In this blog post, we’ll demystify the various DNS components available in Azure - such as Private DNS Zones, DNS Private Resolvers, DNS Forwarding Rulesets, and Conditional Forwarders and explain how they fit into a well-architected landing zone. There is often confusion around what custom DNS settings virtual networks should use: should they point to on-premises domain controllers, to Azure DNS Private Resolvers endpoints? we'll walk through common design patterns and provide guidance on how to structure DNS in a scalable and secure way for enterprise-grade Azure deployments.
Updated Jun 11, 2025
Version 1.0