zone to the Virtual Network (Virtual network link).
  12. B. Same name, different answers depending on internal vs external.
  13. Enable auto-registration on the Private DNS zone’s VNet link.
  14. It’s an Azure platform virtual IP commonly used for Azure-provided DNS and platform networking functions.
  15. 3600 seconds ÷ 60 = 60 minutes.
  16. Use split-horizon: create both a Public and a Private DNS zone for the same domain name, and link the private zone to the VNet.

 

LinkedInCopyPinterestRedditTelegramChatGPTSMS

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *