Great SO far. Only 4 mins into the lecture. You never fail with providing a clean and concise explanation of an Azure topic. Felt rusty and not confident after going through the DNS topic on the Microsoft learn for az-104. Knew I would gain a better understanding of DNS once I landed here. Thanks again!
I'm only 5 minutes into this, but had to stop and give a thumbs up. Thank you for putting this out there. So far, it's super clear and is answering some of my questions. I'm on old-fashioned IT consultant trying to learning about Azure networking.
This was a brilliant walk-through. I learned a lot. I must have watched it before because I had that "red" line under the video. Today I was ready to absorb it. That's the wonderful thing about your video series, I can return as many times as necessary until I "learn" the material.
Great Work John , its really appreciated if you link each option with a real use case , as you mentioned for Private links . basically no one like to have a custom DNS with management overhead ,
So, as always, you nailed it. I would really say that John Savill is not only at least my SOA for Azure Knowledge. Maybe the video is a few days older; it's fundamental for every PaaS / IaaS Guy out there. Thank you so much!
Thank you John, awesome, as usually :) Your videos are now my main source of knowledge of Azure :) There are several questions left unanswered related to the private endpoint & DNS stuff: 1. In the private endpoint I can add "DNS Configuration" - what that does and what it is needed for is completely unclear. Private zones just work. They just need a record(s), so why do we need "DNS Configuration"? What it creates, and how it affects DNS resolution? 2. In the portal, when you create a private endpoint and want DNS integration, you cannot pick just a "random" private zone. It must have some specific name. So, what are these names needed for and how they work. I noticed that even if they are private, they can be resolved from the public internet. So it's sort of magic that needs some explanation.
not sure i follow. maybe read the docs as well. if you create private endpoint for PaaS service the DNS name is set as privatelink version of the regular zone.
@@NTFAQGuy I did, several times, it didn't help to explain how "DNS Configuration" works. E.g. how public PaaS DNS name resolves to the private endpoint cname when requested from the VNET. E.g. db-asse-staging-edge-ma-20201216.mysql.database.azure.com->db-asse-staging-edge-ma-20201216.privatelink.mysql.database.azure.com->Private IP, and the opposite, how my private DNS name (e.g. 20201216.privatelink.mysql.database.azure.com) is available from the public internet. And in general, there is no documentation on what is "DNS Configuration" in the private endpoint blade and how it affects private DNS zone
@@yahorsinkevich4451 it changes the main record to an alias which now resolves to the privatelink zone version. do an nslookup on the public record and you'll see its alias now that resolves to privatelink version which will only resolve if you're on a network with that record in the DNS, Azure or custom.
@@NTFAQGuy Yep, I already did, just didn't understand what caused that. Not it's clear, will play with that more. Last question, why there are some "magic" private DNS zone names. Is that just to make private version available externally? Sort of hardcoded convention?
If a customer has a landing zone with VPN to on-prem. There is a domain controller in Azure VM. VNET has custom DNS pointing to the on prem DNS. If the VPN goes down, do the Azure VMs still communicate? what is the correct architecture for this?
@@NTFAQGuy do we have to add the Azure VM DC replica IP to the customer DNS? if so, in Azure portal > VNet > DNS > would we have both on-prem DNS IP *and* the Azure VM DC replica IP?
Thanks for the video. Just to make sure I'm understanding... Imagine I have an on-premises network with 80 Windows 10 clients and 20 HP printers, no DNS sever, a DHCP server in the firewall and a site-to-site VPN to Azure. I want to add DNS for the on-premises LAN using Azure IaaS. The best way to do this so the on-premises devices will get auto-registered in DNS is to create a VM in Azure that runs DNS. The on-premises devices and the firewall will use the VPN to auto-register and resolve the on-premises zone. I'll set up the firewall to use split-DNS to send public DNS requests to a public DNS server while requests for the on-premises zone go the VM in Azure. Is that right, or is there a way to avoid running the DNS on the Azure VM?
If you want on-premises to auto register you need a dns server as you said I’m afraid. You could have that do public lookup as well if you wanted. Good luck
Hi John Thank you for the great explanation. Quick question, I need to implement Hybrid DNS -On Premise to Azure. We have Gateway VPN connection, I learn I need to add a forwarder, so my question is the DNS request form my OnPremise DNS into Forwarder are going through Internet? Or through VPN connection to Azure? Thank you.
