privateDnsZones
Summary
Details
Monitor Private DNS Zones health and set up alerts
Impact: High Category: Monitoring and Alerting
APRL GUID: ab896e8c-49b9-2c44-adec-98339aff7821
Description:
Use Azure Monitor to monitor Private DNS Zone query volume, record set count, and capacity metrics for Record Set, Virtual Network Link, and Virtual Network Link with auto-registration. Create alerts based on Azure Monitor Baseline Alerts for these metrics that exceed specific thresholds.
Potential Benefits:
Enhanced DNS reliability and alerting
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Use regional Private DNS Zones when there is a low recovery time objective (RTO) requirement
Impact: Medium Category: Disaster Recovery
APRL GUID: 1e02335c-1f90-fd4e-a5a5-d359c7b22d70
Description:
For business continuity scenarios with a low recovery time objective (RTO), ensure that distinct regional production and disaster recovery (DR) Private DNS Zones are configured and have identical workload and resource DNS entries. This keeps DNS resolution consistent across both zones.
Potential Benefits:
Ensures seamless failover for DNS during a regional outage
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Ensure Time-To-Live (TTL) is set appropriately to ensure RPOs can be met
Impact: High Category: Disaster Recovery
APRL GUID: 3538aa48-c40b-455b-a93b-269fe6e65be2
Description:
Azure Private DNS allows the Time-To-Live (TTL) for record sets in the zone to be set to a value between 1 and 2147483647 seconds. You should ensure that the TTL for the DNS record sets in your DNS Zones are set appropriately to meet your RPO targets.
Potential Benefits:
Ensures that no cached DNS records exist past RPO targets
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development