As mentioned earlier, your records will not be exposed externally by just building them in Azure, because you have to do some configurations from the domain registrar side to delegate Azure DNS. This will happen by changing the name servers used by the domain registrar by the name servers you used by the zone you have created in Azure.

If you have worked with DNS servers before, you should be aware that there are two types of DNS servers:

• Authoritative: This type can respond to the DNS queries from the records it has. For example, you might want to query mail.yourcompany.com , so you will be able to resolve this name to an IP address as long as it has a record created in your DNS zones.
• Non-Authoritative (recursive): This type can use other authoritative DNS servers to do the DNS query for it. For example, if you want to open www.packtpub.com, the authoritative DNS server will not help because it knows nothing about other domains. However, the recursive one will call the authoritative to do that for it, and as a result you can browse the website.

In a nutshell, Azure DNS is authoritative DNS. As a result, it cannot be used to translate records by any machine in your on-premises, or even Azure VMs, because they are automatically configured to use recursive DNS.