Azure DNS resolver

Andrea 236 Reputation points
2024-07-03T12:58:22.4633333+00:00

Hi guys,

I 've configured an VPN S2S from on prem where there are windows domain with 2 forest, each forest has two domains (and Domain Controllers with DNS service zone integrated), to Azure cloud with a tenant of test where there is an hub&spoke solution with a lot of subscriptions.

Now I need to provide a DNS resolution and, instead of deploy new VMs with AD+DNS replicated, I'd like to test Azure DNS Resolver but, before to deploy it, I need to understand the costs of this solution. So how can I identify the number of endpoint (in egress and ingress) and how many Resolver I need to deploy in my tenant?

thanks!

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
690 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,581 Reputation points Microsoft Employee
    2024-07-03T14:53:56.86+00:00

    Hello @Andrea ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to understand the costs associated with Azure DNS private resolver.

    Azure DNS Private Resolver is a multitenant service but has some restrictions and limits that you need to consider. Below are some of the important restrictions that you should consider:

    • DNS Private Resolver rule sets can only be linked to virtual networks that are within the same geographical region as the resolver.
    • A virtual network can't contain more than one DNS private resolver.
    • When you link a ruleset to a virtual network, resources within that virtual network use the DNS forwarding rules enabled in the ruleset. A ruleset can be linked to up to 500 virtual networks in the same region.
    • You can also link a ruleset to a virtual network in another Azure subscription. However, the resource group specified must be in the same region as the private resolver.
    • A single ruleset can be associated with up to 2 outbound endpoints belonging to the same DNS Private Resolver instance. It can't be associated with 2 outbound endpoints in two different DNS Private Resolver instances.
    • Rule processing: https://learn.microsoft.com/en-us/azure/dns/private-resolver-endpoints-rulesets#rule-processing

    Refer: https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns

    https://learn.microsoft.com/en-us/azure/dns/private-resolver-endpoints-rulesets

    https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview#restrictions

    https://learn.microsoft.com/en-us/azure/architecture/networking/architecture/azure-dns-private-resolver

    https://learn.microsoft.com/en-us/azure/dns/private-resolver-architecture

    For Azure DNS Private Resolver pricing, you can refer: https://azure.microsoft.com/en-in/pricing/details/dns/

    And also use the Pricing calculator to get the actual cost:

    https://azure.microsoft.com/en-us/pricing/calculator/

    User's image

    So, if all your Azure Vnets are in a single region, you can use a single Azure DNS Private Resolver with a single inbound and outbound endpoint to link all your Vnets to it for dns resolution. The number of rulesets could vary depending upon your requirement.

    But if you have Vnets in multiple regions, then a single Azure DNS Private Resolver will not work. You will need an Azure DNS Private Resolver for each region.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.