Why does Azure DNS have both internal.cloudapp.net and a VNet unique internal.cloudapp.net?

Question

Why does Azure DNS have both internal.cloudapp.net and a VNet unique internal.cloudapp.net?

Daniel Dib 20

Hi,

When using Azure-provided DNS, using the recursive resolver at 168.63.129.16, it seems that VMs get registered both in internal.cloudapp.net, as well as a zone unique to the VNet, something like <random-string>.<region>.internal.cloudapp.net. For example, if the hostname of the VM is vm1, there will be an A-record vm1.internal.cloudapp.net, as well as as something like vm1.abc123.gvxx.internal.cloudapp.net.

Why are there two zones? Wouldn't internal.cloudapp.net be enough?

Is it to support having VMs with same name in case you setup a custom DNS server in the VNet and want to resolve FQDNs in another VNet? For example, if you have two VNets and put a custom DNS server in each, you could resolve FQDNs in the other VNet by forwarding DNS requests to the other server which could then forward it to the recursive resolver at 168.63.129.16. Is that the use case?

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

Divyesh Govaerdhanan 10,885

Hello,

Welcome to Microsoft Q&A,

When using Azure-provided DNS with the recursive resolver 168.63.129.16. Azure creates two types of DNS zones for your VMs:

internal.cloudapp.net

This is the global internal DNS zone Azure uses across all VNets.
VMs get a hostname like:
```
  vm1.internal.cloudapp.net
```
Uniqueness: This zone ensures hostnames are globally unique within the same subscription and region, but not across VNets.

<vnet-guid>.<region>.internal.cloudapp.net

This is the VNet-scoped internal DNS zone.
Hostname format:
```
  vm1.abcd1234.eastus.internal.cloudapp.net
```
The <vnet-guid> is a hashed identifier representing your VNet.

VM Name Uniqueness Within VNets

You can have the same VM name (e.g., vm1) in different VNets. Azure needs a way to disambiguate those in DNS.

If both VMs are named vm1, you'd get:

vm1.abcd1234.eastus.internal.cloudapp.net

vm1.wxyz5678.eastus.internal.cloudapp.net

But they would both map to:

vm1.internal.cloudapp.net (first one wins in global zone)

So the per-VNet zone ensures DNS resolution works even with duplicate names.

Please Upvote and accept the answer if it helps!!

Daniel Dib 20 Reputation points

2025-06-02T02:55:48.82+00:00

Thank you, Divyesh. This is helpful.

Does this mean that you can't have a VM with same name if it's the same subscription and region?
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-03T03:28:26.3066667+00:00

Hello Daniel Dib

Yes, for the internal.cloudapp.net global zone, Azure ensures hostname uniqueness within the same subscription and region. If two VNets contain VMs with the same name, only one may be registered in the global zone, potentially causing conflicts.

However, each VNet has its own VNet-specific DNS zone (<vnet-guid>.<region>.internal.cloudapp.net), allowing duplicate VM names across different VNets while maintaining proper resolution.

Share via

Why does Azure DNS have both internal.cloudapp.net and a VNet unique internal.cloudapp.net?

0 additional answers

Your answer