AZ-104 Objective 4.3: Configure Name Resolution and Load Balancing
•45 min read•Microsoft Azure Administrator
AZ-104 Exam Focus: This objective covers Azure DNS configuration and load balancing services. Understanding DNS management, internal and public load balancers, and load balancing troubleshooting is crucial for Azure administrators managing network services and application availability. Master these concepts for both exam success and real-world Azure network service management.
Understanding Name Resolution and Load Balancing in Azure
Name resolution and load balancing are fundamental network services that ensure reliable connectivity and high availability for applications. Azure provides comprehensive DNS services and multiple load balancing options to meet different requirements. These services work with Azure Virtual Networks and integrate with Azure App Service for web application hosting.
Key Components
- Azure DNS: Hosted DNS service for domain name resolution
- Azure Load Balancer: Layer 4 load balancing for TCP/UDP traffic
- Application Gateway: Layer 7 load balancing with advanced features
- Traffic Manager: DNS-based global load balancing
- Front Door: Global CDN and load balancing service
1. Configure Azure DNS
Azure DNS is a hosting service for DNS domains that provides name resolution using Microsoft's Azure infrastructure. It offers high availability, security, and performance for your DNS queries.
Azure DNS Features
Core Capabilities:
- High Availability: 99.99% SLA with global distribution
- Fast Resolution: Low-latency DNS queries worldwide
- Security: Built-in DDoS protection and DNSSEC support
- Integration: Seamless integration with Azure services
- Private DNS: Private DNS zones for internal resolution
- Alias Records: Point to Azure resources with automatic updates
Creating DNS Zones
# Create public DNS zone az network dns zone create \ --name mydomain.com \ --resource-group myResourceGroup # Create private DNS zone az network dns zone create \ --name mydomain.local \ --resource-group myResourceGroup \ --zone-type Private # Link private DNS zone to VNet az network private-dns link vnet create \ --name myDNSLink \ --resource-group myResourceGroup \ --zone-name mydomain.local \ --virtual-network myVNet \ --registration-enabled true
Creating DNS Records
# Create A record
az network dns record-set a add-record \
--resource-group myResourceGroup \
--zone-name mydomain.com \
--record-set-name www \
--ipv4-address 10.0.1.4
# Create CNAME record
az network dns record-set cname set-record \
--resource-group myResourceGroup \
--zone-name mydomain.com \
--record-set-name blog \
--cname blog.mydomain.com
# Create MX record
az network dns record-set mx add-record \
--resource-group myResourceGroup \
--zone-name mydomain.com \
--record-set-name @ \
--exchange mail.mydomain.com \
--preference 10
# Create alias record (points to Azure resource)
az network dns record-set a create \
--resource-group myResourceGroup \
--zone-name mydomain.com \
--name www \
--target-resource /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIPDNS Record Types
| Record Type | Purpose | Example | Notes |
|---|---|---|---|
| A | IPv4 address | www.mydomain.com → 10.0.1.4 | Most common record type |
| AAAA | IPv6 address | www.mydomain.com → 2001:db8::1 | IPv6 support |
| CNAME | Canonical name | blog.mydomain.com → www.mydomain.com | Cannot use with root domain |
| MX | Mail exchange | mydomain.com → mail.mydomain.com | Email routing |
| TXT | Text record | Domain verification, SPF | Verification and policies |
2. Configure an Internal or Public Load Balancer
Azure Load Balancer provides high availability and network performance for your applications by distributing incoming traffic across multiple VMs or service instances.
