What is impact of Azure Firewall update from default to custom DNS on other Vnets routing to FW

%3CLINGO-SUB%20id%3D%22lingo-sub-2152709%22%20slang%3D%22en-US%22%3EWhat%20is%20impact%20of%20Azure%20Firewall%20update%20from%20default%20to%20custom%20DNS%20on%20other%20Vnets%20routing%20to%20FW%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2152709%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EI%20have%204%20Azure%20Vnets%2C%20One%20Prod(VMs%20and%20AKS)%2C%202nd%20Dev(VMs%20and%20AKS)%2C%203rd(Domain%20Controllers)%2C%204th%20Azure%20Firewall%20and%20Application%20gateway.%20External%20traffic%20is%20only%20come%20from%204th%20Vnet%20resources.%20Vnets%20peering%20is%20set%20from%201to4%2C%202to4%2C%203to4%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3ERoute%20table%20from%201st%2C%202nd%2C%203rd%20vnets%20are%20set%20to%20Azure%20Firewall%20private%20IP.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EAll%20Vnets%20have%20DNS%20server%20added%20of%20Domain%20controller%20private%20IPs.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EAzure%20firewall%20has%20DNS%20setting%20disabled.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EI%20am%20going%20to%20enable%20Firewall%20DNS%20settings%20and%20add%20the%20Domain%20Controllers%20DNS%20and%20enable%20DNS%20proxy.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EFor%20testing%2C%20I%20am%20going%20to%20add%20Firewall%20private%20IP%20in%20DNS%20of%20%3CSTRONG%3EDev%3C%2FSTRONG%3E%20Vnet%20and%20restart%20VMs.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EBut%20I%20did%20not%20added%20this%20in%20Prod%20Vnet.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22bi6gxh9e%22%3E%3CDIV%20class%3D%22_1mf%20_1mj%22%3E%3CSPAN%3EWhat%20will%20be%20the%20impact%20on%20Prod%20Vnet%26nbsp%3B%20Apps%20if%20they%20are%20trying%20to%20resolve%20IPs%20from%20domain%20controller%3F%20What%20will%20be%20the%20impact%20of%20Prod%20apps%20if%20they%20are%20trying%20to%20access%20azure%20resources(SQL%2C%20storage%20account)%3F%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2152709%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20DNS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Firewall%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor
 
 
I have 4 Azure Vnets, One Prod(VMs and AKS), 2nd Dev(VMs and AKS), 3rd(Domain Controllers), 4th Azure Firewall and Application gateway. External traffic is only come from 4th Vnet resources. Vnets peering is set from 1to4, 2to4, 3to4,
 
Route table from 1st, 2nd, 3rd vnets are set to Azure Firewall private IP.
 
All Vnets have DNS server added of Domain controller private IPs.
 
Azure firewall has DNS setting disabled.
 
I am going to enable Firewall DNS settings and add the Domain Controllers DNS and enable DNS proxy.
 
For testing, I am going to add Firewall private IP in DNS of Dev Vnet and restart VMs.
 
But I did not added this in Prod Vnet.
What will be the impact on Prod Vnet  Apps if they are trying to resolve IPs from domain controller? What will be the impact of Prod apps if they are trying to access azure resources(SQL, storage account)?
0 Replies