You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dns/sharding-private-dns-zones.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,10 +28,10 @@ Sharding mitigates this risk by ensuring DNS changes are scoped to a clearly def
28
28
> [!NOTE]
29
29
> Sharding is an architectural pattern. Azure doesn't provide a built-in feature or toggle to enable sharding.
30
30
31
-
**Figure 1: Flat private DNS zone linked to many virtual networks compared to a sharded design with zones segmented by ownership and environment**
32
-
33
31
:::image type="content" source="media/sharding-private-dns-zones/dns-shard-flat-architecture.png" alt-text="Screenshot of sharded private DNS zones design with zones segmented by ownership and environment.":::
34
32
33
+
**Figure 1: Flat private DNS zone linked to many virtual networks compared to a sharded design with zones segmented by ownership and environment**
34
+
35
35
## How sharding improves operational resiliency
36
36
37
37
In large Azure tenants, private DNS zones frequently span multiple subscriptions, regions, and application teams. When you share a single zone broadly:
@@ -63,15 +63,15 @@ Partition DNS zones by:
63
63
64
64
- Service type or workload class (for example, database)
65
65
66
-
**Table 1: Example namespace patterns and tradeoffs for common sharding strategies**
67
-
68
66
| Sharding strategy | Example zone pattern | Benefits | Tradeoffs | Best fit scenarios |
69
67
|---|---|---|---|---|
70
68
| By Team |`orders.contoso.internal`| Clear ownership, RBAC simplicity | Cross-team resolution requires planning | Large orgs with independent teams |
71
69
| By Environment |`orders.prod.contoso.internal`| Strong isolation, safe deployments | Zone duplication across environments | Regulated or CI/CD-heavy workloads |
72
70
| By Region |`orders.eastus.contoso.internal`| Regional fault isolation | More complex naming and routing | Geo-distributed applications |
73
71
| By Service Type |`db.contoso.internal`| Logical grouping by function | Risk of over-centralization | Shared platform services |
74
72
73
+
**Table 1: Example namespace patterns and tradeoffs for common sharding strategies**
74
+
75
75
**Implementation notes**
76
76
77
77
- Strategies can be combined (for example, by team + environment: `orders.prod.contoso.internal`)
@@ -130,12 +130,12 @@ Sharding doesn't require new Azure features. Implement it by using existing Priv
130
130
131
131
- This approach is recommended for hub-and-spoke or hybrid architectures.
132
132
133
-
**Figure 2: Sharded private DNS zones with selective virtual network links and centralized resolution**
134
-
135
133
:::image type="content" source="media/sharding-private-dns-zones/dns-shard-central-resolution.png" alt-text="Screenshot of sharded private DNS zones with selective virtual network links and centralized resolution.":::
136
134
137
135
:::image type="content" source="media/sharding-private-dns-zones/dns-shard-central-resolver.png" alt-text="Screenshot of sharded private DNS zones architecture with centralized resolution.":::
138
136
137
+
**Figure 2: Sharded private DNS zones with selective virtual network links and centralized resolution**
0 commit comments