Creating Private DNS Zones for company-friendly aliases (CNAME) in Azure

Working with Azure resources often means dealing with complex FQDNs like myapp.azurewebsites.net or mystorageaccount.blob.core.windows.net. While these work perfectly fine, they’re not always the most user-friendly or company-branded names for your internal teams to remember and use. That’s where Azure Private DNS zones come to the rescue, allowing you to create custom, company-friendly aliases for your Azure resources.

In this article, I’ll show you how to set up a Private DNS zone to create a CNAME record that maps a company domain to your Azure App Service, making it accessible via a URL like app.mycompany.com.

What are Azure Private DNS Zones?

Azure Private DNS zones provide name resolution services within your virtual networks using custom domain names. Unlike public DNS zones, these are only accessible from your linked virtual networks, making them a perfect option for internal company resources.

The Setup: Creating a company-friendly alias

We are going to create the following resources

Step 1: Create the Resource Group

First, let’s create a resource group to organize our resources

az group create --name rg-dns-dev --location "Switzerland North"

Step 2: Create the Virtual Network

Create a virtual network and a subnet that will be linked to our Private DNS zone

az network vnet create \
  --name vnet-dns-dev \
  --resource-group rg-dns-dev \
  --location "Switzerland North" \
  --address-prefix 10.0.0.0/16 \
  --subnet-name snet-dns-dev \
  --subnet-prefix 10.0.0.0/24

Step 3: Create the Private DNS Zone

Now, create the Private DNS zone with our company domain

az network private-dns zone create \
  --name mycompany.com \
  --resource-group rg-dns-dev

The new link connects your VNet to the Private DNS zone, meaning that without it, resources in the VNet would not be able to resolve the custom domain names:

az network private-dns link vnet create \
  --name link-vnet-dns-dev \
  --resource-group rg-dns-dev \
  --zone-name mycompany.com \
  --virtual-network vnet-dns-dev \
  --registration-enabled false

Step 5: Create the CNAME Record

Finally, create the CNAME record that aliases your company-friendly name to the Azure App Service:

az network private-dns record-set cname create \
  --name app \
  --resource-group rg-dns-dev \
  --zone-name mycompany.com \
  --ttl 10

az network private-dns record-set cname set-record \
  --record-set-name app \
  --resource-group rg-dns-dev \
  --zone-name mycompany.com \
  --cname myapp.azurewebsites.net

Testing the Setup

Once everything is configured, VMs or other resources within your linked virtual network can resolve app.mycompany.com to your Azure App Service. You can test this by:

  1. Connecting to a VM in your VNet
  2. Running nslookup app.mycompany.com
  3. Verifying it resolves to your Azure App Service

Additional information

Remember to always test your DNS configuration thoroughly before deploying to production environments!

comments powered by Disqus