Creating and Configuring Azure DNS private zone using Azure PowerShell Core

Azure Private DNS Overview

Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today. Using custom domain names helps you to tailor your virtual network architecture to best suit your organization’s needs. It provides name resolution for virtual machines (VMs) within a virtual network and between virtual networks. Additionally, you can configure zones names with a split-horizon view, which allows a private and a public DNS zone to share the name.

This blog post shows how to Configuring Azure DNS private zone using Azure PowerShell Core

Install or Update Az PowerShell Module

Starting in December 2018, the Azure PowerShell Az module is in general release and now the intended PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and cross-platform support. Az also has feature parity with AzureRM, giving you an easy migration path.

The recommended install method is to only install for the active user:

 Install-Module -Name Az -AllowClobber -Scope CurrentUser

If you want to install for all users on a system, this requires administrator privileges. From an elevated PowerShell session either run as administrator or with the sudo command on macOS or Linux:

 Install-Module -Name Az -AllowClobber -Scope AllUsers

Sign in

To start working with Azure PowerShell, sign in with your Azure credentials.


Connect to Azure with a browser sign in token

Create the resource group

Create a resource group to contain the DNS zone

 New-AzResourceGroup -name GITS-RG -location “West Europe”

Create a DNS private zone

The following example creates a virtual network named GITSVNet. Then it creates a DNS zone named in the

GITS-RG resource group, links the DNS zone to the GITSVnet virtual network, and enables automatic registration.

 Install-Module -Name Az.PrivateDns -force

$backendSubnet = New-AzVirtualNetworkSubnetConfig -Name backendSubnet -AddressPrefix “”

$vnet = New-AzVirtualNetwork `

-ResourceGroupName GITS-RG `

-Location WestEurope `

-Name GITSVNet `

-AddressPrefix `

-Subnet $backendSubnet

$zone = New-AzPrivateDnsZone -Name -ResourceGroupName GITS-RG

$link = New-AzPrivateDnsVirtualNetworkLink -ZoneName `

-ResourceGroupName GITS-RG -Name “gitslink” `

-VirtualNetworkId $ -EnableRegistration

List DNS private zones

 $zones = Get-AzPrivateDnsZone


Create the test virtual machines

Now, create two virtual machines so you can test your private DNS zone:

 New-AzVm `

-ResourceGroupName “GITS-RG” `

-Name “Host1” `

-Location “West Europe” `

-subnetname backendSubnet `

-VirtualNetworkName “GITSVnet” `

-addressprefix `

-OpenPorts 3389

New-AzVm `

-ResourceGroupName “GITS-RG” `

-Name “Host2” `

-Location “West Europe” `

-subnetname backendSubnet `

-VirtualNetworkName “GITSVnet” `

-addressprefix `

-OpenPorts 3389

Create an additional DNS record

The following example creates a record with the relative name host in the DNS Zone, in resource group GITS-RG. The fully qualified name of the record set is The record type is “A”, with IP address “”, and the TTL is 3600 seconds.

 New-AzPrivateDnsRecordSet -Name host -RecordType A -ZoneName `

-ResourceGroupName GITS-RG -Ttl 3600 `

-PrivateDnsRecords (New-AzPrivateDnsRecordConfig -IPv4Address “”)

View DNS records

To list the DNS records in your zone, run:

Get-AzPrivateDnsRecordSet -ZoneName -ResourceGroupName GITS-RG


Test the private zone

Now you can test the name resolution for your private zone.

Configure VMs to allow inbound ICMP

You can use the ping command to test name resolution. So, configure the firewall on both virtual machines to allow inbound ICMP packets.

Connect to Host1, and open a Windows PowerShell window with administrator privileges.

Run the following command:

New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4

Repeat for Host2.

Ping the VMs by name

From the Host2 Windows PowerShell command prompt, ping Host1 using the automatically registered host name:


Now ping the Host name you created previously:


Delete all resources

When no longer needed, delete the GITS-RG resource group to delete the resources created in this article.

Remove-AzResourceGroup -Name GITS-RG


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s