diff --git a/.gitignore b/.gitignore
index 81e6bae..a1c2d20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 **/.terraform
-**/*.tfstate
\ No newline at end of file
+**/*.tfstate
+.DS_Store
diff --git a/step1-aks/dev.auto.tfvars b/step1-aks/dev.auto.tfvars
index 9baed83..71c64ba 100644
--- a/step1-aks/dev.auto.tfvars
+++ b/step1-aks/dev.auto.tfvars
@@ -122,8 +122,14 @@ vnet {
 }
 
 dns_zone {
-    name        = "thedemo.biz"
-    zone_type   = "Public"
+    external {
+        name        = "thedemo.biz"
+        zone_type   = "Public"
+    }
+    internal {
+        name        = "aks.internal"
+        zone_type   = "Private"
+    }
 }
 
 analytics_workspace_name = "aks"
\ No newline at end of file
diff --git a/step1-aks/gg b/step1-aks/gg
new file mode 100644
index 0000000..e69de29
diff --git a/step1-aks/main.tf b/step1-aks/main.tf
index 267a4d8..447fa69 100644
--- a/step1-aks/main.tf
+++ b/step1-aks/main.tf
@@ -18,10 +18,10 @@ module "monitoring_workspace" {
 
 # Register the Azure dns service to an existing domain name
 module "azure_dns" {
-    source                  = "modules/azure_dns"
+    source                              = "modules/azure_dns"
     
-    resource_group_name     = "${module.resource_group.names["networking"]}"
-    dns_zone                = "${var.dns_zone}"
+    resource_group_name                 = "${module.resource_group.names["networking"]}"
+    dns_zone                            = "${var.dns_zone["external"]}"
 }
 
 module "aks_primary" {
@@ -32,7 +32,7 @@ module "aks_primary" {
     resource_group_names        = "${module.resource_group.names}"
     log_analytics_workspace_id  = "${module.monitoring_workspace.id}"
     aks_map                     = "${var.aks_map["primary"]}"
-    dns_zone                    = "${var.dns_zone}"             # to be replaced by output variable
+    dns_zone                    = "${var.dns_zone["internal"]}"           
     location                    = "${var.location_map["primary"]}"
     vnet                        = "${var.vnet["primary"]}"
     subnets                     = "${var.subnets["primary"]}"
@@ -48,10 +48,11 @@ module "aks_secondary" {
     resource_group_names        = "${module.resource_group.names}"
     log_analytics_workspace_id  = "${module.monitoring_workspace.id}"
     aks_map                     = "${var.aks_map["secondary"]}"
-    dns_zone                    = "${var.dns_zone}"             # to be replaced by output variable
+    dns_zone                    = "${var.dns_zone["internal"]}"           
     location                    = "${var.location_map["secondary"]}"
     vnet                        = "${var.vnet["secondary"]}"
     subnets                     = "${var.subnets["secondary"]}"
     waf_configuration_map       = "${var.waf_configuration_map["secondary"]}"
     aks_service_principal       = "${var.aks_service_principal["secondary"]}"
-}
\ No newline at end of file
+}
+
diff --git a/step1-aks/modules/aks/main.tf b/step1-aks/modules/aks/main.tf
index ac62c95..497584f 100644
--- a/step1-aks/modules/aks/main.tf
+++ b/step1-aks/modules/aks/main.tf
@@ -19,6 +19,7 @@ provider "kubernetes" {
 }
 
 data "kubernetes_service" "nginx-ingress" {
+    
     depends_on = ["helm_release.nginx_ingress"]
     
     metadata {
diff --git a/step1-aks/modules/aks/variables.tf b/step1-aks/modules/aks/variables.tf
index 6336d57..abc4209 100644
--- a/step1-aks/modules/aks/variables.tf
+++ b/step1-aks/modules/aks/variables.tf
@@ -58,3 +58,4 @@ variable "default_dns_name" {
 variable "location" {
   
 }
+
diff --git a/step1-aks/modules/azure_dns/dns_zone.tf b/step1-aks/modules/azure_dns/dns_zone.tf
index b9fef72..e7593c1 100644
--- a/step1-aks/modules/azure_dns/dns_zone.tf
+++ b/step1-aks/modules/azure_dns/dns_zone.tf
@@ -1,5 +1,8 @@
 resource "azurerm_dns_zone" "dns" {
-  name                = "${var.dns_zone["name"]}"
-  resource_group_name = "${data.azurerm_resource_group.rg.name}"
-  zone_type           = "${var.dns_zone["zone_type"]}"
+  name                              = "${var.subdomain}${var.dns_zone["name"]}"
+  resource_group_name               = "${var.resource_group_name}"
+  zone_type                         = "${var.dns_zone["zone_type"]}"
+
+  resolution_virtual_network_ids    = ["${var.resolution_virtual_network_ids}"]
+  registration_virtual_network_ids  = ["${var.registration_virtual_network_ids}"]
 }
\ No newline at end of file
diff --git a/step1-aks/modules/azure_dns/main.tf b/step1-aks/modules/azure_dns/main.tf
index 1018679..fd40910 100644
--- a/step1-aks/modules/azure_dns/main.tf
+++ b/step1-aks/modules/azure_dns/main.tf
@@ -1,6 +1,4 @@
-data "azurerm_resource_group" "rg" {
-    name = "${var.resource_group_name}"
-}
+
 
