AZ-104 · Question #531
AZ-104 Question #531: Real Exam Question with Answer & Explanation
This hotspot question tests understanding of Azure Private DNS zone resolution across peered VNETs, custom DNS server configurations, and how DNS queries are resolved when VNETs are linked or unlinked to a private DNS zone.
Question
Hotspot Question You have the Azure virtual machines shown in the following table. VNET1, VNET2, and VNET3 are peered. VNET1 and VNET2 are linked to an Azure private DNS zone named contoso.com that contains the records shown in the following table. The virtual networks are configured to use the DNS servers shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantyes_no
Explanation
This hotspot question tests understanding of Azure Private DNS zone resolution across peered VNETs, custom DNS server configurations, and how DNS queries are resolved when VNETs are linked or unlinked to a private DNS zone.
Approach. To resolve names in a private DNS zone (contoso.com), a VNET must be linked to that zone OR use a DNS server (like Azure DNS forwarder at 168.63.129.16) that can resolve it. VNET1 and VNET2 are directly linked to contoso.com, so VMs in those VNETs can resolve records in the zone using Azure's default DNS (168.63.129.16). VNET3 is NOT linked to contoso.com, so even though it is peered with VNET1 and VNET2, it cannot resolve contoso.com records unless it uses a custom DNS server that forwards queries to Azure DNS (168.63.129.16). VNET peering alone does NOT grant DNS resolution from private DNS zones - the VNET must be explicitly linked. If VNET3 uses a custom DNS server IP (not 168.63.129.16), it loses access to Azure Private DNS resolution entirely unless that custom DNS server is configured to forward to Azure DNS.
Concept tested. Azure Private DNS zone resolution requires explicit VNET linking, not just VNET peering. VMs in a VNET that is not linked to the private DNS zone cannot resolve records in that zone via Azure's built-in DNS (168.63.129.16). Custom DNS servers must forward to 168.63.129.16 for Azure Private DNS to work. VNET peering enables network connectivity but does NOT extend private DNS zone resolution to unlinked VNETs.
Reference. https://learn.microsoft.com/en-us/azure/dns/private-dns-overview
Topics
Community Discussion
No community discussion yet for this question.