Azure has a major problem with DNS and Azure DNS is a mess. I am sure they could resolve it, but I am unsure they desire or care. Don’t get me wrong in the technical sense of point something at DNS and it resolves reliably, as the DNS servers are reliable, but there are a multitude of DNS service to meet a multitude of problems Microsoft has created. Why do I say created, well no one else engineered the problems into the system?
There are a multitude of DNS Services within Azure and these are all there to fill an issue. If you’re running Entra and want to connect servers to Entra for the use of domain accounts for work on those VM’s then you need Entra DNS. There is no other way to connect to Entra from a VM without it. Then you will use private end points so you get private DNS . Finally, you might have a reason to have your own DNS server, perhaps you want to have a internal.companyname domain for all of your VMs. There are likely a few more reasons other than the one a lot of organizations needs and that in resolution of internal self hosted servers and services. A container or VM could host this. There’s a good image for a container here https://github.com/whiteducksoftware/az-dns-forwarder
One thing if you don’t have a grasp of this is resolving resources across different subscriptions and resource groups. Yes, you create private DNS zones at the resource group level. I am sure there are good reasons but stuffed if I know why. Maybe it’s considered a security feature. Private DNS objects need to be connected to subnets where you wish to resolve things. This can be problematic with the resource group resolution as you’re limited to one category of service zone linked to a Vnet. You may copy resource details across zone files to allow a service to resolve in that Vnet.
There are some solutions and I’ll have that in following posts
To sum it up that while DNS can be complicated. I did many years ago create a DNS service hand crafting Bind zone files and there’s a lot that goes into setting up DNS by hand, but the variations of services and what you can and have to do is the mess. As we all know Microsoft documentation is a mess and sparse at times so we all need blog posts like this to make sense of it
