AZ-104 Microsoft Azure Administrator Exam

Configure Azure DNS

Azure DNS is a hosting service for DNS domains that provides name resolution using Microsoft Azure’s infrastructure. By hosting your DNS domain in Azure, you can manage record sets and query resolution without running your own name servers. Azure DNS ensures high availability and low latency by using Azure’s global network.

A DNS zone is a container for DNS records that share the same namespace. You create a zone for each domain, such as contoso.com, and then add record sets for subdomains or services. Record types include:

• A record for mapping a domain to an IPv4 address
• CNAME record for aliasing one name to another
• MX record for email exchange routing
• TXT record for arbitrary text, often used for verification

To manage records, you use the Azure portal, Azure CLI, or Azure PowerShell. You can add, update, or delete record sets and configure time-to-live (TTL) to control how long DNS resolvers cache the records. Lower TTL values help in faster failover during changes, while higher values reduce query traffic.

Advanced features include private DNS zones for internal resolution and zone delegation to split responsibility between different teams or subscriptions. You can link private zones to virtual networks for secure, private DNS resolution. These capabilities help keep your DNS architecture both scalable and secure.

Configure an internal or public load balancer

An Azure Load Balancer distributes inbound network traffic to backend resources, improving application performance and availability. It works at the transport layer (Layer 4) and handles TCP or UDP traffic. A load balancer can be configured as public or internal, depending on accessibility needs.

A public load balancer has a public IP address that routes internet traffic to your VMs or services, while an internal load balancer uses a private IP address for traffic within a virtual network. Key components include:

• Frontend IP configuration
• Backend address pool
• Load balancing rules
• Health probes

You define health probes to check the status of each backend instance. If a probe fails, the load balancer stops sending traffic to that instance until it recovers. Regular health probing ensures that users are only directed to healthy resources.

Azure offers two SKUs for load balancers: Basic and Standard. The Basic SKU is suitable for small-scale or non-critical workloads, whereas the Standard SKU supports higher throughput, zone redundancy, and more advanced security features. Choose the right SKU based on your performance and availability requirements.

Troubleshoot load balancing

Troubleshooting Azure Load Balancer issues often starts with verifying health probe statuses. Use the Azure portal or CLI to check if probes are passing for all backend instances. Failed probes usually indicate connectivity problems or misconfigured probe settings.

Next, review network security groups (NSGs), user-defined routes (UDRs), and firewall rules that might block traffic. Ensure that necessary ports are open and that traffic flows between the load balancer and backend VMs on both frontend and backend subnets. Common culprits include:

• Blocked inbound or outbound port rules
• Incorrect subnet assignments
• Overlapping address spaces

Use Azure diagnostic logs and metrics to gather data on dropped packets and latency. Enable logging for the load balancer and health probes to get detailed insights. Proactive monitoring helps you detect issues before they affect users.

Common issues also involve misconfigured load balancing rules, such as incorrect port mappings or protocol mismatches. Validate that each rule points to the correct backend port and protocol. Following best practices for naming conventions and organized resource groups makes troubleshooting faster and reduces configuration errors.

Conclusion

In this section, you learned how to use Azure DNS to manage name resolution for both public and private domains. You also explored how to configure public and internal Azure Load Balancers, including their key components like frontend IPs, backend pools, and health probes. Finally, you reviewed common troubleshooting steps, from checking health probe statuses to analyzing NSG rules and diagnostic logs. Together, these skills help ensure your Azure applications remain accessible, reliable, and performant under varying traffic conditions.