WEBVTT

0:00:02.700000 --> 0:00:07.100000
 Welcome to the video on configuring
 private Azure DNS.

0:00:07.100000 --> 0:00:13.480000
 In this video, we're going to take a
 look at, first of all, what are Azure

0:00:13.480000 --> 0:00:19.420000
 Private DNS zones, and how do you
 implement private DNS zones?

0:00:19.420000 --> 0:00:22.920000
 Pretty straightforward, hopefully,
 if I do this right.

0:00:22.920000 --> 0:00:27.160000
 Here is the idea behind
 private DNS zones.

0:00:27.160000 --> 0:00:33.580000
 First of all, if you have a virtual
 network, you have to define a DNS

0:00:33.580000 --> 0:00:35.340000
 server for that virtual network.

0:00:35.340000 --> 0:00:39.900000
 Now, there is a default DNS server
 for a virtual network, and it will

0:00:39.900000 --> 0:00:43.780000
 resolve names in two
 circumstances.

0:00:43.780000 --> 0:00:52.280000
 First of all, anything that is in that
 virtual network, only within the

0:00:52.280000 --> 0:00:57.460000
 virtual network, not anything peer, not
 anything gatewayed, it will resolve

0:00:57.460000 --> 0:01:00.000000
 names that are in the
 virtual network.

0:01:00.000000 --> 0:01:06.220000
 Also, the built-in default DNS server
 for a virtual network will also

0:01:06.220000 --> 0:01:11.120000
 resolve public DNS names, right?

0:01:11.120000 --> 0:01:15.280000
 So, my.ini.com, for example,
 it would be fine with that.

0:01:15.280000 --> 0:01:20.500000
 Anything else, though, you're going to
 need to go with some kind of custom

0:01:20.500000 --> 0:01:24.100000
 solution, and typically the way you
 would do that is you would spin up

0:01:24.100000 --> 0:01:29.680000
 a DNS server. However, now Microsoft
 has DNS as a service, and it has

0:01:29.680000 --> 0:01:31.660000
 private DNS as a service.

0:01:31.660000 --> 0:01:34.400000
 So, rather than spinning up your own
 server, that you have to manage the

0:01:34.400000 --> 0:01:38.600000
 server, manage the OS, manage the DNS,
 you can really just focus on managing

0:01:38.600000 --> 0:01:45.420000
 the DNS. It's a really a fairly minimalist
 architecture, and again, this

0:01:45.420000 --> 0:01:50.020000
 is one of the places where I honestly feel
 like maybe some of the documentation

0:01:50.020000 --> 0:01:53.380000
 on this and some of the demos on this,
 make it seem a little bit more

0:01:53.380000 --> 0:01:57.600000
 complex than it actually is, because
 I'm not saying that it's necessarily

0:01:57.600000 --> 0:02:02.800000
 going to be easy, but there's not that
 many moving parts to it, right?

0:02:02.800000 --> 0:02:06.600000
 So, I want to describe it, and let's take
 a look at this drawing to describe

0:02:06.600000 --> 0:02:14.300000
 it. If I'm going to use the DNS service,
 I'm going to have a virtual network,

0:02:14.300000 --> 0:02:18.740000
 so I've got this virtual network,
 and I create a private DNS zone.

0:02:18.740000 --> 0:02:21.840000
 I'm going to demonstrate this using the
 command line, but you can actually

0:02:21.840000 --> 0:02:24.900000
 do it through the portal as well.

0:02:24.900000 --> 0:02:30.380000
 And there's two ways to link a virtual
 network to a private DNS zone.

0:02:30.380000 --> 0:02:35.540000
 One, in each virtual network, can only
 do this to one zone, that's the

0:02:35.540000 --> 0:02:41.920000
 registration zone, and that means as your
 virtual machines are provisioned,

0:02:41.920000 --> 0:02:46.740000
 as they are allocated, they're going to
 automatically register their records,

0:02:46.740000 --> 0:02:51.720000
 their private IP address
 in the DNS zone, right?

0:02:51.720000 --> 0:02:56.620000
 And so I can have multiple private
 DNS zones, each one with their own

0:02:56.620000 --> 0:03:03.380000
 registration, but I can also set up
 a resolution link between a virtual

0:03:03.380000 --> 0:03:05.960000
 network and a private DNS zone.

0:03:05.960000 --> 0:03:12.400000
 And that means that the virtual network
 can simply put resolve names from

0:03:12.400000 --> 0:03:13.860000
 the other private DNS zone.

