Forum Discussion
Azure DNS Private Resolver Query
HI All, Need help to understand more about Azure DNS Private Resolver. When Azure Private Resolver released my understanding was it is for Azure private endpoint DNS resolution from on premis...
Hi Raviraj_Nallasivam,
Thank you so much for your response, regarding Question no 2, Microsoft Azure Team has published a DNS Private Resolver service in Azure, in Azure IaaS environment i have VMs joined to the domain and there is additional domain controller VM in Azure which where as the primary domain controllers are in on-premises, as it is Additional domain controller we have installed DNS so member servers in Azure can authenticate and resolve DNS queries for other member servers in the same domain, the questions are
1. Since there is a Domain controller and has DNS service installed in a VM in Azure can we configure forwarder in Azure domain controller VM toward Azure DNS and configure on-premises DNS forwarder to Azure Domain controller which has DNS to resolve Azure DNS queries from on-premises or in this scenario we should not configure any forwarder for Azure DNS in a Domain controller DNS in Azure VM and do not configure the forwarder in the on premises DNS server we should deploy and configure Private DNS Resolver and add the inbound ip address of Private Resolver in on premises DNS server conditional forwarder.
a. if the answer is yes then in this scenario what will be the DNS configuration of additional domain controller VM in Azure if it is necessary to keep the DNS service in additional domain controllers in Azure VM
b. As we we will be using Private Resolver as well in this scenario should i remove the DNS service from additional domain controllers VM in Azure and add the DNS forwarding rule sets with domain name to rely only on Private Resolver to resolve DNS queries so domain joined member servers can resolve other domain joined member servers via Private resolver, if the answer is yes, then how domain controller authentication will happen for the member server, because there are multiple SOA and SRV records required for domain controllers in the DNS for the member server to authenticate and get the update related to group policies etc.
Thank you so much for your help and support.
Thank you so much for your response, regarding Question no 2, Microsoft Azure Team has published a DNS Private Resolver service in Azure, in Azure IaaS environment i have VMs joined to the domain and there is additional domain controller VM in Azure which where as the primary domain controllers are in on-premises, as it is Additional domain controller we have installed DNS so member servers in Azure can authenticate and resolve DNS queries for other member servers in the same domain, the questions are
1. Since there is a Domain controller and has DNS service installed in a VM in Azure can we configure forwarder in Azure domain controller VM toward Azure DNS and configure on-premises DNS forwarder to Azure Domain controller which has DNS to resolve Azure DNS queries from on-premises or in this scenario we should not configure any forwarder for Azure DNS in a Domain controller DNS in Azure VM and do not configure the forwarder in the on premises DNS server we should deploy and configure Private DNS Resolver and add the inbound ip address of Private Resolver in on premises DNS server conditional forwarder.
a. if the answer is yes then in this scenario what will be the DNS configuration of additional domain controller VM in Azure if it is necessary to keep the DNS service in additional domain controllers in Azure VM
b. As we we will be using Private Resolver as well in this scenario should i remove the DNS service from additional domain controllers VM in Azure and add the DNS forwarding rule sets with domain name to rely only on Private Resolver to resolve DNS queries so domain joined member servers can resolve other domain joined member servers via Private resolver, if the answer is yes, then how domain controller authentication will happen for the member server, because there are multiple SOA and SRV records required for domain controllers in the DNS for the member server to authenticate and get the update related to group policies etc.
Thank you so much for your help and support.