Load Balancer Types
Load Balancer SKUs:
- Basic: Free tier with basic features
- Standard: Advanced features with higher SLA
- Public: Internet-facing load balancer
- Internal: Private load balancer within VNet
Creating a Public Load Balancer
# Create public IP for load balancer az network public-ip create \ --name myLoadBalancerPublicIP \ --resource-group myResourceGroup \ --location eastus \ --sku Standard \ --allocation-method Static # Create public load balancer az network lb create \ --name myPublicLoadBalancer \ --resource-group myResourceGroup \ --location eastus \ --sku Standard \ --public-ip-address myLoadBalancerPublicIP # Create backend address pool az network lb address-pool create \ --name myBackendPool \ --resource-group myResourceGroup \ --lb-name myPublicLoadBalancer # Create health probe az network lb probe create \ --name myHealthProbe \ --resource-group myResourceGroup \ --lb-name myPublicLoadBalancer \ --protocol Http \ --port 80 \ --path /health # Create load balancing rule az network lb rule create \ --name myLoadBalancerRule \ --resource-group myResourceGroup \ --lb-name myPublicLoadBalancer \ --protocol Tcp \ --frontend-port 80 \ --backend-port 80 \ --frontend-ip-name LoadBalancerFrontEnd \ --backend-pool-name myBackendPool \ --probe-name myHealthProbe
Creating an Internal Load Balancer
# Create internal load balancer az network lb create \ --name myInternalLoadBalancer \ --resource-group myResourceGroup \ --location eastus \ --sku Standard \ --vnet-name myVNet \ --subnet mySubnet \ --private-ip-address 10.0.1.100 # Create backend address pool az network lb address-pool create \ --name myInternalBackendPool \ --resource-group myResourceGroup \ --lb-name myInternalLoadBalancer # Create health probe az network lb probe create \ --name myInternalHealthProbe \ --resource-group myResourceGroup \ --lb-name myInternalLoadBalancer \ --protocol Tcp \ --port 80 # Create load balancing rule az network lb rule create \ --name myInternalLoadBalancerRule \ --resource-group myResourceGroup \ --lb-name myInternalLoadBalancer \ --protocol Tcp \ --frontend-port 80 \ --backend-port 80 \ --frontend-ip-name LoadBalancerFrontEnd \ --backend-pool-name myInternalBackendPool \ --probe-name myInternalHealthProbe
Load Balancer Configuration Options
| Feature | Basic SKU | Standard SKU |
|---|---|---|
| Availability Zones | No | Yes |
| HA Ports | No | Yes |
| Outbound Rules | No | Yes |
| Multiple Frontend IPs | No | Yes |
| Diagnostics | Limited | Full |
Load Balancing Rules and Distribution
Distribution Methods:
- 5-tuple Hash: Source IP, source port, destination IP, destination port, protocol
- 3-tuple Hash: Source IP, destination IP, destination port
- Source IP Affinity: Sticky sessions based on source IP
- Session Persistence: Maintain client connections to same backend
Health Probes
# Create HTTP health probe az network lb probe create \ --name myHTTPProbe \ --resource-group myResourceGroup \ --lb-name myLoadBalancer \ --protocol Http \ --port 80 \ --path /health \ --interval 15 \ --threshold 2 # Create TCP health probe az network lb probe create \ --name myTCPProbe \ --resource-group myResourceGroup \ --lb-name myLoadBalancer \ --protocol Tcp \ --port 80 \ --interval 15 \ --threshold 2 # Create HTTPS health probe az network lb probe create \ --name myHTTPSProbe \ --resource-group myResourceGroup \ --lb-name myLoadBalancer \ --protocol Https \ --port 443 \ --path /health \ --interval 15 \ --threshold 2
3. Troubleshoot Load Balancing
Load balancing troubleshooting involves identifying connectivity issues, health probe failures, and traffic distribution problems. Understanding common issues and diagnostic tools is essential for maintaining service availability.
Common Load Balancing Issues
Troubleshooting Checklist:
- Check health probe configuration and responses
- Verify backend pool member status
- Validate load balancing rules and port configuration
- Check NSG rules for load balancer traffic
- Verify backend server application health
- Test connectivity from different sources
- Review load balancer metrics and logs
Load Balancer Diagnostics
# Check load balancer status
az network lb show \
--name myLoadBalancer \
--resource-group myResourceGroup \
--query "provisioningState"
# List backend pool members
az network lb address-pool show \
--name myBackendPool \
--resource-group myResourceGroup \
--lb-name myLoadBalancer
# Check health probe status
az network lb probe show \
--name myHealthProbe \
--resource-group myResourceGroup \
--lb-name myLoadBalancer
# Test connectivity to load balancer
az network watcher test-connectivity \
--resource-group myResourceGroup \
--source-resource myVM \
--dest-address myLoadBalancerPublicIP \
--dest-port 80
# Check load balancer metrics
az monitor metrics list \
--resource /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/myLoadBalancer \
--metric "DipAvailability"Health Probe Troubleshooting
Probe Issues:
- Probe Failing: Check if application responds on probe port/path
- Wrong Path: Verify health check endpoint exists
