Azure - VPN from Office - DNS forwarding

Brass Contributor

Hi,

 

From our office we have a VPN to Azure in the firewalls. When adding a Private Endpoint to an Azure resource, using Private DNS Zones, we want that from the office, when making the connection to the DNS name of a resource, it returns the internal IP it has in Azure. For example, a CosmosDB database has the following DNS name: cosmos-test.cosmos.azure.com
The Private Endpoint has the IP 10.100.50.50
We want that from the office, where we have an Active Directory with its corresponding DNS services, when trying to connect to cosmos-test.cosmos.azure.com it returns the IP 10.100.50.50.

Is it possible to configure DNS forwarding on our office DNS so that they resolve certain domains, such as cosmos.azure.com, to Azure DNS? How do we know what those Azure DNS are?

This would be a summary scheme of our network. And this is the configuration that we have in the Virtual Networks on the DNS:

 

mgfeal_0-1684759212999.jpeg

 

 

 

mgfeal_1-1684759110443.png

 

 

Thanks!!

 

2 Replies
Yes this is possible. You need to configure conditional forwarders in your AD servers for those domains like cosmos.azure.com to a forwarder in Azure. The forwarder in Azure can either be a VM with DNS role or you can use the new service DNS private resolver which is easier and require less management.

@mgfeal 

Yes, as long as the network is allowed