WEBVTT 0:00:02.820000 --> 0:00:07.680000 Hey, in this video, I'm going to take a look at configuring public Azure 0:00:07.680000 --> 0:00:10.900000 DNS or Azure Public DNS zones. 0:00:10.900000 --> 0:00:13.640000 The topics that we're going to talk about are, we'll start out talking 0:00:13.640000 --> 0:00:18.380000 about Azure DNS zones and just a brief context of how that fits into the 0:00:18.380000 --> 0:00:20.580000 overall DNS process. 0:00:20.580000 --> 0:00:24.360000 Then we'll take a look at DNS records sets, what records sets you can 0:00:24.360000 --> 0:00:27.680000 set up with in Azure DNS zone. 0:00:27.680000 --> 0:00:31.380000 And finally, as far as content, we'll look at actually, what's the process 0:00:31.380000 --> 0:00:36.040000 for using a DNS zone, and then we'll go ahead and demonstrate using a 0:00:36.040000 --> 0:00:39.800000 DNS zone. So let's go ahead and jump right into this. 0:00:39.800000 --> 0:00:43.240000 I'm going to start out talking about DNS zones with just a very high level 0:00:43.240000 --> 0:00:47.540000 overview of the DNS process, just to give us some context. 0:00:47.540000 --> 0:00:55.240000 And here's the idea, I've got a user over here. 0:00:55.240000 --> 0:01:06.000000 Happy user, that user's happy because they are navigating to my.iony.com. 0:01:06.000000 --> 0:01:10.580000 Right, but we know they're not really navigating to my.iony.com. 0:01:10.580000 --> 0:01:16.140000 What they're really navigating to on their browser is some URL or I mean 0:01:16.140000 --> 0:01:20.980000 some IP address, which obviously this would not be the IP address. 0:01:20.980000 --> 0:01:24.080000 Because that's a private IP address, but that's the idea. 0:01:24.080000 --> 0:01:29.920000 But how do we go of course from my.iony.com to the IP address? 0:01:29.920000 --> 0:01:33.260000 And that is where of course DNS comes into play. 0:01:33.260000 --> 0:01:38.660000 The first thing that would happen is that this machine that the user's 0:01:38.660000 --> 0:01:43.000000 on would check its DNS server, whatever that's configured. 0:01:43.000000 --> 0:01:46.880000 So I would have a DNS server here for them. 0:01:46.880000 --> 0:01:51.440000 And we basically ask, hey, do you know where this my.iony.com is? 0:01:51.440000 --> 0:01:54.020000 And the DNS server may not know. 0:01:54.020000 --> 0:01:56.820000 And what the DNS server would do, if it doesn't have that record, and 0:01:56.820000 --> 0:02:02.940000 we'll assume that it does not, is it would go to a registrar. 0:02:02.940000 --> 0:02:08.420000 And say, hey, registrar, cuz that's how they talk. 0:02:08.420000 --> 0:02:10.820000 Where's this I need calm? 0:02:10.820000 --> 0:02:17.220000 And the registrar wouldn't have the actual location, the actual IP address. 0:02:17.220000 --> 0:02:24.400000 But what it can do is go to the authoritative DNS server for that particular 0:02:24.400000 --> 0:02:34.180000 domain name. And so we could have the I any calm DNS server here, right? 0:02:34.180000 --> 0:02:42.840000 And within the I any calm DNS server, there would be a record where my 0:02:42.840000 --> 0:02:53.820000 .iony.com would map to in this fictitious case, 10.10.10.10. 0:02:53.820000 --> 0:02:57.260000 And of course, 10.10.10.10. 0:02:57.260000 --> 0:03:04.160000 Assuming that this is in Azure would be some server, some service. 0:03:04.160000 --> 0:03:09.220000 Which we'll just say is some kind of web app, right? 0:03:09.220000 --> 0:03:10.840000 And that's gonna get us there. 0:03:10.840000 --> 0:03:19.860000 Now, Azure DNS, Azure Public DNS is simply taking this part of the process. 0:03:19.860000 --> 0:03:24.880000 This DNS server that's authoritative for particular zone, and rather than 0:03:24.880000 --> 0:03:30.040000 you having to run your own DNS server, it is providing that functionality 0:03:30.040000 --> 0:03:35.460000 as a service. And so we have the concept of an Azure DNS zone, which in 0:03:35.460000 --> 0:03:40.620000 this case would be I any calm and within that zone, we have what are called 0:03:40.620000 --> 0:03:48.000000 record sets. And that record set, and there's a variety, then we'll talk 0:03:48.000000 --> 0:03:50.580000 about the types of record sets that are available. 