question

WojciechRaski-6175 avatar image
0 Votes"
WojciechRaski-6175 asked GauravChauhan-6346 answered

Azure Private DNS Zone - Child Zone from On-Prem DNS resolution

Hello,
I need some assistance with setting up resolution for a Private DNS Zone.
I have encountered a problem when creating the conditional forwarder. The reason is that:
- I have a zone on my Active Directory DNS server called contoso.com
- I have created an Azure Private DNS Zone called dev.project.contoso.com
Creating conditional forwarders for dev.project.contonso.com is not supported in this scenario and I'm looking at other options.

I have tried with a delegation - Azure DNS 168.63.129.16 is not recognized as authorized for the zone so this won't work.
Another option is a stub zone - but it will be replicated across all my DNS, including the on-premises ones and as we know, on-premises servers won't be able to reach the Azure DNS server.
And the last option I can think of is to simply create a DNS zone dev.project.contoso.com on-premises and update the records manually, though if there will be many records it will be a nightmare.

Any advice?
Kind regards,
Wojciech

azure-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @WojciechRaski-6175 ,

Apologies for the delay in response.

Conditional forwarding isn't currently natively supported for Azure Private DNS.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview#other-considerations
https://feedback.azure.com/forums/217313-networking/suggestions/36317164-azure-private-dns-zone-resolution-from-onpremise#{toggle_previous_statuses}

Azure Private DNS manages and resolves domain names in the virtual network and provides hostname resolution between virtual networks using virtual network peering.
To enable resolution between Azure and on-premises networks, see Name resolution for VMs and role instances.

If you need resolution of Azure hostnames from on-premises computers, you need to forward queries to a customer-managed DNS proxy server in the corresponding virtual network, the proxy server forwards queries to Azure for resolution.

If you need resolution of Azure Private Endpoints from your on-premises, you can use your DNS forwarder to override the DNS resolution for a private link resource.
Reference : https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GauravChauhan-6346 avatar image
0 Votes"
GauravChauhan-6346 answered

@WojciechRaski-6175 - Hello! Similar setup... Initially, I was trying to conditionally forward DNS traffic to the DNS forwarder VM's private IP address (with site-2-site VPN tunnel configured between on-prem and Azure) running in Azure (on-prem zone : xyz.com, private DNS zone : abc.xyz.com), which would then forward traffic to Azure wire server (168.63.129.16), which would then query the private DNS zone but then I ran in to this article which discussed the conditional forwarding from on-prem limitation. That said, I was curious to know which way you went to get around this challenge.

Thanks,
Gaurav

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.