All Microsoft AZ-700 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the AZ-700 Designing and Implementing Microsoft Azure Networking Solutions practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Public and Private DNS Zones

1. Overview of Public DNS Zones

So we are still talking about core networking infrastructure. And in this section of the course, we're going to talk about name resolution. These are public and private DNS zones that you can create inside Azure that can be the authoritative response for domain names. Now, this does not mean that you can register domain names that are unregistered in Azure, but you can use Azure to be the default responder for requests to those domain names. So let's go back into the portal, and we're going to say, "Create a resource," and we're going to look for a DNS zone.

Now, there are public and private DNS zones. A public DNS zone can be used on the public Internet to respond to requests for a domain. A private DNS zone, as the name implies, would be something that is internal to your solution and your subscription and is not accessible from the public internet. So let's say you have various solutions that have private IP addresses. You could give domain names to those private IP addresses and make it easier to remember and maybe easier to make changes and things like that. So let's create a public DNS zone. I'm going to choose a DNS zone and choose Create. I'm going to put this DNS zone into my AZ 700 group that I've been playing with. Now, you'll see here that the purpose of this publicDNS zone, as I said, was to resolve what an unwritten domain name was in terms of its IP address. It's basically the directory lookup for different domain names and subdomains.

There's not much to creating one. I just picked the resource group, and I do have to give it a name so I can call it GetCloudSkills.XYZ, and that will basically register this as the authoritative name server for this domain name. So this is a domain name that I am claiming. Now, you might think, "Oh, I can just claim a domain." I could put Google.com or Microsoft.com in there. Well, you could, but it actually hasn't changed anything yet. The Internet doesn't just automatically respond when you register a new DNS zone. It's not like traffic suddenly gets redirected to this domain, which is getcloudskills.xyz. I would have to go to my domain registrar and then indicate these name servers as being the authoritative name servers for this domain. So let's have a look at how to connect this DNS zone to a domain name at a domain name registrar. And then on the other side, how to connect a host name to something like a web server. We'll do that in the next video.

2. Create and Use a Public DNS Zone

So I've actually gone and purchased this domain: getCloudSkills dot XYZ. It's only a dollar, so you can't be too mad about that. And what I've done is use the name "Shape" as my registrar. So I purchased this domain, and what I want to do is modify the DNS servers and add these four DNS servers there. So I go into custom DNS. I could just copy and paste it. Now you'll notice this is a pretty redundant setup because not only do modern DNS servers use multiple of them, but they also use different top-level domains. So this is spread out among com, net, org, and info.

And so again, that is why I would say there is maximum redundancy there in case one of those top-level domains was to go down. So we get into name servers one, two, three, and four. The final one being info. Now you really only need two, but four again is the maximum safety and redundancy. So now when I click Save, then when someone goes and requests Get CloudScale XYZ, they're going to first check that the authoritative responders for this domain are these four servers. These four servers are controlled by Microsoft Azure. And then we're going to have to start adding in zones and host names essentially here in order to get things responded to. So even if I click this checkbox here, this is going to update the record. Again. You can see it says it takes up to 48 hours. So obviously, it depends on the propagation of this. There are a couple of times a day that this gets propagated. I literally just purchased this domain, so I don't think it's been propagated anywhere yet. Probably hasn't even left his name, to be honest. So now I've basically set up Getcloudskills XYZ in the registrar so that when anyone asks for www.getcloudskills.xyz, they will be sent to Azure.

Now, right now, there are new host names for www. So there's no authoritative response. It wouldn't work. What we need to do is then set up a web server, and then we can enter the www hostname to send traffic to that web server. Now it just so happens that I have a virtual machine from a previous section when we're talking about subnets that is currently stopped. I am in the process of starting it. But it does have a public IP address, and it is configured to allow port 843 traffic. All I need to do is create a web server there. So I'll do that really quick, and then we can associate www.getcloudskills.com with this virtual machine at this IP address. So I'm going to let that start up. It's a relatively small VM with one CPU and only three 5GB of memory. So it takes a minute to start. As soon as that starts, I'm going to log into the machine, load up IIS, and I'm going to pause the video and come back when that's done. Now, for those curious, adding a web server to a virtual machine in Azure or Windows virtual machines is really relatively straightforward, really. All you need to do is say "add roles and features" and then get the IIS role started.

So we'll wait for that to start in a second. So add roles and features. This isn't necessary for the exam, obviously, but we want to add a web server. We don't really care about the features of the web server because we're just going to use the default. We're not installing any web programs, really. We're just going to use the default IIS website as our test. All right? So first, we can test this on localhost. I'm never a fan of Internet Explorer because it's always going to give you lots of errors, but I can type local host, and we can see that we have a working web server on local host. So now I can disconnect here. Now the next test is whether we can connect to it via its IP address. So I copy the IP address, go into a new web browser, and enter the IP address, and we get the same default website, so we know that this is accessible by its IP address. What we're going to want is get cloud skills dot XYZ.We don't have that. We haven't set that up yet. So let's go into the house. Again. We're going to go into the DNA zone, and we're going to add a couple of records. The first thing we're adding is an A record. And a record points to an IPV4 address, and we have the IP address.