0:03:50.580000 --> 0:03:53.580000 That record set has records DNS records. 0:03:53.580000 --> 0:03:56.760000 So the record set might be for my. 0:03:56.760000 --> 0:04:01.420000 Might be for my. 0:04:01.420000 --> 0:04:06.160000 And then it would have one or more IP addresses. 0:04:06.160000 --> 0:04:08.840000 Associated with it. 0:04:08.840000 --> 0:04:12.880000 And that's the basic idea, right? 0:04:12.880000 --> 0:04:16.620000 And so this really all we're doing with Azure DNS zones is saying, hey, 0:04:16.620000 --> 0:04:19.980000 I've got this these DNS records, I need to manage them. 0:04:19.980000 --> 0:04:25.240000 And Azure's giving me that capability as platform as a service. 0:04:25.240000 --> 0:04:31.440000 Let's go ahead and take a look at really what is fundamental to this. 0:04:31.440000 --> 0:04:35.900000 The DNS zone as you'll see is not really anything that's terribly complex. 0:04:35.900000 --> 0:04:40.880000 But what is a bit more complex or the DNS record sets that go into the 0:04:40.880000 --> 0:04:45.140000 zone, right? And the reason they're a record set is because you've got 0:04:45.140000 --> 0:04:48.580000 potentially multiple records within the record set. 0:04:48.580000 --> 0:04:55.780000 Again, I could have a single record with multiple IP addresses, right? 0:04:55.780000 --> 0:05:02.080000 And the different types of record sets are exactly what you would expect. 0:05:02.080000 --> 0:05:07.440000 I've got A and Quatte, I've got CAA, CNAME, Mail Exchange, Name Server, 0:05:07.440000 --> 0:05:10.340000 Start Authority, Server, and Text. 0:05:10.340000 --> 0:05:12.920000 And if you're using SPF, that is represented as text. 0:05:12.920000 --> 0:05:19.040000 There is also the capacity for reverse lookup pointers, PTR records. 0:05:19.040000 --> 0:05:25.680000 However, the PTR records would be defined in a separate DNS zone. 0:05:25.680000 --> 0:05:28.580000 And we're not really going to go into that, you need to know they exist. 0:05:28.580000 --> 0:05:31.880000 You can always look up and go farther into that. 0:05:31.880000 --> 0:05:36.160000 But those are the types of record sets that we have. 0:05:36.160000 --> 0:05:42.540000 How would we go about actually using an Azure DNS zone? 0:05:42.540000 --> 0:05:44.700000 The nuts and bolts of this are pretty straightforward. 0:05:44.700000 --> 0:05:47.580000 You would provision a DNS zone and as you will see, there really isn't 0:05:47.580000 --> 0:05:53.460000 much to it. Now, the name of your DNS zone doesn't matter as far as Azure 0:05:53.460000 --> 0:05:57.480000 is concerned. It could be a real domain name or it could just be something 0:05:57.480000 --> 0:05:58.940000 that you're playing around with. 0:05:58.940000 --> 0:06:06.180000 However, if you want that to be a real functional public DNS zone that 0:06:06.180000 --> 0:06:11.500000 can actually resolve Internet DNS queries to your servers, then it has 0:06:11.500000 --> 0:06:18.000000 to be a real zone and it has to be registered with a domain name registrar. 0:06:18.000000 --> 0:06:22.160000 And so for example, what I'm going to show you, I have registered and 0:06:22.160000 --> 0:06:25.240000 I registered through GoDaddy .com, just fine. 0:06:25.240000 --> 0:06:29.680000 And there's a ton of other domain name registrars that you can go through. 0:06:29.680000 --> 0:06:36.120000 But what's key is beyond Azure, if you're going to truly use a DNS zone 0:06:36.120000 --> 0:06:40.020000 that you're managing in Azure, just like any other public DNS zone, it's 0:06:40.020000 --> 0:06:41.660000 got to be registered, right? 0:06:41.660000 --> 0:06:44.960000 Because the queries that come in have to know where to go to get your 0:06:44.960000 --> 0:06:50.440000 name servers. Once you've done that, then you're going to add your record 0:06:50.440000 --> 0:06:52.920000 sets. What are the records that you want? 0:06:52.920000 --> 0:06:56.420000 Now, you can also delegate subdomains, right? 0:06:56.420000 --> 0:07:00.840000 And a subdomain would be something, for example, let's say that I've got 0:07:00.840000 --> 0:07:10.880000 a primary domain of INE-demo.com, which I actually happen to have, right? 