Configure Azure DNS and Load Balancing for AZ-104
Cover Azure DNS, internal versus public load balancers, health probes, and troubleshooting patterns relevant to AZ-104.
AZ-104 networking questions often end with one of two root causes: the name does not resolve where you think it should, or the load-balancing path is not healthy. That is why Azure DNS and load balancing appear together in the official outline.
What the exam wants you to distinguish
Azure DNS handles name resolution. Azure Load Balancer handles Layer 4 traffic distribution for internal or public scenarios. Those are different jobs. If the question is about hostnames, records, or private name resolution, think DNS first. If it is about frontend IPs, backend pools, probes, or rule behavior, think load balancing.
One useful contrast
Azure Load Balancer is the main AZ-104 load-balancing service in scope. Application Gateway and Front Door are useful broader Azure services, but they solve different Layer 7 or edge-routing problems. Do not let those products distract you from the simpler load-balancer choices this exam usually cares about.
Common traps
- choosing a public load balancer when the requirement is internal-only access
- ignoring health probes when a backend appears down
- blaming NSGs for a failure that starts with incorrect DNS records or record targets
Lab moves worth practicing
- create a public and an internal load balancer and compare the frontends
- inspect health-probe status and rule behavior
- create or review Azure DNS records, including the private DNS records tied to private endpoints
Symptom map
| Symptom | Check first | Why |
|---|---|---|
| Name resolves to the wrong IP | Azure DNS record path | Bad resolution breaks traffic before probes or rules matter |
| Backend looks down behind a load balancer | Health probe settings | Probe failure often removes the backend from service |
| Internal-only workload exposed too broadly | Frontend type | The difference between internal and public load balancers is operationally critical |
| Private endpoint traffic still goes public | Private DNS records | Name resolution must target the private IP |
Load-balancer components to recognize
| Component | Role |
|---|---|
| Frontend IP | The address clients target |
| Backend pool | The instances that receive traffic |
| Rule | The mapping between frontend traffic and backend delivery |
| Health probe | The test Azure uses to decide whether a backend should receive traffic |
If the backend is healthy in theory but receives no traffic in practice, the probe is often the first place to look.
DNS mental model for AZ-104
Public DNS answers public names. Private DNS answers private names inside the networks that are linked to the zone. Private endpoint designs often fail because the private zone exists but is not linked correctly, or because the expected record does not map the service name to the private IP. That is why DNS mistakes can look like application or firewall failures.
Quiz
Move next into Monitoring & Recovery, where these network and compute choices start surfacing in logs, alerts, and failover plans.