0:03:13.860000 --> 0:03:20.240000
 You could, by the way, also, rather
 than do that, I can have multiple

0:03:20.240000 --> 0:03:25.400000
 virtual networks register within
 the same private DNS zone.

0:03:25.400000 --> 0:03:30.940000
 So the linkage is kind of a one-to-many
 with a little bit of a cross-reference,

0:03:30.940000 --> 0:03:34.720000
 right? Each virtual network can only be
 associated for registration purposes

0:03:34.720000 --> 0:03:36.940000
 with one private DNS zone.

0:03:36.940000 --> 0:03:41.640000
 Each private DNS zone can support multiple
 virtual networks as registration

0:03:41.640000 --> 0:03:48.420000
 networks, and you also have this concept
 of resolution networks or resolution

0:03:48.420000 --> 0:03:52.740000
 DNS as well to kind of cross
-link as necessary.

0:03:52.740000 --> 0:03:58.740000
 So a lot that you can do, the basics of
 it, though, are pretty foundational.

0:03:58.740000 --> 0:04:03.520000
 And with that, I want to go ahead and
 demonstrate implementing private

0:04:03.520000 --> 0:04:09.920000
 DNS zones. And I want to show you the
 architecture that we have, and this

0:04:09.920000 --> 0:04:15.180000
 is my standard demonstration architecture
 for this particular course.

0:04:15.180000 --> 0:04:20.180000
 And if I go, if I could remember how
 to draw a line here, oops, let's

0:04:20.180000 --> 0:04:22.380000
 go back for a second.

0:04:22.380000 --> 0:04:26.220000
 There we go. That is
 how you draw a line.

0:04:26.220000 --> 0:04:27.840000
 You turn on your line drawing.

0:04:27.840000 --> 0:04:32.720000
 I have two virtual networks, and I
 have a peering relationship between

0:04:32.720000 --> 0:04:35.180000
 them. We're not going to worry so much
 about the peering relationship.

0:04:35.180000 --> 0:04:42.420000
 What I am going to do is I'm going to
 provision a private DNS zone, and

0:04:42.420000 --> 0:04:52.560000
 I am going to make that the registration
 zone for my environment that

0:04:52.560000 --> 0:04:54.760000
 has my web servers.

0:04:54.760000 --> 0:04:59.200000
 And then I'm going to make it a resolution
 zone, set up a resolution link

0:04:59.200000 --> 0:05:05.140000
 with my virtual network
 that has my web.

0:05:05.140000 --> 0:05:08.520000
 And then I'm going to go to a Windows
 server and see if I can make it

0:05:08.520000 --> 0:05:15.380000
 over to the web servers using
 the private DNS zone.

0:05:15.380000 --> 0:05:18.120000
 So that is what we're doing.

0:05:18.120000 --> 0:05:22.180000
 Let me go ahead and
 get a start on this.

0:05:22.180000 --> 0:05:35.540000
 First thing that I'm going to do is I
 am going to provision a new resource.

0:05:35.540000 --> 0:05:38.000000
 And this is, oh, I'm not
 going to do it this way.

0:05:38.000000 --> 0:05:41.220000
 Let's do it. From
 the command line.

0:05:41.220000 --> 0:05:46.140000
 I'm going to actually open up
 Cloud Shell in the PowerShell.

0:05:46.140000 --> 0:05:51.000000
 I'm going to use PowerShell
 to do this.

0:05:51.000000 --> 0:06:00.820000
 All right, let's go ahead
 and dive into this.

0:06:00.820000 --> 0:06:03.600000
 Now, I need to do a few things.

0:06:03.600000 --> 0:06:12.120000
 The first thing that I'm going to do
 is actually set up a new private

0:06:12.120000 --> 0:06:19.700000
 DNS zone. And I'm going to do this
 pretty simply just with a variable,

0:06:19.700000 --> 0:06:22.720000
 or say dollar sign zone, I'm just
 using that to capture it.

0:06:22.720000 --> 0:06:37.800000
 It's going to be equal to
 a new az private DNS zone.

0:06:37.800000 --> 0:06:40.060000
 Okay, that's kind of strange.

0:06:40.060000 --> 0:06:43.280000
 Let's control C out of there.

0:06:43.280000 --> 0:06:48.980000
 Let's try that again.

0:06:48.980000 --> 0:06:53.400000
 Dollar sign zone is equal to new.

