Azure DNS is used for two scenarios:

  1. Internet-facing name resolution for a public DNS Domain.
  2. Internal name resolution, e.g., Virtual machines within VNets.

To get started creating DNS Zones, login to Azure and search for DNS Zone. You can host different DNS Zones in different resource groups. DNS is a global service hence the location used is simply an indicator of the resource group location.

When it's done creating, the Name servers assigned to our zone are shown below.

For example, in the record sets section, the recordset name @ represents that all queries performed against the zone will be resolved by the name servers selected.
To add a new recordset, we select the corresponding button and type out the representative recordset name. In my example, it's This has a single A record type of a public IP to one of my development environment VMs

This achieves any DNS queries that are performed against that public IP will be resolved by the Name servers of my zone. We can perform a tracert to confirm this.

Private DNS Zones

Private DNS Zones are used to isolate your network interfaces/Azure virtual networks and the associated resources, for example, virtual machines from the Azure provided DNS Public service. We can confirm this by browsing to the DNS blade of the VNet on which our Virtual Machine is situated.

We can also note something similar on the DNS suffix of our Virtual Machine using an Azure Public DNS.

Create a DNS Private Zone creates a new resource and then, give your zone a name.

When it's done creating, we shall get something similar to what we created in the Public DNS Zone, only that this time we have an SOA record only and a private DNS host as shown below.

To join our resources to this new zone, we shall register the VNets on which our resources sit, and then this will enable them to get the private IP addresses from the private zone.

To effect the changes, I will restart one of my virtual machines to add a DNS record to our private zone automatically.

To configure our VMs to use the new DNS suffix, we'll do that manually on the machine. You can also do this on multiple machines using a Powershell script.

After restarting the machine, we will see our new DNS Suffix to the private DNS zone.