Azure - VPN from Office - DNS forwarding

Brass Contributor



From our office we have a VPN to Azure in the firewalls. When adding a Private Endpoint to an Azure resource, using Private DNS Zones, we want that from the office, when making the connection to the DNS name of a resource, it returns the internal IP it has in Azure. For example, a CosmosDB database has the following DNS name:
The Private Endpoint has the IP
We want that from the office, where we have an Active Directory with its corresponding DNS services, when trying to connect to it returns the IP

Is it possible to configure DNS forwarding on our office DNS so that they resolve certain domains, such as, to Azure DNS? How do we know what those Azure DNS are?

This would be a summary scheme of our network. And this is the configuration that we have in the Virtual Networks on the DNS:











2 Replies
Yes this is possible. You need to configure conditional forwarders in your AD servers for those domains like to a forwarder in Azure. The forwarder in Azure can either be a VM with DNS role or you can use the new service DNS private resolver which is easier and require less management.


Yes, as long as the network is allowed