AZ-800 Administering Windows Server Hybrid Core Infrastructure Exam

Implement on-premises and hybrid name resolution

Name resolution is the process of translating human-friendly names into IP addresses so devices can find each other. This is done through Domain Name System (DNS) servers that store records for devices and services. On-premises DNS servers host primary, secondary, and stub zones to manage different parts of the network. Ensuring that these zones are up to date and replicated correctly is crucial for reliable name resolution.

In on-premises environments, administrators create forward lookup zones for mapping names to addresses and reverse lookup zones for mapping addresses back to names. They also configure resource records like A, AAAA, and CNAME to define how each name is resolved. To improve performance, teams set up conditional forwarders that direct queries for specific domains to the appropriate DNS server, reducing lookup times. Monitoring zone health and replication status helps catch errors early.

For hybrid scenarios, Azure offers Private DNS Zones that can be linked to one or more virtual networks. This lets Azure VMs resolve names for on-premises resources and vice versa. You can use Azure Private DNS in combination with on-prem DNS by setting up DNS forwarding rules. These rules send queries for on-premises names to your local DNS servers and queries for Azure names to Azure DNS resolvers.

Implementing hybrid name resolution also involves configuring inbound and outbound endpoints in Azure DNS Private Resolver. Outbound endpoints forward DNS queries from Azure to on-premises DNS, while inbound endpoints allow on-prem DNS servers to resolve Azure private zones. Regularly test name resolution paths using tools like nslookup or Resolve-DnsName. This ensures that both on-premises and cloud resources can find each other without delays or errors.

Manage IP addressing in on-premises and hybrid scenarios

Effective IP addressing ensures devices have unique addresses and can communicate without conflicts. In on-premises networks, administrators use Dynamic Host Configuration Protocol (DHCP) servers to assign addresses dynamically and handle lease renewals. They also create static reservations for servers and printers to keep their addresses constant. Proper scope definition and address planning help avoid overlaps that can cause network issues.

On-premises DHCP scopes define ranges of IP addresses that can be assigned to clients. Teams often reserve parts of the range for specific device types, such as desktops or IoT devices. They might also configure DHCP options to send gateway and DNS server settings automatically. Monitoring scope utilization ensures that addresses are always available, and adjusting scopes prevents address exhaustion.

In hybrid setups, you must plan address spaces so that Azure virtual networks (VNets) do not overlap with on-premises subnets. Azure VNets use CIDR notation (for example, 10.1.0.0/16) to define their address range. Creating multiple subnets within a VNet helps isolate workloads, such as web servers and databases. Tools like Azure Network Manager can help visualize and manage these address spaces.

When on-premises and Azure need to talk, Network Address Translation (NAT) may be required. Azure Virtual Network NAT can translate outbound traffic from a VNet to the internet or on-premises. On-premises routers and firewalls also perform NAT for traffic destined to Azure. Planning NAT rules carefully and documenting them is essential to avoid unexpected connectivity problems.

Implement on-premises and hybrid network connectivity

Building hybrid network connectivity links on-premises networks with Azure so resources can communicate securely and efficiently. The two main methods are site-to-site VPN and ExpressRoute. A site-to-site VPN uses IPsec tunnels over the internet to protect data in transit, while ExpressRoute provides a private, dedicated circuit with higher bandwidth and lower latency.

With site-to-site VPN, you configure a local network gateway on Azure that represents your on-premises VPN device. Then you deploy a virtual network gateway in Azure to establish the encrypted tunnel. You define shared keys and IPsec/IKE policies to secure the connection. This method is cost-effective and easy to set up but may have variable performance based on internet conditions.

ExpressRoute involves working with a connectivity provider to set up a private link between your on-premises data center and Azure datacenters. You create an ExpressRoute circuit and associate it with your VNets. This option offers consistent bandwidth and better SLA guarantees. ExpressRoute supports Global Reach, allowing you to connect multiple on-premises sites through the Microsoft network.

Routing plays a key role in hybrid connectivity. On-premises routers use Border Gateway Protocol (BGP) to exchange routes with Azure, ensuring networks stay in sync as subnets change. In Azure, you configure route tables and user-defined routes to direct traffic along the correct path. Monitoring tools like Azure Network Watcher help you test connectivity and view logs, making it easier to troubleshoot issues.

Conclusion

Effective hybrid networking starts with reliable name resolution, ensuring devices can find each other whether they are on-premises or in Azure. Implementing DNS zones, resource records, and forwarding rules ties your environments together. Testing regularly and using Azure Private DNS ensures that lookups succeed every time.

Managing IP addressing is the next step, where planners assign unique ranges and configure DHCP scopes on-premises and in Azure. Avoiding overlapping subnets and using NAT where needed keeps traffic flowing smoothly. Good documentation and monitoring of address utilization prevent conflicts and downtime.

Finally, building network connectivity with site-to-site VPN or ExpressRoute links your sites with secure tunnels and high-speed circuits. Proper routing with BGP and Azure route tables directs traffic correctly. By combining these elements—name resolution, IP addressing, and connectivity—you create a cohesive hybrid network that supports both existing infrastructure and cloud growth.