 
 
diff --git a/step1-aks/modules/azure_dns/output.tf b/step1-aks/modules/azure_dns/output.tf
new file mode 100644
index 0000000..e5fc2e4
--- /dev/null
+++ b/step1-aks/modules/azure_dns/output.tf
@@ -0,0 +1,3 @@
+output "dns_ready" {
+  value = "true"
+}
diff --git a/step1-aks/modules/azure_dns/variables.tf b/step1-aks/modules/azure_dns/variables.tf
index 4643dc2..2a38e9d 100644
--- a/step1-aks/modules/azure_dns/variables.tf
+++ b/step1-aks/modules/azure_dns/variables.tf
@@ -6,3 +6,23 @@ variable "dns_zone" {
     type = "map"
 }
 
+variable "subdomain" {
+    description = "(Optional) Sub-domain to add in the form of 'subname.'"
+    default = ""
+}
+
+
+variable "resolution_virtual_network_ids" {
+    description = "(Optional) A list of Virtual Network ID's that resolve records in this DNS zone. This field can only be set when zone_type is set to Private."
+    type = "list"
+    default = []
+    
+}
+
+variable "registration_virtual_network_ids" {
+    description = " (Optional) A list of Virtual Network ID's that register hostnames in this DNS zone. This field can only be set when zone_type is set to Private."
+    type = "list"
+    default = []
+}
+
+
diff --git a/step1-aks/modules/bastion/variables.tf b/step1-aks/modules/bastion/variables.tf
index b4c99e0..dac27eb 100644
--- a/step1-aks/modules/bastion/variables.tf
+++ b/step1-aks/modules/bastion/variables.tf
@@ -27,3 +27,4 @@ variable "default_location" {
 variable "resource_group_name" {
   
 }
+
diff --git a/step1-aks/modules/blueprint_aks/blueprint_aks.tf b/step1-aks/modules/blueprint_aks/blueprint_aks.tf
index 1767021..728a6b9 100644
--- a/step1-aks/modules/blueprint_aks/blueprint_aks.tf
+++ b/step1-aks/modules/blueprint_aks/blueprint_aks.tf
@@ -37,7 +37,7 @@ module "vnet_and_subnets" {
     prefix                  = "${var.prefix}"
     vnet                    = "${var.vnet}"
     subnets                 = "${var.subnets}"
-  
+    dns_zone                = "${var.dns_zone}"
 }
 
 
@@ -75,6 +75,7 @@ module "aks_cluster" {
     default_dns_name            = "${var.dns_zone["name"]}"
 }
 
+
 module "bastion" {
     source              = "../bastion"
 
diff --git a/step1-aks/modules/blueprint_aks/output.tf b/step1-aks/modules/blueprint_aks/output.tf
new file mode 100755
index 0000000..e69de29
diff --git a/step1-aks/modules/networking/main.tf b/step1-aks/modules/networking/main.tf
old mode 100644
new mode 100755
index fd2c3b1..e69de29
--- a/step1-aks/modules/networking/main.tf
+++ b/step1-aks/modules/networking/main.tf
@@ -1,3 +0,0 @@
-data "azurerm_resource_group" "rg" {
-    name = "${var.resource_group_name}"
-}
\ No newline at end of file
diff --git a/step1-aks/modules/networking/networking.tf b/step1-aks/modules/networking/networking.tf
index e25f00b..c7962a0 100644
--- a/step1-aks/modules/networking/networking.tf
+++ b/step1-aks/modules/networking/networking.tf
@@ -3,7 +3,7 @@
 
 resource "azurerm_virtual_network" "vnet" {
     name                    = "${var.vnet["name"]}"
-    resource_group_name     = "${data.azurerm_resource_group.rg.name}"
+    resource_group_name     = "${var.resource_group_name}"
     location                = "${var.location}"
     address_space           = ["${var.vnet["address_space"]}"]
 }
@@ -15,7 +15,7 @@ locals {
 resource "azurerm_subnet" "subnets" {
     count                   = "${length(var.subnets)}"
     name                    = "${var.subnets[element(local.subnet_list, count.index)]}"
-    resource_group_name     = "${data.azurerm_resource_group.rg.name}"
+    resource_group_name     = "${var.resource_group_name}"
     virtual_network_name    = "${azurerm_virtual_network.vnet.name}"
     address_prefix          = "${lookup(var.vnet, var.subnets[element(local.subnet_list, count.index)])}"
 }
diff --git a/step1-aks/modules/networking/private_dns.tf b/step1-aks/modules/networking/private_dns.tf
new file mode 100644
index 0000000..426f789
--- /dev/null
+++ b/step1-aks/modules/networking/private_dns.tf
@@ -0,0 +1,9 @@
+# Internal DNS used to host the applications published through the ingress controller
+module "azure_dns_internal" {
+    source                              = "../azure_dns"
+    
+    resource_group_name                 = "${var.resource_group_name}"
+    dns_zone                            = "${var.dns_zone}"
+    subdomain                           = "${var.location}."
+    resolution_virtual_network_ids      = ["${azurerm_virtual_network.vnet.id}"]
+}
\ No newline at end of file
diff --git a/step1-aks/modules/networking/variables.tf b/step1-aks/modules/networking/variables.tf
index 9a72756..8246724 100644
--- a/step1-aks/modules/networking/variables.tf
+++ b/step1-aks/modules/networking/variables.tf
@@ -19,3 +19,7 @@ variable "vnet" {
 variable "location" {
   
 }
+
+variable "dns_zone" {
+    type = "map"
+}