0:07:10.880000 --> 0:07:15.900000 Well, what if underneath of that I wanted to have something to the effect 0:07:15.900000 --> 0:07:24.820000 of, let's say AZ103 .INE-demo.com, okay? 0:07:24.820000 --> 0:07:26.100000 How would I get to that? 0:07:26.100000 --> 0:07:33.900000 Because the authoritative domain for AZ103.INE-demo.com is INE-demo.com. 0:07:33.900000 --> 0:07:37.140000 So this is really delegated underneath of that. 0:07:37.140000 --> 0:07:38.380000 It is pretty simple. 0:07:38.380000 --> 0:07:43.920000 I would take and create a new domain, and then I would add it, add the 0:07:43.920000 --> 0:07:48.060000 name server records for that domain into its parent. 0:07:48.060000 --> 0:07:51.500000 And I can show you how you would go about doing that, right? 0:07:51.500000 --> 0:07:56.540000 And again, the process is not that much to the process, a much more complex 0:07:56.540000 --> 0:08:00.820000 component of this is making sure you get your record sets correct and 0:08:00.820000 --> 0:08:04.660000 that you fully register your DNS zone, right? 0:08:04.660000 --> 0:08:08.640000 And what we're going to do now is go in and I'm going to show you a demonstration 0:08:08.640000 --> 0:08:11.680000 of implementing a public Azure DNS. 0:08:11.680000 --> 0:08:14.400000 And I'm going to do this in a couple of parts, because I already have 0:08:14.400000 --> 0:08:20.400000 a DNS that I've got the domain name for, and I've got it set up with a 0:08:20.400000 --> 0:08:23.960000 registrar. I've got an Azure DNS zone, but we'll play around with that 0:08:23.960000 --> 0:08:27.020000 a little bit. But before I do that, I'm going to go ahead and show you 0:08:27.020000 --> 0:08:31.680000 the process of actually provisioning a DNS zone, right? 0:08:31.680000 --> 0:08:35.020000 Then we'll go in and we will configure it and test it out. 0:08:35.020000 --> 0:08:42.900000 So let's go ahead and jump into some demonstration mode here. 0:08:42.900000 --> 0:08:52.800000 And I am in my Azure portal and I'm going to create a resource and I'm 0:08:52.800000 --> 0:08:55.220000 going to create a DNS zone. 0:08:55.220000 --> 0:09:06.660000 Let's go ahead and create this zone. 0:09:06.660000 --> 0:09:09.840000 And it's really fairly straightforward. 0:09:09.840000 --> 0:09:11.540000 I'm going to give this zone a name. 0:09:11.540000 --> 0:09:20.420000 Now in this case, I'm going to actually name the zone az103.ione-demo. 0:09:20.420000 --> 0:09:23.980000 I could spell.com. 0:09:23.980000 --> 0:09:29.960000 And we'll put it in the E-US and that's fine and create. 0:09:29.960000 --> 0:09:36.300000 Now while that is creating. 0:09:36.300000 --> 0:09:39.120000 I have a virtual machine. 0:09:39.120000 --> 0:09:42.740000 And if I just go, I've got quite a number of virtual machines, but I've 0:09:42.740000 --> 0:09:46.220000 got one in particular that I want to take a look at. 0:09:46.220000 --> 0:09:48.840000 I've got a couple of web servers here. 0:09:48.840000 --> 0:09:53.400000 And if all goes well, I've got this public IP address. 0:09:53.400000 --> 0:09:59.080000 I'm going to copy that and navigate over to that. 0:09:59.080000 --> 0:10:00.940000 All right, there we go. 0:10:00.940000 --> 0:10:03.240000 Here is a very sophisticated website. 0:10:03.240000 --> 0:10:06.260000 If you've watched other videos, it's fairly common. 0:10:06.260000 --> 0:10:08.780000 It is completely anti-climactic. 0:10:08.780000 --> 0:10:13.260000 But I do have connectivity to this particular web server. 0:10:13.260000 --> 0:10:17.640000 However, I'm using the actual IP address of the web server and you'd never 0:10:17.640000 --> 0:10:20.120000 want your users to have to do that. 0:10:20.120000 --> 0:10:25.660000 So instead, what I want to do is I want to set up my DNS. 0:10:25.660000 --> 0:10:29.280000 I'm going to associate this with a DNS zone. 0:10:29.280000 --> 0:10:34.420000 And I happen to have an existing DNS zone that is fully registered, INE 0:10:34.420000 --> 0:10:44.200000 .com. And right now, I've got INE.com, three, well, actually four records. 