Forum Discussion
Azure DNS Private Resolver Query
HI All, Need help to understand more about Azure DNS Private Resolver. When Azure Private Resolver released my understanding was it is for Azure private endpoint DNS resolution from on premis...
Skhatri All three questions points to whether Azure Private DNS resolver is required if on prem to azure communication is not a requirement.
Azure DNS Private Resolver simplifies private DNS resolution from on-premises to Azure Private DNS and vice versa. If you want to communicate from Azure VM to on-prem environment, then it might be required.
Azure private DNS resolver is used in following scenarios
- when an on-premises server issues a DNS request to access storage account configured with Private DNS Zone(privatelink.blob.core.windows.net).
- when Azure VM issues a DNS request to access app1.onprem.company.com which resides in on-prem
For detailed information, Please take a look at https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-resolver
Please mark answer as approved if it clarifies your questions.
- Hi Raviraj_Nallasivam,
Does that mean if i do not have on premises requirement to resolve any thing from Azure and vise versa then i do not need to provision Azure DNS Private Resolver am i right.
Does that mean even if on premises needs to resolve DNS from Azure DNS and if i have an Active Directory Server VM in Azure which has a forwarder to Azure DNS and on premises has a forwarder to AD Server in Azure then i do not need to provision Azure DNS Private Resolver or i should remove forwarders from AD Servers in Azure and on premises and deploy Azure DNS Private Resolver.
Thanks
Skhatri wrote:
Hi Raviraj_Nallasivam,
Does that mean if i do not have on premises requirement to resolve any thing from Azure and vise versa then i do not need to provision Azure DNS Private Resolver am i right.Skhatri Yes, it is not required if there is no need for private DNS resolution between on-prem and Azure & vice versa.
Skhatri wrote:
Does that mean even if on premises needs to resolve DNS from Azure DNS and if i have an Active Directory Server VM in Azure which has a forwarder to Azure DNS and on premises has a forwarder to AD Server in Azure then i do not need to provision Azure DNS Private Resolver or i should remove forwarders from AD Servers in Azure and on premises and deploy Azure DNS Private Resolver.Skhatri Before Azure DNS Private Resolver was available, a DNS forwarder VM was deployed so that an on-premises server could resolve Azure Private DNS. When you use Azure DNS Private Resolver, you don't need a DNS forwarder VM, and Azure DNS is able to resolve on-premises domain names. I believe you are using forwarder VM in Azure to resolve private DNS. You setup might look like below.
Reg migration from Custom DNS forwarders to Azure private DNS resolver, you can take look at https://azure.microsoft.com/en-us/blog/announcing-azure-dns-private-resolver-general-availability/
Please mark answer as "Best Response" if it clarifies.
Regards
Raviraj.
- Hi Raviraj_Nallasivam,
Thank you so much for your response, regarding Question no 2, Microsoft Azure Team has published a DNS Private Resolver service in Azure, in Azure IaaS environment i have VMs joined to the domain and there is additional domain controller VM in Azure which where as the primary domain controllers are in on-premises, as it is Additional domain controller we have installed DNS so member servers in Azure can authenticate and resolve DNS queries for other member servers in the same domain, the questions are
1. Since there is a Domain controller and has DNS service installed in a VM in Azure can we configure forwarder in Azure domain controller VM toward Azure DNS and configure on-premises DNS forwarder to Azure Domain controller which has DNS to resolve Azure DNS queries from on-premises or in this scenario we should not configure any forwarder for Azure DNS in a Domain controller DNS in Azure VM and do not configure the forwarder in the on premises DNS server we should deploy and configure Private DNS Resolver and add the inbound ip address of Private Resolver in on premises DNS server conditional forwarder.
a. if the answer is yes then in this scenario what will be the DNS configuration of additional domain controller VM in Azure if it is necessary to keep the DNS service in additional domain controllers in Azure VM
b. As we we will be using Private Resolver as well in this scenario should i remove the DNS service from additional domain controllers VM in Azure and add the DNS forwarding rule sets with domain name to rely only on Private Resolver to resolve DNS queries so domain joined member servers can resolve other domain joined member servers via Private resolver, if the answer is yes, then how domain controller authentication will happen for the member server, because there are multiple SOA and SRV records required for domain controllers in the DNS for the member server to authenticate and get the update related to group policies etc.
Thank you so much for your help and support.
