Creating Private DNS Zones for company-friendly aliases (CNAME) in Azure
Ever struggled with cryptic Azure resource URLs like myapp123.westeurope.cloudapp.azure.com or mystorageaccount.blob.core.windows.net?
While these work perfectly fine, they’re not always the most user-friendly or company-branded names for your internal teams to remember and use. That’s where Azure Private DNS zones come to the rescue, allowing you to create custom, company-friendly aliases for your Azure resources.
This guide walks you through:
- Creating a Private DNS Zone in Azure
- Linking it to a Virtual Network
- Adding custom CNAME records for internal aliasing
- Validating resolution from within the network
What are Azure Private DNS Zones?
Azure Private DNS zones provide name resolution services within your virtual networks using custom domain names. Unlike public DNS zones, these are only accessible from your linked virtual networks, making them a perfect option for internal company resources.
The Setup: Creating a company-friendly alias
We are going to create the following resources:
- Resource Group named
rg-dns-dev - Virtual Network named
vnet-dns-dev - Private DNS Zone named
mycompany.com - CNAME Record named
apppointing tomyapp.azurewebsites.net - Virtual Network Link connecting the DNS zone to our VNet named
vnet-dns-dev
Step 1: Create the Resource Group
First, let’s create a resource group to organize our resources
az group create --name rg-dns-dev --location "Switzerland North"
Step 2: Create the Virtual Network
Create a virtual network and a subnet that will be linked to our Private DNS zone
az network vnet create \
--name vnet-dns-dev \
--resource-group rg-dns-dev \
--location "Switzerland North" \
--address-prefix 10.0.0.0/16 \
--subnet-name snet-dns-dev \
--subnet-prefix 10.0.0.0/24
Step 3: Create the Private DNS Zone
Now, create the Private DNS zone with our company domain
az network private-dns zone create \
--name mycompany.com \
--resource-group rg-dns-dev
Step 4: Link the Virtual Network to the DNS Zone
The new link connects your VNet to the Private DNS zone, meaning that without it, resources in the VNet would not be able to resolve the custom domain names:
az network private-dns link vnet create \
--name link-vnet-dns-dev \
--resource-group rg-dns-dev \
--zone-name mycompany.com \
--virtual-network vnet-dns-dev \
--registration-enabled false
Step 5: Create the CNAME Record
Finally, create the CNAME record that aliases your company-friendly name to the Azure App Service:
az network private-dns record-set cname create \
--name app \
--resource-group rg-dns-dev \
--zone-name mycompany.com \
--ttl 10
az network private-dns record-set cname set-record \
--record-set-name app \
--resource-group rg-dns-dev \
--zone-name mycompany.com \
--cname myapp.azurewebsites.net
Testing the Setup
Once everything is configured, VMs or other resources within your linked virtual network can resolve https://example.com to your Azure App Service. You can test this by:
- Connecting to a VM in your VNet
- Running
nslookup app.mycompany.com - Verifying it resolves to your Azure App Service
Additional information
- Multi-Environment Setups: You can use different DNS zones for each environment you are administrating, for example in my case:
dev,uat, andprod. - For more complex scenarios, you can also create A Records for direct IP mapping for example between a company-friendly domain and an private IP of an Azure resource.
Remember to always test your DNS configuration thoroughly before deploying to production environments!