SOLVED

Outbound endpoint ip address of Azure DNS Private Resolver

Copper Contributor

Hi,

 

we need to find out the ip address that's used in the outbound endpoint of Private Resolver for configuring our onPrem firewall. 

We cannot find anything about this in the docs or in Azure portal. 

 

How to find it?

 

Regards

Sven

5 Replies
The question is not very clear, Can you elaborate on the scenario along with the problem statement

Hi,

thanks for your reply.
I'll try to explain the scenario. We want to try the usage of Private DNS Resolver. It should forward DNS traffic to our on-premises DNS servers. However, we have a firewall on premises that needs to be configured to let the DNS traffic pass. Currently, the firewall is blocking DNS forwarding traffic. 

The Azure Portal does not allow to view the IP address of the outbound endpoint.

Now my question again: Which IP address(es) do we have to enable in the firewall to allow DNS traffic passing through?

Outbound endpoint in the private resolver does not allocate any IP address (Unlike the inbound endpoint). It should be linked with a DNS forwarding ruleset where you specify the DNS server that you will forward the traffic to (Can be Azure VM or on-prem). This is documented here: https://learn.microsoft.com/en-us/azure/dns/private-resolver-endpoints-rulesets#outbound-endpoints

@anas86 

Thanks for your reply. I already know everything that's in the documentation. However, this is not very helpful.

The main key about the outgoing ip address is missing.

We need to know this because we have a firewall onprem that needs to be configured in order to let the DNS traffic pass through .

So currently, it is really unclear which ip address must be whitelisted in the firewall.

 

best response confirmed by SvenGloeckner5 (Copper Contributor)
Solution

Try to answer my own question.

The correct answer is, that outbound there is no dedicated IP address. Instead, outbound endpoint uses dynamically allocated IP addresses. This also implicates that one has to allow IP address ranges for the on-premises firewall to get it working correctly.

1 best response

Accepted Solutions
best response confirmed by SvenGloeckner5 (Copper Contributor)
Solution

Try to answer my own question.

The correct answer is, that outbound there is no dedicated IP address. Instead, outbound endpoint uses dynamically allocated IP addresses. This also implicates that one has to allow IP address ranges for the on-premises firewall to get it working correctly.

View solution in original post