Forum Discussion
Azure - VPN from Office - DNS forwarding
Hi,
From our office we have a VPN to Azure in the firewalls. When adding a Private Endpoint to an Azure resource, using Private DNS Zones, we want that from the office, when making the connection to the DNS name of a resource, it returns the internal IP it has in Azure. For example, a CosmosDB database has the following DNS name: cosmos-test.cosmos.azure.com
The Private Endpoint has the IP 10.100.50.50
We want that from the office, where we have an Active Directory with its corresponding DNS services, when trying to connect to cosmos-test.cosmos.azure.com it returns the IP 10.100.50.50.
Is it possible to configure DNS forwarding on our office DNS so that they resolve certain domains, such as cosmos.azure.com, to Azure DNS? How do we know what those Azure DNS are?
This would be a summary scheme of our network. And this is the configuration that we have in the Virtual Networks on the DNS:
Thanks!!
- Yes this is possible. You need to configure conditional forwarders in your AD servers for those domains like cosmos.azure.com to a forwarder in Azure. The forwarder in Azure can either be a VM with DNS role or you can use the new service DNS private resolver which is easier and require less management.