0:06:53.400000 --> 0:07:00.540000
 See. Zone, I was trying
 to use auto-finished.

0:07:00.540000 --> 0:07:03.520000
 For some reason, it decided that
 it wasn't thrilled with that.

0:07:03.520000 --> 0:07:04.740000
 But that's fine.

0:07:04.740000 --> 0:07:07.000000
 I'm going to give it a name.

0:07:07.000000 --> 0:07:15.760000
 And the name is going to
 be privatedemo.ione.com.

0:07:15.760000 --> 0:07:20.780000
 Now, privatedemo.ione.com
 does not actually exist.

0:07:20.780000 --> 0:07:24.520000
 But it's fine because
 it's all internal.

0:07:24.520000 --> 0:07:29.700000
 And then the next thing I'm going to
 do is give this a resource group

0:07:29.700000 --> 0:07:35.000000
 name. And that's going to be 01 task,
 because that's where everything

0:07:35.000000 --> 0:07:38.900000
 else is. And that should be it.

0:07:38.900000 --> 0:07:41.660000
 That's going to give me
 a private DNS zone.

0:07:41.660000 --> 0:07:43.120000
 And that'll take a moment.

0:07:43.120000 --> 0:07:47.700000
 And then once that's done, once that's
 been provisioned, we'll look at

0:07:47.700000 --> 0:07:58.460000
 getting my virtual networks
 and linking it all together.

0:07:58.460000 --> 0:08:06.080000
 Now, the next thing that I need to do
 is I need to set up the links between

0:08:06.080000 --> 0:08:14.460000
 my zone, my new private DNS zone,
 and the actual virtual networks.

0:08:14.460000 --> 0:08:22.300000
 And what I'm going to do is I'm going
 to go and get vnet web is equal

0:08:22.300000 --> 0:08:33.300000
 to get az virtual network.

0:08:33.300000 --> 0:08:39.800000
 And the name of my virtual network,
 which I have completely forgotten,

0:08:39.800000 --> 0:08:43.280000
 we'll pull that up
 in one moment here.

0:08:43.280000 --> 0:08:52.140000
 And go simply uwebservervnet.

0:08:52.140000 --> 0:08:56.060000
 I named it. I've created it several
 times and I didn't remember it.

0:08:56.060000 --> 0:09:04.860000
 And the resource group
 name is 01 tasks.

0:09:04.860000 --> 0:09:24.960000
 Now, I'm going to get my vnet win.


0:09:24.960000 --> 0:09:31.620000
 Get dash az virtual network.

0:09:31.620000 --> 0:09:42.340000
 And it's going to be
 w.winserver-vnet.

0:09:42.340000 --> 0:09:53.660000
 Also, oh, and once again, I like using
 autocomplete because it tells me

0:09:53.660000 --> 0:09:58.520000
 when I've done something terrible
 or at least incorrect.

0:09:58.520000 --> 0:10:03.840000
 There we go, resource
 group name 01 tasks.

0:10:03.840000 --> 0:10:07.540000
 All right, now just make
 sure I have them.

0:10:07.540000 --> 0:10:13.980000
 Put one of these out
 here, vnet web.

0:10:13.980000 --> 0:10:17.380000
 And in fact, I've got
 the information.

0:10:17.380000 --> 0:10:21.560000
 Now, the only thing left to
 do is to link these up.

0:10:21.560000 --> 0:10:26.340000
 First, I'm going to link up the web and
 I'm going to set it up as a registration

0:10:26.340000 --> 0:10:44.480000
 link. And I'm going to do that with
 a new az private DNS virtual network

0:10:44.480000 --> 0:10:53.400000
 link. And I'm going to
 give this a zone name.

0:10:53.400000 --> 0:10:56.100000
 And that's going to
 be dollar sign.

0:10:56.100000 --> 0:11:04.780000
 Zone.name. It should be correct.

0:11:04.780000 --> 0:11:12.300000
 And I'm going to give this
 the resource group name.

0:11:12.300000 --> 0:11:16.080000
 It doesn't like that.

0:11:16.080000 --> 0:11:44.580000
 There we go. And the name of
 this is going to be web link.

0:11:44.580000 --> 0:11:55.580000
 And next, I'm going to set it up with
 the virtual network ID, which is

0:11:55.580000 --> 0:12:05.540000
 going to be our vnet web.

0:12:05.540000 --> 0:12:13.120000
 Dot ID. Last, this is important, set
 it up as a registration by hitting

0:12:13.120000 --> 0:12:15.020000
 enable registration.

