Creating and Configuring Azure DNS private zone using Azure PowerShell Core

Azure Private DNS Overview

Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today. Using custom domain names helps you to tailor your virtual network architecture to best suit your organization’s needs. It provides name resolution for virtual machines (VMs) within a virtual network and between virtual networks. Additionally, you can configure zones names with a split-horizon view, which allows a private and a public DNS zone to share the name.

This blog post shows how to Configuring Azure DNS private zone using Azure PowerShell Core

Install or Update Az PowerShell Module

Starting in December 2018, the Azure PowerShell Az module is in general release and now the intended PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and cross-platform support. Az also has feature parity with AzureRM, giving you an easy migration path.

The recommended install method is to only install for the active user:

Install-Module -Name Az -AllowClobber -Scope CurrentUser

If you want to install for all users on a system, this requires administrator privileges. From an elevated PowerShell session either run as administrator or with the sudo command on macOS or Linux:

Install-Module -Name Az -AllowClobber -Scope AllUsers

Sign in

To start working with Azure PowerShell, sign in with your Azure credentials.

Connect-AzAccount

Connect to Azure with a browser sign in token

https://microsoft.com/devicelogin

Create the resource group

Create a resource group to contain the DNS zone

New-AzResourceGroup -name GITS-RG -location “West Europe”

Create a DNS private zone

The following example creates a virtual network named GITSVNet. Then it creates a DNS zone named private.gits.com in the

GITS-RG resource group, links the DNS zone to the GITSVnet virtual network, and enables automatic registration.

Install-Module -Name Az.PrivateDns -force

$backendSubnet = New-AzVirtualNetworkSubnetConfig -Name backendSubnet -AddressPrefix “192.168.0.0/24”

$vnet = New-AzVirtualNetwork `

-ResourceGroupName GITS-RG `

-Location WestEurope `

-Name GITSVNet `

-AddressPrefix 192.168.0.0/16 `

-Subnet $backendSubnet

$zone = New-AzPrivateDnsZone -Name private.gits.com -ResourceGroupName GITS-RG

$link = New-AzPrivateDnsVirtualNetworkLink -ZoneName private.gits.com `

-ResourceGroupName GITS-RG -Name “gitslink” `

-VirtualNetworkId $vnet.id -EnableRegistration

List DNS private zones

$zones = Get-AzPrivateDnsZone

$zones

Create the test virtual machines

Now, create two virtual machines so you can test your private DNS zone:

New-AzVm `

-ResourceGroupName “GITS-RG” `

-Name “Host1” `

-Location “West Europe” `

-subnetname backendSubnet `

-VirtualNetworkName “GITSVnet” `

-addressprefix 192.168.0.0/24 `

-OpenPorts 3389

New-AzVm `

-ResourceGroupName “GITS-RG” `

-Name “Host2” `

-Location “West Europe” `

-subnetname backendSubnet `

-VirtualNetworkName “GITSVnet” `

-addressprefix 192.168.0.0/24 `

-OpenPorts 3389

Create an additional DNS record

The following example creates a record with the relative name host in the DNS Zone private.gits.com, in resource group GITS-RG. The fully qualified name of the record set is host.private.gits.com. The record type is “A”, with IP address “192.168.0.4”, and the TTL is 3600 seconds.

New-AzPrivateDnsRecordSet -Name host -RecordType A -ZoneName private.gits.com `

-ResourceGroupName GITS-RG -Ttl 3600 `

-PrivateDnsRecords (New-AzPrivateDnsRecordConfig -IPv4Address “192.168.0.4”)