privateDnsZones
Summary
Details
Monitor Private DNS Zones health and set up alerts
Impact: Medium Category: Monitoring and Alerting
APRL GUID: ab896e8c-49b9-2c44-adec-98339aff7821
Description:
Use Azure Monitor to monitor Private DNS Zone query volume, record set count, and capacity metrics for Record Set, Virtual Network Link, and Virtual Network Link with auto-registration. Create alerts based on Azure Monitor Baseline Alerts for these metrics that exceed specific thresholds.
Potential Benefits:
Enhanced DNS reliability and alerting
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Ensure Time-To-Live (TTL) is set appropriately to ensure RTOs can be met
Impact: Medium Category: Disaster Recovery
APRL GUID: 3538aa48-c40b-455b-a93b-269fe6e65be2
Description:
Azure Private DNS allows the Time-To-Live (TTL) for record sets in the zone to be set to a value between 1 and 2147483647 seconds. You should ensure that the TTL for the DNS record sets in your DNS Zones are set appropriately to meet your RTO targets.
Potential Benefits:
Ensures that no cached DNS records exist past RTO targets
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Use virtual network links to link global Private DNS Zones to VNETs in two or more regions
Impact: High Category: High Availability
APRL GUID: a2341513-2ab8-4aa1-b100-302e54640f18
Description:
DNS private zones are resilient to regional outages because zone data is globally available. Resource records in a private zone are automatically replicated across regions. Linking a Private DNS Zone to VNETs in multiple regions increases availability and resiliency.
Potential Benefits:
Ensures seamless failover for DNS during a regional outage
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development