Home / Microsoft / AZ-100 / Question 85

Prev Question
Next Question

Question 85

You deployed two virtual networks (VNets) that have the following properties:

* dev-vnet-west (West US region)

* prod-vnet-east (East US region)

You configure global VNet peering to link to dev-vnet-west and prod-vnet-east VNets.

You need to ensure that virtual machines (VMs) in either VNet can resolve fully qualified domain names (FQDNs) of any other VM in Azure.

What should you do?





You should create a private zone in Azure DNS. Peered VNets are unable to support host name resolution between themselves. Therefore, you must use an external DNS solution. Azure DNS allows you to create private, non-publicly routable DNS zones that are bound to one or more VNets. The VMs in either VNet would therefore register their host records with the private Azure DNS zone, and the service handles name resolution as usual.

You should not use Azure-provided DNS in each VNet. Azure-provided DNS can resolve VM hostnames and FQDNs only within a single VNet. Moreover, the FQDNs point to the Microsoft-owned cloudapp.net DNS domain, which is likely not ideal for your use case.

You should not deploy DNS servers in each VNet and add their private IP addresses to the DNS servers list. This configuration is incomplete. You would also need to configure each DNS server to forward queries to the DNS server in the peered VNet.

You should not add service endpoints to each VNet. Service endpoints allow you to tie particular Azure services, such as storage accounts and Azure SQL databases, to a VNet.



Load more
Prev Question
Next Question