I have a VNET configured with custom DNS servers. Those DNS servers are for my AADDS instance. I also have those two VNETs peered. When I create a point to site VPN to connect to the first VNET, I lose DNS name resolution from my PC. Is there a way to configure my VPN or VNET peerings so I can be connected to the VPN and also use my corporate DNS servers for resolution on my PC? Also.. fantastic video.
a VPN connection will normally inherit the DNS of the network you connect to which is required for accessing resources. Depending on VPN solution being used may be able to still hook into on-premises.
@@NTFAQGuy I am using the Azure VPN Client with AAD authentication. One workaround I just found was to just specify 8.8.8.8 after my custom DNS servers in order for name resolution to work on my PC. Is that something I should avoid doing?
Just stumbled on your content. Very excellent work. I have subscibed, liked and now commented ;) Great work on your videos. Great cadence and explanations.
Great video, thanks ! At the end of the video, you mentioned Azure Traffic Manager - have you ever considered adding a video about differences between Azure Application Gateway, Azure Load Balancer,, Azure Traffic Manager, and Azure Front Door ?
I am using custom dns. I can't seem to resolve any external/lnternet dns queries (can't access internet) unless I have 168.63.129.16 as a forwarder in my custom dns server. Is there any way I use any public dns to forward my external queries and not azure dns??
Hi John, thanks a lot for your videos, it is great and advanced content which really helps. One question, if one zone is public and private at the same time, will it go for the records of public zone in case it doesn't exist in private zone? Or if private exist it is only authoritative, for the answer, and won't go public? Thanks in advance
Thanks for the video, subscribed as well. Question: what hardware are you using here for MS Whiteboard? Just a normal TV with a touchscreen layer over it?
If you have a azure private dns zone yourself for let's say sql databases and you want to connect to database in another tenant (supplier) which is using a private endpoint for the database, but also allows public access, it will not resolve. Because azure dns server will return the cname privatelink and then dns will go and check your own private dns zone. A workaround is to add a record in your private dns zone and point it to the location specific dns cname of the database.
@@NTFAQGuy Sorry let me rephrase, if there are two VNets - VNet1 and VNet2, and I set the registration VNet to VNet2. can a VM in VNet1 resolve a VM in VNet2?
@@ravenbao3334 I already answered. Yes if it’s linked for resolution to that zone. Rewatch video I think you are missing point of vnet linking for registration and resolution
Thanks John, I really appreciate the high qulity content. I just have a question for my case. So a communications company will be the middle connection between my company's Azure infrastructure and our IoT devices deployed everywhere. We set up an S2S VPN connection with them to receive the traffic from the IoT devieces. I am just wondering, would the devices be able to send their DNS requests to Azure DNS (168.63.129.16) since they are connected via VPN, or should I set up a custom DNS server on a VM to forward their queries? Hope you will be able to read this, thank you very much :))))
the 168.. only works ON the vnet. anything connected to it would NOT work as I talk about in the video. you would have to setup a DNS resolved on the vnet which could forward. Thanks for watching.
John: If this is useful, please like, comment, subscribe and share. Me: * does all the above first and then watches the video because I know this video is going to be super helpful *
wow! now i know what recursive , conditional and forwarders are, all in under 5 min as appose to reading MS 100page document ..Thanks John as always u rock! .. . one question any video's on dns delegation for priv zone?
I mean it could but realize then you have two different sets of DNS with different records so depending on who you talk to for resolution you'll get inconsistent results.
In that case, can we host one of the on-prem DNs server (lift and shift) and place in the vnet where azure VMs are running and may be via GPO or PS scripts we update the primary DNS server details on all the VMs NiC at OS level?
Love this explanation. Thank you John for being thorough and not cutting corners.
Glad it was helpful!
Great SO far. Only 4 mins into the lecture. You never fail with providing a clean and concise explanation of an Azure topic. Felt rusty and not confident after going through the DNS topic on the Microsoft learn for az-104. Knew I would gain a better understanding of DNS once I landed here. Thanks again!
Probably the clearest DNS-related video I’ve ever seen. Thank you!!
You're very welcome!
I'm only 5 minutes into this, but had to stop and give a thumbs up. Thank you for putting this out there. So far, it's super clear and is answering some of my questions. I'm on old-fashioned IT consultant trying to learning about Azure networking.
Great to hear, thanks.
This was a brilliant walk-through. I learned a lot. I must have watched it before because I had that "red" line under the video. Today I was ready to absorb it. That's the wonderful thing about your video series, I can return as many times as necessary until I "learn" the material.
Hehe glad I can help 🤙
your explanation is so simple it is in the point where a vegetable can understand the concept, thanks
You are welcome!
You're the best, I'm not tired to say it each time I see your videos, your knowledge of Azure Infrastructure is Amazing :)
Very kind, thank you!
Studying for the Administrator exam, these videos are a lifesaver! Thanks again!
