What is a private Azure DNS zone
Azure Private DNS provides a reliable, secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. By using private DNS zones, you can use your own custom domain names rather than the Azure-provided names available today.
The records contained in a private DNS zone are not resolvable from the Internet. DNS resolution against a private DNS zone works only from virtual networks that are linked to it.
You can link a private DNS zone to one or more virtual networks by creating virtual network links. You can also enable auto-registration feature to automatically manage the life cycle of the DNS records for the virtual machines deployed in a virtual network.
To understand how many private DNS zones you can create in a subscription and how many record sets are supported in a private DNS zone see Azure DNS limits
- Single labeled private DNS zones are not supported. Your private DNS zone must have two or more labels. For example contoso.com has two labels separated by a dot. A private DNS zone can have a maximum 34 labels.
- You can't create zone delegations (NS records) in a private DNS zone. If you intend to use a child domain, you can directly create the domain as a private DNS zone and link it to virtual network without setting up a nameserver delegation from the parent zone.
Read about some common private zone scenarios that can be realized with private zones in Azure DNS.
For common questions and answers about private zones in Azure DNS, including specific behavior you can expect for certain kinds of operations, see Private DNS FAQ.