I’m still stuck in cloud hell when it comes to hosting my own operating systems and other lab devices. The ageing on-premise equipment just doesn’t provide enough oomph I need these days. It’s also too expensive to host a brand new ESX environment in my home office. So ever since, my lab has been a mash of Azure and AWS hosted kit.

The actual hosting, cost and convenience of cloud is great - what I mean by hell, is the fact I’m using two of them; AWS and Azure. I can’t seem to make up my mind which one does it best.

But all this jumping between them sure is a great way to learn the basics of both.

Today’s lesson is one of DNS, and specifically how Azure handles it. If you’re new to Azure, it will almost certainly trip you up when you first attempt to make changes to a virtual machines DNS settings. My original project was to stand up a Windows Server and client in order to perform some traditional Active Directory (AD) testing. For this kind of lab, you need full DNS control - something Azure does not provide by default.

DNS for Compute

Let’s get right to it, shall we? This article focuses specifically on how DNS works for compute based resources hosted in Azure. There are three ways Azure manages DNS for virtual machines:

• Azure Provided DNS - the default
• Private DNS
• Do it yourself

Azure Provided DNS

The default DNS method is suitable for most deployments and gets you up and running right away. Azure sets the DNS server using DHCP, while it’s usually an internet address (e.g. 168.63.129.16), it’s not publicly accessible. All machines in your virtual network will use this DNS server.

The machines also gain their own DNS suffix to ensure that all IP’s within the same network can communicate using DNS. The DNS suffix consists of a random string followed by .zx.internal.cloudapp.net.

You’ll notice however that if you attempt to change the DNS servers on your client, the connection will drop and you won’t be able to connect to the machine again until you reboot it. This is because Azure doesn’t recommend setting IP configuration via the virtual machine, instead preferring you to use Azure.

Private DNS

I’ll be honest, I never got around to testing Private DNS because I was more interested in hosting DNS myself, but this looks like a serverless DNS solution that should meet most needs, allowing you to create DNS records and effectively host your own networks DNS within Azure, without the need for a server. My goal however was to set up an internal AD server and client, so I wanted complete control over DNS.

Do it yourself - the ol’ fashioned way

If you want to deploy your own DNS server within the network, there’s a much better way to do it than configure the machines directly. You simply tell DHCP to provide your own DNS server address to clients, which can be done by reconfiguring the virtual network in the Azure portal:

• Find the virtual network resource and navigate to DNS Servers on the left hand menu
• Add your own internal or external DNS IP’s

You’ll notice a couple of things change when you reboot the virtual machines. First, the DNS suffix has changed to a hostname that does not resolve. Secondly, your configured DNS servers are now part of the IP configuration on the client!

Azure has changed the DNS suffix to reddog.microsoft.com. This is a non-functioning hostname, designed to ensure that non-configured DNS machines don’t interfere with other external services. But more importantly, the DNS server has been updated to my own configured value (Quad9 service by IBM)

You can now also update the DNS suffix for the machine directly through the operating system without losing access. Your configured ones will take priority, but reddog.microsoft.com will still be present in the configuration.

Note that Azure also recommend you change static IP’s for VM’s the same way - by editing the virtual network adapters configuration within Azure. You can also configure individual machines to use your own DNS servers, rather than the whole network in the same fashion.

Bonus: Setting up traditional AD in Azure? You’ll need these DNS entries

If you’re setting up ACtive Directory using a traditional Windows server running as a VM within Azure and you want clients to join the AD domain, you might find that Windows does not correctly create your DNS records. Assuming your domain is example.local, you’ll need the following:

_ldap._tcp.dc._msdcs.example.local (SRV)
_ldap._tcp.example.local (SRV)

You might also need to create an A record for your own DNS server, so that clients can resolve its hostname. Once complete, clients should easily join the domain.

	Posted October 26, 2021
	Written by John Payne