askvity

What is DNS Private Resolver?

Published in Azure Networking 3 mins read

A DNS Private Resolver is a service that bridges an on-premises DNS infrastructure with Azure DNS, enabling seamless name resolution between your on-premises environment and Azure private zones without the need to deploy and manage virtual machine-based DNS servers.

Understanding DNS Private Resolvers

Think of a DNS Private Resolver as a translator between your private network and Azure's private DNS zones. It facilitates querying Azure DNS private zones from your on-premises network and vice versa. Without a private resolver, you would typically need to deploy and manage DNS servers in Azure virtual machines, adding complexity and overhead.

Key Benefits

  • Simplified DNS Integration: Eliminates the need to manage VM-based DNS servers for hybrid connectivity.
  • Secure Name Resolution: Ensures secure and private resolution of domain names within your virtual network and connected on-premises networks.
  • Improved Reliability: Leverages the highly available Azure DNS infrastructure.
  • Reduced Management Overhead: Frees you from the burden of managing and maintaining DNS servers.

How it Works

  1. On-premises DNS forwards queries: Your on-premises DNS servers forward DNS queries for Azure private zones to the inbound endpoint of the DNS Private Resolver.
  2. Resolver queries Azure DNS: The DNS Private Resolver then queries Azure DNS private zones to resolve the requested names.
  3. Resolution returned: The resolved IP address is returned to the on-premises DNS server and then to the client.

Similarly, Azure resources can be configured to use the outbound endpoint of the DNS Private Resolver to query on-premises DNS servers.

Use Cases

  • Hybrid Cloud Environments: Resolve domain names hosted in Azure private zones from on-premises networks.
  • Migration to Azure: Gradually migrate applications to Azure while maintaining consistent name resolution.
  • Secure Application Connectivity: Ensure secure communication between applications running on-premises and in Azure.

Example Scenario

Imagine you have a database server in Azure with a private DNS zone entry for database.private.contoso.com. Your on-premises application needs to connect to this database server using its domain name. With a DNS Private Resolver, you can configure your on-premises DNS server to forward queries for the private.contoso.com zone to the resolver's inbound endpoint. The resolver then queries Azure DNS, resolves the IP address of the database server, and returns the IP address to your on-premises application.

Configuration

Configuring a DNS Private Resolver involves:

  1. Creating a DNS Private Resolver in your Azure subscription.
  2. Creating inbound and/or outbound endpoints within a virtual network.
  3. Configuring conditional forwarding on your on-premises DNS servers to forward queries for specific Azure private zones to the inbound endpoint of the resolver.
  4. Configuring the virtual network DNS settings to use the outbound endpoint when querying on-premises DNS.

In Summary

A DNS Private Resolver streamlines hybrid cloud DNS management by providing a secure and efficient way to resolve domain names between on-premises networks and Azure private zones, reducing complexity and improving reliability.

Related Articles