0:10:44.200000 --> 0:10:46.740000 I've got the first two records, which you will always see. 0:10:46.740000 --> 0:10:49.100000 The first one is absolutely critical. 0:10:49.100000 --> 0:10:50.880000 This is my name server record. 0:10:50.880000 --> 0:10:56.900000 This is the primary name server record for this DNS zone. 0:10:56.900000 --> 0:11:00.000000 And one thing that's really important, if you look at this, you'll see 0:11:00.000000 --> 0:11:06.180000 those values, the different NS values, NS1, 2, 3, and 4, at COM, net, 0:11:06.180000 --> 0:11:11.060000 org, and info. When you register your domain, make sure that you register 0:11:11.060000 --> 0:11:13.220000 all for these name servers. 0:11:13.220000 --> 0:11:18.000000 And again, very easy process to go through, depending on your registrar, 0:11:18.000000 --> 0:11:21.680000 but that is a process outside of Azure itself. 0:11:21.680000 --> 0:11:24.140000 So I've got that, I've got an SOA. 0:11:24.140000 --> 0:11:28.640000 I have a text that I really need to delete that's actually part of the 0:11:28.640000 --> 0:11:31.440000 requirements for Azure AD. 0:11:31.440000 --> 0:11:38.100000 And I have a CNAME record that I used in trying to bribe a colleague of 0:11:38.100000 --> 0:11:41.340000 mine to give me some swag, which didn't work out sadly. 0:11:41.340000 --> 0:11:43.920000 But that's OK, not the point. 0:11:43.920000 --> 0:11:46.240000 The point is I'm going to go ahead and create a record set for this. 0:11:46.240000 --> 0:11:48.420000 So I'm going to go record set. 0:11:48.420000 --> 0:11:53.040000 And here I've got INE demo.com. 0:11:53.040000 --> 0:11:57.320000 And we're going to go ahead and just say web app. 0:11:57.320000 --> 0:12:01.440000 This is going to be webapp.ionidemo.com. 0:12:01.440000 --> 0:12:05.440000 And I've got different types, A, QUAD, A, and see all the different types 0:12:05.440000 --> 0:12:08.320000 I've got. We're going to stick with A. 0:12:08.320000 --> 0:12:14.840000 And we're going to say, OK, now if it's an alias, it's actually pretty 0:12:14.840000 --> 0:12:19.460000 interesting. I can alias for a public IP address. 0:12:19.460000 --> 0:12:23.760000 And then what that will do is make sure that it's always pulling that 0:12:23.760000 --> 0:12:30.260000 correctly. So if it gets updated, but I can also say no, that's not actually 0:12:30.260000 --> 0:12:33.140000 an alias. I'll do this more generically. 0:12:33.140000 --> 0:12:37.940000 And I can go ahead and put in that public IP address. 0:12:37.940000 --> 0:12:43.920000 So if you are working with Azure resources and you're setting these up, 0:12:43.920000 --> 0:12:49.240000 you can actually shortcut a little bit and that's just going to make sure 0:12:49.240000 --> 0:12:55.300000 that it properly updates and accounts for any changes. 0:12:55.300000 --> 0:12:57.880000 But it's fine here because that's not going to change. 0:12:57.880000 --> 0:13:01.900000 And let's see if that's up and ready yet. 0:13:01.900000 --> 0:13:09.860000 We'll go ahead and go to a whole other page and just go webapp.ionid-demo 0:13:09.860000 --> 0:13:14.700000 .com. And there we go. 0:13:14.700000 --> 0:13:17.820000 Notice that came up pretty darn quickly. 0:13:17.820000 --> 0:13:24.180000 And the cool thing is that new records are usually within typically 15 0:13:24.180000 --> 0:13:29.240000 seconds. Last I checked there's not an official SLA, but it is really 0:13:29.240000 --> 0:13:32.760000 fast. Typically speaking, when I add a record of I'm demonstrating by 0:13:32.760000 --> 0:13:36.220000 the time I go and test that record out, it's already updated or it's already 0:13:36.220000 --> 0:13:40.300000 inserted. Even updates are actually really fairly quick. 0:13:40.300000 --> 0:13:45.540000 And this is a global service anywhere in the world. 0:13:45.540000 --> 0:13:48.560000 They've got servers all over the place and just replicates really fast. 0:13:48.560000 --> 0:13:50.900000 And again, even changes, which is pretty cool. 0:13:50.900000 --> 0:13:54.020000 Of course, one thing would change is that is also somewhat dependent on 0:13:54.020000 --> 0:13:54.580000 the client side. 0:13:54.580000 --> 0:13:58.640000 If they've already cached your DNS record, then of course, you would have 0:13:58.640000 --> 0:14:00.280000 to clear the cache to get the updates. 