AD DS Auth for Azure File Shares / DNS Configuration Question

Question

Hi all, I'm setting up our environment to "enable AD DS authentication for your Azure file shares" which was just recently offered in Azure. There are couple things that you have to do to get this work and one of them is to 'Configure DNS forwarding for Azure Files". The link to do this is: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-networking-dns

As part of the setup you have to use some commands in the Azure File Hybrid PowerShell module. One of these commands is "New-AzDnsForwarder". Based on the doc, it seems that this command will (1) create 2 DNS servers in your Azure subscription and then (2) will create a Conditional Forwarder on your on-premises DNS servers for the core.windows.net domain.

I understand what needs to be done to configure DNS for AD DS authentication to work, however, I question what the New-AzDnsForwarder command does to your on-prem DNS servers. Questions like: (1) How does the command figure out which DNS servers that are in my on-prem environment (DNS servers exist on all of the internal domain controllers and there are many). (2) How does the command select which DNS server to add the Conditional Forwarder configuration to? (3) Does it configure the Conditional Forwarder on one DNS server or all of them?

I'm skeptical to run this command until I know a little bit more of what it does to my on-prem environment.

Does anybody have any detailed information on what the New-AzDnsForwarder command actually does to your Active Directory architecture?

Any feedback would be much appreciated.

dp305 · Answer

J_Bush&nbsp;&nbsp;I am actually wondering this aswell, have you ever managed to find out what this exactly does? Can't find any in-depth manual about what all those things actually do..

ibnmbodji · Answer

J_Bush&nbsp;&nbsp;Hi&nbsp;&nbsp;It will apply forwarders on all on premise DNS servers if you don't specify the&nbsp;&nbsp;OnPremDnsHostNamesparameter.&nbsp;OnPremDnsHostNamesHashSet&lt;string&gt;A manually specified list of on-premises DNS host names to create forwarders on. This parameter is useful when you do not want to apply forwarders on all on-premises DNS servers, such as when you have a range of clients with manually specified DNS names.

ibnmbodji · Answer

DP305&nbsp;Hi&nbsp;&nbsp;It will apply forwarders on all on premise DNS servers if you don't specify the&nbsp;&nbsp;OnPremDnsHostNamesparameter.&nbsp;OnPremDnsHostNamesHashSet&lt;string&gt;A manually specified list of on-premises DNS host names to create forwarders on. This parameter is useful when you do not want to apply forwarders on all on-premises DNS servers, such as when you have a range of clients with manually specified DNS names.

dp305 · Answer

ibnmbodji&nbsp;&nbsp;So if I am correct you run the "New-AzDnsForwarder" from within your Azure DNS server, where you specify your "OnPremDnsHostNames". Am I saying that correct?&nbsp;The only point I am sceptical about is does the "NewAzDnsForwarder" command also spawn new Azure DNS servers or am I seeing that wrong?&nbsp;Thanks for your answer.

ibnmbodji · Answer

DP305&nbsp;HiYou can run it everywhere&nbsp; with the right powershell module and the right credentials for your subscription . Yes you're right it's also&nbsp; mentionned in the documentation :&nbsp;&nbsp;By default,&nbsp;New-AzDnsForwarder&nbsp;deploys two DNS servers in your Azure virtual network, in an Availability Set, to ensure redundancy. This number may be modified as desired.By default, the DNS servers will be deployed into the same resource group as the virtual network.&nbsp;The doc i'm referring to&nbsp;Configuring DNS forwarding for Azure Files | Microsoft Docs

Forum Discussion

AD DS Auth for Azure File Shares / DNS Configuration Question

5 Replies

Resources