0:12:15.020000 --> 0:12:20.880000
 And we'll wait for
 that to come back.

0:12:20.880000 --> 0:12:28.580000
 All right, so that was successful.


0:12:28.580000 --> 0:12:32.200000
 Now what I'm going to do is I'm going
 to set up the link and just did

0:12:32.200000 --> 0:12:33.620000
 an up arrow there.

0:12:33.620000 --> 0:12:37.180000
 But I am going to set this
 one up for my win.

0:12:37.180000 --> 0:12:38.780000
 I'm not going to enable
 registration.

0:12:38.780000 --> 0:12:41.280000
 This is just going
 to be a resolution.

0:12:41.280000 --> 0:12:45.720000
 And I have to give it
 a different name.

0:12:45.720000 --> 0:12:51.860000
 But otherwise, same zone, same resource
 group, different name, different

0:12:51.860000 --> 0:12:52.720000
 virtual network.

0:12:52.720000 --> 0:12:56.860000
 And again, it's not a registration
 domain, a registration link.

0:12:56.860000 --> 0:13:00.940000
 All right, and so we'll wait for that
 to finish and then we'll test it

0:13:00.940000 --> 0:13:14.820000
 out. All right, it would appear that
 we have successfully created those

0:13:14.820000 --> 0:13:18.880000
 links. So let's go ahead
 and let's test them out.

0:13:18.880000 --> 0:13:25.280000
 I have a remote desktop connection
 to one of the win servers.

0:13:25.280000 --> 0:13:30.420000
 So this would be in the resolution
 zone, if you will.

0:13:30.420000 --> 0:13:34.940000
 And what I'm going to do, just to see
 what's going on, let's go to private

0:13:34.940000 --> 0:13:38.300000
 demo dot IINI.com.

0:13:38.300000 --> 0:13:40.240000
 So this is the private DNS zone.

0:13:40.240000 --> 0:13:43.280000
 And right away, I can see this
 is definitely good news.

0:13:43.280000 --> 0:13:49.820000
 I can see that I've got three machines
 that are three VMs that have registered

0:13:49.820000 --> 0:13:52.600000
 themselves into this
 private DNS zone.

0:13:52.600000 --> 0:13:53.300000
 And that's great.

0:13:53.300000 --> 0:13:56.160000
 Now what I'm going to do is
 see if I can resolve it.

0:13:56.160000 --> 0:14:01.720000
 So if I go here, here is the full domain
 name, the internal domain name

0:14:01.720000 --> 0:14:02.940000
 of one of the web servers.

0:14:02.940000 --> 0:14:07.580000
 So it's uwebserver0privatedemo
.INI.com.

0:14:07.580000 --> 0:14:14.540000
 I'm going to just go ahead and copy
 that, open a new tab, paste and go.

0:14:14.540000 --> 0:14:18.620000
 And once again, as I have in other demonstrations,
 I get a very anti-climactic

0:14:18.620000 --> 0:14:20.920000
 page, but a successful page.

0:14:20.920000 --> 0:14:25.240000
 This tells me that I'm over there and
 I'm connected to web server 0 and

0:14:25.240000 --> 0:14:28.360000
 I was able to connect through
 this private DNS.

0:14:28.360000 --> 0:14:32.840000
 So if I go to web server 1, I may
 not have web server 1 running.

0:14:32.840000 --> 0:14:37.300000
 All right, so it looks
 like web server 1.

0:14:37.300000 --> 0:14:39.560000
 That is an issue with the server.

0:14:39.560000 --> 0:14:42.320000
 So we'll just quietly go back to web
 server 0 and feel really good about

0:14:42.320000 --> 0:14:43.860000
 it. There we go.

0:14:43.860000 --> 0:14:47.080000
 All right, so web server 0,
 private demo, IINI.com.

0:14:47.080000 --> 0:14:48.260000
 I'm registered, I'm running.

0:14:48.260000 --> 0:14:50.600000
 And I've got that connectivity.

0:14:50.600000 --> 0:14:55.560000
 So now if my users are attempting or
 my services have to connect to each

0:14:55.560000 --> 0:15:00.440000
 other, I'm no longer hard
 coding in an IP address.

0:15:00.440000 --> 0:15:04.080000
 I can now use a fully
 qualified domain name.

0:15:04.080000 --> 0:15:06.420000
 And that's across, in this
 case, virtual networks.