Create an Azure private DNS zone using the Azure CLI

A DNS zone is used to host the DNS records for a particular domain. To start hosting your domain in Azure DNS, you need to create a DNS zone for that domain name.

 Each DNS record for your domain is then created inside this DNS zone. 

To publish a private DNS zone to your virtual network, you specify the list of virtual networks that are allowed to resolve records within the zone. 

These are called linked virtual networks. When autoregistration is enabled, Azure DNS also updates the zone records whenever a virtual machine is created, changes its' IP address, or is deleted.

 creates a virtual network named rakAzureVNet.


az network vnet create \

  --name rakAzureVNet \

  --resource-group RG1 \

  --location centralus \

  --address-prefix \

  --subnet-name backendSubnet \


Then it creates a DNS zone named in the RG1 resource group


az network private-dns zone create -g RG1 \


links the DNS zone to the rakAzureVNet virtual network, and enables automatic registration.


az network private-dns link vnet create -g RG1 -n MyDNSLink \

   -z -v rakAzureVNet -e true


List DNS private zones


az network private-dns zone list \

-g RG1


az network private-dns zone list

Create the test virtual machines


az vm create \

 -n myVM01 \

 --admin-username AzureAdmin \

 -g RG1 \

 -l centralus \

 --subnet backendSubnet \

 --vnet-name rakAzureVNet \

 --nsg NSG01 \

 --nsg-rule RDP \

 --image win2016datacenter

az vm create \

 -n myVM02 \

 --admin-username AzureAdmin \

 -g RG1 \

 -l centralus \

 --subnet backendSubnet \

 --vnet-name rakAzureVNet \

 --nsg NSG01 \

 --nsg-rule RDP \

 --image win2016datacenter


Create an additional DNS record


To create a DNS record, use the az network private-dns record-set [record type] add-record command. 

For help with adding A records for example, see az network private-dns record-set A add-record --help.

The following example creates a record with the relative name db in the DNS Zone, in resource group RG1. 

The fully qualified name of the record set is The record type is "A", with IP address "".

Here is nothing but a IP adddress of VM - myVM01


 az network private-dns record-set a add-record \

  -g RG1 \

  -z \

  -n db \



  View DNS records


  az network private-dns record-set list \

  -g RG1 \



  Test the private zone


  You can use the ping command to test name resolution. So, configure the firewall on both virtual machines to allow inbound ICMP packets.

Connect to myVM01, and open a Windows PowerShell window with administrator privileges.

Run the following command:

New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4

From the myVM02 Windows PowerShell command prompt, ping myVM01 using the automatically registered host name:



Now ping the db name you created previously:




No comments:

Post a Comment