Forum Discussion
What is impact of Azure Firewall update from default to custom DNS on other Vnets routing to FW
I have 4 Azure Vnets, One Prod(VMs and AKS), 2nd Dev(VMs and AKS), 3rd(Domain Controllers), 4th Azure Firewall and Application gateway. External traffic is only come from 4th Vnet resources....
Below the potential impact on Prod VNet Apps (No DNS Changes Yet) and highlight:
1. Domain Controller Resolution
• No impact if Prod VMs still point directly to the domain controllers for DNS.
• They’ll continue resolving internal names (AD, internal FQDNs) as before.
• Azure Firewall won’t interfere unless you change their DNS settings to point to the firewall.
2. Access to Azure Resources (SQL, Storage, etc.)
• No impact unless those resources require DNS resolution that’s being filtered or cached by the firewall.
• Since Prod VMs are still using domain controller DNS directly, they’ll resolve public Azure endpoints via forwarders or default behavior of the domain controller.