Best of luck!
Thanks a lot John, Very thorough explanation on Azure DNS. I really like the way you explain things. It is easy to understand and remember.
So awesome. Now i finally understood why a DNS resolver is needed when i want to access a DNS zone which is hosted in Azure DNS in hybrid scenarios.
great, i cover that even more in microsoft peering vs private peering with private endpoint video just posted on 2/23/2021
The fact that its non routable just explained a long lingering doubt, thanks John
DNS is always abroad topic to understand for me. It really helps me to understand deeply. Thank you, John.
Great explanation of Azure DNS. I really appreciate the white board, instead of just Power Point slides.
Great Work John , its really appreciated if you link each option with a real use case , as you mentioned for Private links . basically no one like to have a custom DNS with management overhead ,
The most underrated channel. He suppose to have millions subscriber
This is excellent John, exactly what I needed to fill gaps in a Udemy course for an exam
So, as always, you nailed it. I would really say that John Savill is not only at least my SOA for Azure Knowledge. Maybe the video is a few days older; it's fundamental for every PaaS / IaaS Guy out there. Thank you so much!
Thank you
Thank you John, awesome, as usually :) Your videos are now my main source of knowledge of Azure :)
There are several questions left unanswered related to the private endpoint & DNS stuff:
1. In the private endpoint I can add "DNS Configuration" - what that does and what it is needed for is completely unclear. Private zones just work. They just need a record(s), so why do we need "DNS Configuration"?
What it creates, and how it affects DNS resolution?
2. In the portal, when you create a private endpoint and want DNS integration, you cannot pick just a "random" private zone. It must have some specific name. So, what are these names needed for and how they work. I noticed that even if they are private, they can be resolved from the public internet. So it's sort of magic that needs some explanation.
not sure i follow. maybe read the docs as well. if you create private endpoint for PaaS service the DNS name is set as privatelink version of the regular zone.
@@NTFAQGuy I did, several times, it didn't help to explain how "DNS Configuration" works. E.g. how public PaaS DNS name resolves to the private endpoint cname when requested from the VNET. E.g. db-asse-staging-edge-ma-20201216.mysql.database.azure.com->db-asse-staging-edge-ma-20201216.privatelink.mysql.database.azure.com->Private IP, and the opposite, how my private DNS name (e.g. 20201216.privatelink.mysql.database.azure.com) is available from the public internet. And in general, there is no documentation on what is "DNS Configuration" in the private endpoint blade and how it affects private DNS zone
@@yahorsinkevich4451 it changes the main record to an alias which now resolves to the privatelink zone version. do an nslookup on the public record and you'll see its alias now that resolves to privatelink version which will only resolve if you're on a network with that record in the DNS, Azure or custom.
@@NTFAQGuy Yep, I already did, just didn't understand what caused that. Not it's clear, will play with that more. Last question, why there are some "magic" private DNS zone names. Is that just to make private version available externally? Sort of hardcoded convention?
@@yahorsinkevich4451 happens when you enable the private endpoint. not magic, its the same name as public with privatelink. good luck in your research
Amazing to know how Azure DNS works. Thank you, John, so much for such a great explanation.
My pleasure. Thanks for watching!
Fantastic info John! Really wish you had a whiteboard download for this video as DNS is a complex matter to explain verbally :D
Did you check description of video?
Nice, bite-sized video on Azure DNS. And glad to hear you're a Top Trumps fan, John - didn't think you were old enough to remember that card game!
haha, i may be older than you think
Again, many thanks. Contimually learning more about the world of Azure. About to do az-900 . Who said can't teach old dogs new stuff. Cheers
Thanks and agreed ;)
Thanks John. Yours is always the best and detailed explanation that is easier to understand.
Great to hear!
Should of touched on apex domain support using azure public dns. It's a hidden gem. Great video
Glad you enjoyed it.
If a customer has a landing zone with VPN to on-prem. There is a domain controller in Azure VM. VNET has custom DNS pointing to the on prem DNS. If the VPN goes down, do the Azure VMs still communicate? what is the correct architecture for this?
No, they can’t connect if the connection is down. Have dc replica in azure with dns and use that for the vnet
@@NTFAQGuy do we have to add the Azure VM DC replica IP to the customer DNS? if so, in Azure portal > VNet > DNS > would we have both on-prem DNS IP *and* the Azure VM DC replica IP?
@@ricardovazquez4333 may only have the azure VM IP for the DNS or maybe on-prem as backup or have multiple in azure
Succint and friendly overview. Thanks a mil for sharing this, John!
On a scale of 1-10, this video is a 12, thank you John.
