cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure DNS Private Resolver Query

Skhatri
Copper Contributor

‎Mar 19 2023 09:29 PM - edited ‎Mar 19 2023 09:30 PM

‎Mar 19 2023 09:29 PM - edited ‎Mar 19 2023 09:30 PM

Azure DNS Private Resolver Query

HI All,

 

Need help to understand more about Azure DNS Private Resolver.

 

When Azure Private Resolver released my understanding was it is for Azure private endpoint DNS resolution from on premises to Azure Private DNS, as initially we had to create a VM in Azure and in on premises DNS we have to provide Azure DNS VM IP as a forwarder in the on premises DNS, after reading Azur  Private DNS Resolver in details I now have an understanding that does not matter the on-premises environment needs it or not Private resolver should be created in the VNET and it will help to resolve DNS Queries, the exact simple question is do i have to provision it even if my on-prem environment does not need to resolve the Azure Private DNS for Private Endpoint?

 

how about in HUB/Spoke scenario do i need to provision Azure Private DNS Resolver in a HUB VNET even my on premises environment does not need to resolve the Azure Private DNS for Private Endpoint?

 

In a single subscription scenario where i do not have HUB/Spoke model i have one subscription i do not have On premises DNS resolution requirement, do I still need to provision Private Resolver? I believe not because linking to private DNS Zone will do the needful but not sure if something is changed.

 

Thanks

 

 

1,043 Views
0 Likes
6 Replies
Reply
6 Replies
Raviraj_Nallasivam

‎Mar 21 2023 11:18 AM

‎Mar 21 2023 11:18 AM

Re: Azure DNS Private Resolver Query

@Skhatri All three questions points to whether Azure Private DNS resolver is required if on prem to azure communication is not a requirement. 

 

Azure DNS Private Resolver simplifies private DNS resolution from on-premises to Azure Private DNS and vice versa. If you want to communicate from Azure VM to on-prem environment, then it might be required. 

Azure private DNS resolver is used in following scenarios

  1. when an on-premises server issues a DNS request to access storage account configured with Private DNS Zone(privatelink.blob.core.windows.net).
  2. when Azure VM issues a DNS request to access app1.onprem.company.com which resides in on-prem

For detailed information, Please take a look at https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-r...

 

Please mark answer as approved if it clarifies your questions.

0 Likes
Reply
Skhatri

‎Mar 21 2023 06:02 PM

‎Mar 21 2023 06:02 PM

Re: Azure DNS Private Resolver Query

Hi @Raviraj_Nallasivam,

Does that mean if i do not have on premises requirement to resolve any thing from Azure and vise versa then i do not need to provision Azure DNS Private Resolver am i right.

Does that mean even if on premises needs to resolve DNS from Azure DNS and if i have an Active Directory Server VM in Azure which has a forwarder to Azure DNS and on premises has a forwarder to AD Server in Azure then i do not need to provision Azure DNS Private Resolver or i should remove forwarders from AD Servers in Azure and on premises and deploy Azure DNS Private Resolver.

Thanks
0 Likes
Reply
Raviraj_Nallasivam

‎Mar 22 2023 08:21 AM

‎Mar 22 2023 08:21 AM

Re: Azure DNS Private Resolver Query

 

@Skhatri wrote:
Hi @Raviraj_Nallasivam,

Does that mean if i do not have on premises requirement to resolve any thing from Azure and vise versa then i do not need to provision Azure DNS Private Resolver am i right.

@Skhatri Yes, it is not required if there is no need for private DNS resolution between on-prem and Azure & vice versa.

 

@Skhatri wrote:
Does that mean even if on premises needs to resolve DNS from Azure DNS and if i have an Active Directory Server VM in Azure which has a forwarder to Azure DNS and on premises has a forwarder to AD Server in Azure then i do not need to provision Azure DNS Private Resolver or i should remove forwarders from AD Servers in Azure and on premises and deploy Azure DNS Private Resolver.

@Skhatri Before Azure DNS Private Resolver was available, a DNS forwarder VM was deployed so that an on-premises server could resolve Azure Private DNS. When you use Azure DNS Private Resolver, you don't need a DNS forwarder VM, and Azure DNS is able to resolve on-premises domain names. I believe you are using forwarder VM in Azure to resolve private DNS. You setup might look like below.

dns-forwarder-architecture.png

 

Reg migration from Custom DNS forwarders to Azure private DNS resolver, you can take look at https://azure.microsoft.com/en-us/blog/announcing-azure-dns-private-resolver-general-availability/

 

Please mark answer as "Best Response" if it clarifies. 

 

Regards

Raviraj.

 

0 Likes
Reply
Skhatri

‎Mar 23 2023 01:48 PM

‎Mar 23 2023 01:48 PM

Re: Azure DNS Private Resolver Query

Hi @Raviraj_Nallasivam,

Thank you so much for your response, regarding Question no 2, Microsoft Azure Team has published a DNS Private Resolver service in Azure, in Azure IaaS environment i have VMs joined to the domain and there is additional domain controller VM in Azure which where as the primary domain controllers are in on-premises, as it is Additional domain controller we have installed DNS so member servers in Azure can authenticate and resolve DNS queries for other member servers in the same domain, the questions are

1. Since there is a Domain controller and has DNS service installed in a VM in Azure can we configure forwarder in Azure domain controller VM toward Azure DNS and configure on-premises DNS forwarder to Azure Domain controller which has DNS to resolve Azure DNS queries from on-premises or in this scenario we should not configure any forwarder for Azure DNS in a Domain controller DNS in Azure VM and do not configure the forwarder in the on premises DNS server we should deploy and configure Private DNS Resolver and add the inbound ip address of Private Resolver in on premises DNS server conditional forwarder.
a. if the answer is yes then in this scenario what will be the DNS configuration of additional domain controller VM in Azure if it is necessary to keep the DNS service in additional domain controllers in Azure VM
b. As we we will be using Private Resolver as well in this scenario should i remove the DNS service from additional domain controllers VM in Azure and add the DNS forwarding rule sets with domain name to rely only on Private Resolver to resolve DNS queries so domain joined member servers can resolve other domain joined member servers via Private resolver, if the answer is yes, then how domain controller authentication will happen for the member server, because there are multiple SOA and SRV records required for domain controllers in the DNS for the member server to authenticate and get the update related to group policies etc.

Thank you so much for your help and support.
0 Likes
Reply
Skhatri

‎Apr 05 2023 03:52 PM

‎Apr 05 2023 03:52 PM

Re: Azure DNS Private Resolver Query

Hi @Raviraj_Nallasivam,

Can you please help.

Thanks
0 Likes
Reply
Skhatri

‎Apr 11 2023 11:50 PM

‎Apr 11 2023 11:50 PM

Re: Azure DNS Private Resolver Query

Hi @harsh740

Please review my question, i get that it is secure and so on, i have asked the question in the community to know the answer based on the specific scenario, it will be great if you or some one else can please read the question and help me to get the answer.
0 Likes
Reply