And so that's 1373. In this particular case, 30 817 And the Time to Live value is basically how long this gets cached in local.I don't want this to be cached for more than five minutes because we're doing a demo right now. This app sign is going to represent the default no-host. So if you just enter getcloudskills.XYZ with nothing in the front, you're going to get this right. So I've got my record. Now I'm also going to want the www record. Now one thing I can do is use a C name. And what that's going to do is essentially redirect people, so I can redirect www.getcloudskills.com to XYZ. Again, five minutes seems like enough time for this demo. All right, so now we have our public DNS zone registered in our registrar and we have a couple of records, a C name and a record that should basically serve up our web server, which is this IP address. When people are requesting the domain name, which is getcloudskills.com, Now, do keep in mind that, again, we do have this worldwide caching concept where the domain name changes to go out, but we literally have not used this domain.

So there should be no caching of this anywhere in the world if you're going to use a real domain name. Let's say this was a working website and had thousands of visitors a day. These things do take time to propagate. Now. Am I brave? I don't know. But I just entered GetClubSkillsXYZ in my browser, and it was able to resolve to our demo website. Similarly, www. should invoke that C name. And again, it redirects to getcode skills without the www. So far, our public DNS zone is working as expected. It is able to translate a domain name from this textual value into an IP address. And we are in full control of this within Microsoft Azure. Now, I could do the same kind of thing with my registrar, so my particular registrar, namecheap, offers DNS services. And so I could have put the A record and the CNAME record into namecheap. It's quite possible. But obviously, when you get your own DNS zone, you will no longer be holding on to namesheep, and you as an organisation may want to be able to control these things and tie them all together with your solution within Azure.

3. Create and Use a Private DNS Zone

Alright, so we've seen that you can create a public DNS zone. Let's look at private DNS zones. So I'm going to go back and create a resource-type DNS zone, and this time I'm going to choose the private DNS zone. Now, a private DNS zone, as I mentioned before, is basically providing name resolution services within virtual networks.

And that means the private Internet has nothing to do with the public Internet. And it's actually just your virtual machines and other resources that can refer to each other using domain names instead of IP addresses. Again, this makes it the same simplification for the public internet being available inside of Azure for yourself.

So we go into Marketplace, look for a private DNA zone, and say, "Create" going to places in the same resource group, and we're going to give it a name. Now, in this case, this domain name doesn't need to actually exist. So I used to work for a company that used the "local" extension for their domain names. So if I said Get Cloudskills Local, well, "Local" is not actually a registerable domain name.

I could not go to Namecheap or somewhere else and register this local. And in fact, Azure is warning me here that local doesn't necessarily work on some operating systems, or that there's probably some historical use case where this dot local actually doesn't work. But I think you would find that if you used it, you would probably find it difficult to find where it doesn't actually work.

So you can create a domain name that actually doesn't exist, and then you can start to create your developer's GetCloudSkills Local, production's GetCloudSkills Local, etc. The other way to do this is to create a subdomain for your existing domain. So let's say we created the GetcloudskillsXYZ domain in the public DNS zone. Well, I could create a private Getcloudskills XYZ, and then any of my resources that I want to assign domain names to could be further subdomains of this subdomain. That's another option to get around that. So I'm not going to add any tags to this. I'm going to say "review and create." I'm going to say "create." So you'll notice I went to the private domain route instead of the domain local route, which is, I think, still a valid way to do things. All right, so that was fairly quick. Let's go into the private DNS zone. So we're presented with a very similar interface where we can create these A records or CNAME records or any other type of record that we want. But again, it's not accessible from the public internet.

So there are no name servers that we can then put into our registrar. The way that you access your private data zone is by linking it to your virtual network. So I'm going to go into virtual network links, and what I'm going to do is create a link. I'm going to call this my private DNS one, and you can choose; let's choose the AZ 700 virtual network. And so what that means is that resources that exist on this virtual network will be able to access domains that are in the private DNS zone. So the other option here is that if you create resources on that virtual network, it's going to automatically register those resources in the private zone.

That's pretty cool. I think I can do that. So any new virtual machines that I add will automatically get into this private network, and we can refer to them by name. So I'm going to say, "OK, all right." So that's ready. Now, how are we going to test this? Well, in the same way we've been testing it previously. I'm going to go into the VMware resource group, which is the VM group. And what we're going to do is go into this virtual machine that already exists. It's stopped. Currently, it only has a private IP address. Private IP address is 100 0 5 I'm going to start the machine, and we're going to give a private name to that address. So I'm back in the DNS zone, I'm going to add a record, and I'm going to call this VM two.

And the IP address is 100 0 5 All right? So if I save this, then we should be able to access this private domain by the name "VM 2." The way that we'll test that is that we're going to remote into the VM that we've been testing before and then access it by a private IP address. So hold on. Alright, so we are in our public virtual machine, and I started up a command prompt.

Now I should be able to seep VM into two private getcloudskills XYZ. And this is a virtual machine that is now running. It's a private IP address only. And the private IP address is resolved to 100 0 5 based on this domain name because we have a private DNS zone. So using a private DNS zone allows us to refer to private resources that do not have a public IP address. a convenient name, which again could make it easier to remember, make it easier to identify which servers are which, or provide flexibility in terms of stopping and starting resources and moving them around without having to change connection strings and things like that.

Microsoft AZ-700 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass AZ-700 Designing and Implementing Microsoft Azure Networking Solutions certification exam dumps & practice test questions and answers are to help students.