That's very kind. thank you
Great video, John. Please keep producing them...
Brilliant! Just brilliant. Thank you for explaining it in ways which are so easy to understand.
Thanks for the video. Just to make sure I'm understanding... Imagine I have an on-premises network with 80 Windows 10 clients and 20 HP printers, no DNS sever, a DHCP server in the firewall and a site-to-site VPN to Azure. I want to add DNS for the on-premises LAN using Azure IaaS. The best way to do this so the on-premises devices will get auto-registered in DNS is to create a VM in Azure that runs DNS. The on-premises devices and the firewall will use the VPN to auto-register and resolve the on-premises zone. I'll set up the firewall to use split-DNS to send public DNS requests to a public DNS server while requests for the on-premises zone go the VM in Azure. Is that right, or is there a way to avoid running the DNS on the Azure VM?
If you want on-premises to auto register you need a dns server as you said I’m afraid. You could have that do public lookup as well if you wanted. Good luck
Finally I can see light at the end of the tunnel. Thanks !!
Thanks mate, it's very detailed and easy to follow as I build my Azure Cloud foundation.
Glad it helped
Awesome, I love the way that you explain on Whiteboard. It make more sense to me
Great to hear, thanks.
Best Azure teacher on youtube. Thank you very much
Thanks ☁️🤙💪
Hi John
Thank you for the great explanation.
Quick question, I need to implement Hybrid DNS -On Premise to Azure.
We have Gateway VPN connection, I learn I need to add a forwarder, so my question is the DNS request form my OnPremise DNS into Forwarder are going through Internet?
Or through VPN connection to Azure?
Thank you.
if you want to forward to forwarder in a vnet you need s2s VPN or ExpressRoute.
Thanks for this John, you covered the Private-Link resolution which I was struggling with 😀
Glad it was helpful!
same here ... was so glad he covered it :)
I have a VNET configured with custom DNS servers. Those DNS servers are for my AADDS instance. I also have those two VNETs peered. When I create a point to site VPN to connect to the first VNET, I lose DNS name resolution from my PC. Is there a way to configure my VPN or VNET peerings so I can be connected to the VPN and also use my corporate DNS servers for resolution on my PC?
Also.. fantastic video.
a VPN connection will normally inherit the DNS of the network you connect to which is required for accessing resources. Depending on VPN solution being used may be able to still hook into on-premises.
@@NTFAQGuy I am using the Azure VPN Client with AAD authentication. One workaround I just found was to just specify 8.8.8.8 after my custom DNS servers in order for name resolution to work on my PC. Is that something I should avoid doing?
Just stumbled on your content. Very excellent work. I have subscibed, liked and now commented ;)
Great work on your videos. Great cadence and explanations.
Awesome, thank you!
Bodybuilder from IT. Great sir
Lol
Great video, thanks !
At the end of the video, you mentioned Azure Traffic Manager - have you ever considered adding a video about differences between Azure Application Gateway, Azure Load Balancer,, Azure Traffic Manager, and Azure Front Door ?
I’ll think about it. I have done that briefly in other videos.
I am using custom dns. I can't seem to resolve any external/lnternet dns queries (can't access internet) unless I have 168.63.129.16 as a forwarder in my custom dns server. Is there any way I use any public dns to forward my external queries and not azure dns??
Check your custom dns server has the root hint records or it can’t iteratively find other zones
Very nicely explained. TY John!
The best lecture on DNS In Azure wow!!!
Thank you!
Thanks for the video. Imagine I have added DNS entry on both at vnet & nic level..A virtual machine will look for which one? VNET or NIC
NIC config will win
@@NTFAQGuy Thanks for the reply
Best Man with Best DNS Lecture!!
It is so adorable the way you tech sir 🤩 big fan
Great job explaining DNS, John. Thanks!
My pleasure, thanks for watching!
Very informative and fun to watch at the same time
Thanks
Hi John, thanks a lot for your videos, it is great and advanced content which really helps.
One question, if one zone is public and private at the same time, will it go for the records of public zone in case it doesn't exist in private zone? Or if private exist it is only authoritative, for the answer, and won't go public?
Thanks in advance
Don’t believe so since private is authoritative.
Thanks for the video, subscribed as well. Question: what hardware are you using here for MS Whiteboard? Just a normal TV with a touchscreen layer over it?
i created a video about a week ago going through the full setup ;-)
Great video! SUGGESTION: Consider a lapel mike rather than directional - every time you turn toward the whiteboard your audio lowers.
Great insight to internal DNS in Azure!
Glad it was helpful!
Thank you excellent explanation, which white board and technology do you use?