- Port Issues: Ensure application listens on probe port
- NSG Blocking: Check NSG rules allow probe traffic
- Application Errors: Verify application returns HTTP 200
- Timeout Issues: Adjust probe interval and threshold
Backend Pool Troubleshooting
# Add VM to backend pool az network nic ip-config address-pool add \ --resource-group myResourceGroup \ --nic-name myNIC \ --ip-config-name ipconfig1 \ --lb-name myLoadBalancer \ --address-pool myBackendPool # Remove VM from backend pool az network nic ip-config address-pool remove \ --resource-group myResourceGroup \ --nic-name myNIC \ --ip-config-name ipconfig1 \ --lb-name myLoadBalancer \ --address-pool myBackendPool # Check backend pool member health az network lb show \ --name myLoadBalancer \ --resource-group myResourceGroup \ --query "backendAddressPools[0].backendIPConfigurations[0].provisioningState"
Load Balancer Monitoring
Key Metrics:
- Data Path Availability: Overall load balancer health
- Health Probe Status: Backend pool member health
- SNAT Connection Count: Outbound connection usage
- Byte Count: Data processed by load balancer
- Packet Count: Network packets processed
- SYN Count: TCP connection attempts
Advanced Load Balancing Features
Outbound Rules (Standard SKU)
# Create outbound rule az network lb outbound-rule create \ --name myOutboundRule \ --resource-group myResourceGroup \ --lb-name myLoadBalancer \ --frontend-ip-configs myFrontendIPConfig \ --backend-pool myBackendPool \ --protocol All \ --idle-timeout 4 \ --allocated-outbound-ports 1024
HA Ports (Standard SKU)
# Create HA ports rule az network lb rule create \ --name myHAPortsRule \ --resource-group myResourceGroup \ --lb-name myLoadBalancer \ --protocol All \ --frontend-port 0 \ --backend-port 0 \ --frontend-ip-name LoadBalancerFrontEnd \ --backend-pool-name myBackendPool \ --probe-name myHealthProbe
DNS and Load Balancer Integration
# Create alias record pointing to load balancer
az network dns record-set a create \
--resource-group myResourceGroup \
--zone-name mydomain.com \
--name www \
--target-resource /subscriptions/{subscription-id}/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/myLoadBalancer
# Create CNAME record for load balancer
az network dns record-set cname set-record \
--resource-group myResourceGroup \
--zone-name mydomain.com \
--record-set-name api \
--cname myLoadBalancer.eastus.cloudapp.azure.comExam Tips and Key Points
Critical Exam Knowledge:
- Azure DNS: Understand zone types, record types, and alias records
- Load Balancer SKUs: Know differences between Basic and Standard
- Health Probes: Understand probe types and configuration
- Distribution Methods: Know hash-based and affinity options
- Troubleshooting: Understand common issues and diagnostic tools
- Integration: Know how DNS and load balancers work together
- Monitoring: Understand key metrics and logging
Common Scenarios and Solutions
Real-World Scenarios:
- Web Application Load Balancing: Use public load balancer with HTTP health probes
- Database Load Balancing: Use internal load balancer for database tier
- Multi-Region DNS: Use Azure DNS with Traffic Manager for global distribution
- Session Persistence: Configure source IP affinity for stateful applications
- High Availability: Use Standard SKU with availability zones
- Outbound Connectivity: Configure outbound rules for backend servers
Summary
Name resolution and load balancing are essential services for maintaining application availability and performance. This objective covers the key aspects of Azure DNS and load balancing:
- Azure DNS configuration for public and private zones
- Load balancer creation and configuration for internal and public scenarios
- Health probe configuration and monitoring
- Load balancing troubleshooting and diagnostics
- Integration between DNS and load balancing services
- Advanced features like outbound rules and HA ports
Understanding these services is essential for Azure administrators to design, implement, and maintain highly available and performant network architectures in Azure environments.
Next Steps: Practice creating DNS zones, configuring load balancers, and setting up health probes in the Azure portal. Experiment with different load balancing scenarios and troubleshoot common issues to understand the complete DNS and load balancing ecosystem in Azure.
Related Topics
Continue your Azure administration learning journey with these related topics:
- Configure and Manage Virtual Networks - Set up VNets for load balancer deployment
- Create and Configure Azure App Service - Use custom domains and load balancing with App Service
- Create and Configure Virtual Machines - Deploy VMs behind load balancers
- Configure Secure Access to Virtual Networks - Secure load balancer and DNS access
- Monitor Resources in Azure - Monitor DNS and load balancer performance
- Automate Deployment with ARM Templates and Bicep - Deploy DNS and load balancer resources with IaC
- Manage Azure Subscriptions and Governance - Apply governance policies to network services