Guest Post – Thanks to Marius Sandbu for great information

Azure provides internal name resolution for VMs and role instances (including app services) for all services that reside within a virtual network. When setting up a virtual network it will by default use the internal Azure DNS service.

When you setup a virtual machine within this VNET it will automatically get assigned IP by a DHCP service and DNS lookup services by an internal IP address 168.63.129.16. This IP address is an internal VIP address by Microsoft (Which is only available internally from within Azure) https://docs.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16 (Traffic should not be blocked to this IP address, this address is static and will not change)

You can also change the DNS Server scope on a virtual network, but this will not affect other virtual networks that are peered or otherwise connected to the virtual network using VPN or ExpressRoute.

When it comes to providing DNS Servces in Azure, there are a couple of options.

  • Azure built-in DNS (Does not provide any ability to change or update record)
  • DNS Server running IaaS (Provides full flexibility, but requires that you have virtual machines that running to deliver DNS services)
  • DNS Proxy (Having a virtual machine or service which can provide DNS services for services in Azure but authoritative DNS servers are outside of Azure)
  • Azure DNS Private Zones (An internal DNS Service in Azure which can provide DNS lookup within a virtual network, allows you to manage records in Azure)

For more architecture ,download below guide