Forum Discussion
Skhatri
Mar 20, 2023Copper Contributor
Azure DNS Private Resolver Query
HI All,
Need help to understand more about Azure DNS Private Resolver.
When Azure Private Resolver released my understanding was it is for Azure private endpoint DNS resolution from on premises to Azure Private DNS, as initially we had to create a VM in Azure and in on premises DNS we have to provide Azure DNS VM IP as a forwarder in the on premises DNS, after reading Azur Private DNS Resolver in details I now have an understanding that does not matter the on-premises environment needs it or not Private resolver should be created in the VNET and it will help to resolve DNS Queries, the exact simple question is do i have to provision it even if my on-prem environment does not need to resolve the Azure Private DNS for Private Endpoint?
how about in HUB/Spoke scenario do i need to provision Azure Private DNS Resolver in a HUB VNET even my on premises environment does not need to resolve the Azure Private DNS for Private Endpoint?
In a single subscription scenario where i do not have HUB/Spoke model i have one subscription i do not have On premises DNS resolution requirement, do I still need to provision Private Resolver? I believe not because linking to private DNS Zone will do the needful but not sure if something is changed.
Thanks
- Raviraj_NallasivamCopper Contributor
Skhatri All three questions points to whether Azure Private DNS resolver is required if on prem to azure communication is not a requirement.
Azure DNS Private Resolver simplifies private DNS resolution from on-premises to Azure Private DNS and vice versa. If you want to communicate from Azure VM to on-prem environment, then it might be required.
Azure private DNS resolver is used in following scenarios
- when an on-premises server issues a DNS request to access storage account configured with Private DNS Zone(privatelink.blob.core.windows.net).
- when Azure VM issues a DNS request to access app1.onprem.company.com which resides in on-prem
For detailed information, Please take a look at https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-resolver
Please mark answer as approved if it clarifies your questions.
- SkhatriCopper ContributorHi Raviraj_Nallasivam,
Does that mean if i do not have on premises requirement to resolve any thing from Azure and vise versa then i do not need to provision Azure DNS Private Resolver am i right.
Does that mean even if on premises needs to resolve DNS from Azure DNS and if i have an Active Directory Server VM in Azure which has a forwarder to Azure DNS and on premises has a forwarder to AD Server in Azure then i do not need to provision Azure DNS Private Resolver or i should remove forwarders from AD Servers in Azure and on premises and deploy Azure DNS Private Resolver.
Thanks- Raviraj_NallasivamCopper Contributor
Skhatri wrote:
Hi Raviraj_Nallasivam,
Does that mean if i do not have on premises requirement to resolve any thing from Azure and vise versa then i do not need to provision Azure DNS Private Resolver am i right.Skhatri Yes, it is not required if there is no need for private DNS resolution between on-prem and Azure & vice versa.
Skhatri wrote:
Does that mean even if on premises needs to resolve DNS from Azure DNS and if i have an Active Directory Server VM in Azure which has a forwarder to Azure DNS and on premises has a forwarder to AD Server in Azure then i do not need to provision Azure DNS Private Resolver or i should remove forwarders from AD Servers in Azure and on premises and deploy Azure DNS Private Resolver.Skhatri Before Azure DNS Private Resolver was available, a DNS forwarder VM was deployed so that an on-premises server could resolve Azure Private DNS. When you use Azure DNS Private Resolver, you don't need a DNS forwarder VM, and Azure DNS is able to resolve on-premises domain names. I believe you are using forwarder VM in Azure to resolve private DNS. You setup might look like below.
Reg migration from Custom DNS forwarders to Azure private DNS resolver, you can take look at https://azure.microsoft.com/en-us/blog/announcing-azure-dns-private-resolver-general-availability/
Please mark answer as "Best Response" if it clarifies.
Regards
Raviraj.