Thanks. There is playlist on channel of setup
The best Channel. I found it very useful.
Thank you very much! It helps me to understand how it works! I appreciate it!
Thank you for your time and good explanation.
If you have a azure private dns zone yourself for let's say sql databases and you want to connect to database in another tenant (supplier) which is using a private endpoint for the database, but also allows public access, it will not resolve. Because azure dns server will return the cname privatelink and then dns will go and check your own private dns zone. A workaround is to add a record in your private dns zone and point it to the location specific dns cname of the database.
Yep, that’s dns :)
Hi John, if a VM is not in any registration VNet, can it resolve other VMs that are in some registration VNet(s)?
Don’t really understand the question but it can resolve those to the private dns zones the vnet is linked for resolution as I explain in the video
@@NTFAQGuy Sorry let me rephrase, if there are two VNets - VNet1 and VNet2, and I set the registration VNet to VNet2. can a VM in VNet1 resolve a VM in VNet2?
@@ravenbao3334 I already answered. Yes if it’s linked for resolution to that zone. Rewatch video I think you are missing point of vnet linking for registration and resolution
Well rendered mate! I am hitting subscribe straight away!
Awesome, thank you!
Thanks John, I really appreciate the high qulity content. I just have a question for my case. So a communications company will be the middle connection between my company's Azure infrastructure and our IoT devices deployed everywhere. We set up an S2S VPN connection with them to receive the traffic from the IoT devieces. I am just wondering, would the devices be able to send their DNS requests to Azure DNS (168.63.129.16) since they are connected via VPN, or should I set up a custom DNS server on a VM to forward their queries? Hope you will be able to read this, thank you very much :))))
the 168.. only works ON the vnet. anything connected to it would NOT work as I talk about in the video. you would have to setup a DNS resolved on the vnet which could forward. Thanks for watching.
@@NTFAQGuy thank you very much for the quick response, you gained one subscriber :)
hehe, thanks :-)
You are amazing.Thank you for explaining the concepts so clearly.
Very kind, thank you.
John: If this is useful, please like, comment, subscribe and share.
Me: * does all the above first and then watches the video because I know this video is going to be super helpful *
Hehe thank you
wow! now i know what recursive , conditional and forwarders are, all in under 5 min as appose to reading MS 100page document ..Thanks John as always u rock! .. . one question any video's on dns delegation for priv zone?
This is my only dns centric video but for private you link to vnets and if child it’s separate zone that links to vnet as well.
Can the private DNS zone name in azure be same as the on-prem DNS zone name?
I mean it could but realize then you have two different sets of DNS with different records so depending on who you talk to for resolution you'll get inconsistent results.
In that case, can we host one of the on-prem DNs server (lift and shift) and place in the vnet where azure VMs are running and may be via GPO or PS scripts we update the primary DNS server details on all the VMs NiC at OS level?
You could have a replica in a VM in Azure then change the vnet to use custom DNS and point to that. There are many options.
Superb as always John!
Thank you.
Watching this 4 years down the line - just to prep for AZ104. Thank you for your work, good sir.
As usual a perfect video, thanks a lot for sharing 👍
Welcome!
Cracking content as always John!
Glad you enjoyed it
What is that monitor you are using look great
There is a setup playlist
Awesome. Keep it up John
Great walkthrough, thank you!
Nicely done John, keep up the good work. I learned new things today = good day :-)
Awesome!!!!
Excellent tutorial. Thanks!
Glad you enjoyed it!
man finally i understand this. thank you so much!
You're welcome!
Great stuff, as always!
Glad you enjoyed it!
Thank you John, excellent content
Great video, I'd like you to breakdown auto registration and name resolution as some of us are pretty new
I have more basic IP videos on that channel. Recommend you watch those for fundamentals.
thank you John, this content is so valuable
Glad you enjoyed it
Thank you for taking my request :) , this is amazing and exactly what I needed . Appreciate it .
No problem 😊
Excellent Explanation Sir 🙏
Amazing, very useful video.
Are those private DNS zones VNETs?
No they get linked to vnets
Very well explained. 😄
Thanks for the explanation. I have subscribed as well.
Awesome, thank you!
Great work as always.
I appreciate that
you are an excellent teacher, do you have a course in Udemy?
Thanks and no. All on this channel. Multiple masterclasses etc
Thanks for great vedio
Most welcome
Merciiii beaucoup.. you are the best 👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻👍🏻
hehe, my pleasure.
One word. Awesome!
Thank you
Amazing video!!
Great content!
Great video!!
Great job!
Thanks!
You Rock!! Thank you so much
Thanks. Appreciate you watching!
Excellent.
Many thanks!
GREAT!!