0:14:00.280000 --> 0:14:03.520000 But within the system itself, it's actually very fast. 0:14:03.520000 --> 0:14:09.340000 Now, I'm just going to go ahead and show you how you would go about delegating 0:14:09.340000 --> 0:14:14.480000 a subdomain. And to do this, I'm actually going to pull up the portal 0:14:14.480000 --> 0:14:16.420000 on two different pages. 0:14:16.420000 --> 0:14:18.940000 So I'm going to go back and forth a little bit. 0:14:18.940000 --> 0:14:28.960000 And we're going to go over here and we're going to go I-N-E-D-M-O, and 0:14:28.960000 --> 0:14:32.020000 I'm actually going to go to the AZ-103. 0:14:32.020000 --> 0:14:39.180000 Here I've got my AZ-103, and I have a name server record for my AZ-103. 0:14:39.180000 --> 0:14:46.080000 And I'm going to add another record set. 0:14:46.080000 --> 0:14:51.320000 And this is just going to be, we'll do the same thing, web app. 0:14:51.320000 --> 0:14:58.120000 And we're going to put in that same IP address. 0:14:58.120000 --> 0:15:02.820000 So now, if you could get to this name server, and if I go, for example, 0:15:02.820000 --> 0:15:06.660000 and I do a lookup and I specify one of these name servers, it's going 0:15:06.660000 --> 0:15:10.180000 to pull back that IP address for web app. 0:15:10.180000 --> 0:15:15.500000 However, if I were to go from my, you know, just regular page here, and 0:15:15.500000 --> 0:15:27.000000 I would try to go to webapp.az103, I'm not going to get the page. 0:15:27.000000 --> 0:15:31.420000 Because even though it's here, there's no path out to this page. 0:15:31.420000 --> 0:15:37.220000 So what I want to do, I'm going to come in here, and I've got these name 0:15:37.220000 --> 0:15:42.980000 servers. And I'm going to go over, we'll get that one first, and I'm going 0:15:42.980000 --> 0:15:49.340000 to add a name server record to my parent domain. 0:15:49.340000 --> 0:15:54.060000 Right? And that is going to be AZ-103. 0:15:54.060000 --> 0:16:01.140000 And the type is going to be NS, and then I need to add the name servers. 0:16:01.140000 --> 0:16:25.800000 So the first one, there, second one, there, third one, and the fourth 0:16:25.800000 --> 0:16:30.340000 one. The reason I like doing this is because it's really the same process 0:16:30.340000 --> 0:16:35.520000 as you would go through if you were registering a primary domain. 0:16:35.520000 --> 0:16:39.080000 And go ahead and hit OK. 0:16:39.080000 --> 0:16:44.380000 And now I've got the AZ-103, depending on probably didn't give it quite 0:16:44.380000 --> 0:16:47.260000 enough time here, but let's see, there we go. 0:16:47.260000 --> 0:16:53.780000 Even without giving it much time at all, I now have my subdomain, which 0:16:53.780000 --> 0:16:55.900000 is fully delegated, AZ-103. 0:16:55.900000 --> 0:16:58.780000 And I wanted to show you that part of the reason I wanted to show you 0:16:58.780000 --> 0:17:02.140000 that delegation is because sometimes if you read about it, it actually 0:17:02.140000 --> 0:17:05.500000 seems like it's really complicated, and it goes back and forth. 0:17:05.500000 --> 0:17:09.600000 I think some of that is a lot of the demonstrations are done in PowerShell, 0:17:09.600000 --> 0:17:14.040000 which is fantastic, but it can make things seem a little more complex 0:17:14.040000 --> 0:17:16.140000 than they are. It's really pretty simple. 0:17:16.140000 --> 0:17:21.000000 You've got your primary domain, which is registered publicly with an internet 0:17:21.000000 --> 0:17:27.840000 registrar. Then you can really delegate that out to multiple subdomains, 0:17:27.840000 --> 0:17:30.960000 just create and manage the subdomain as a zone. 0:17:30.960000 --> 0:17:34.160000 But you have to tie that into a primary, because that primary is what 0:17:34.160000 --> 0:17:36.140000 everybody publicly will see. 0:17:36.140000 --> 0:17:37.200000 But there you go. 0:17:37.200000 --> 0:17:43.080000 That's public DNS in Azure and how easy it is to implement and manage 0:17:43.080000 --> 0:17:44.940000 DNS records through this service.