Azure DNS Forwader with Private Zone and Resolver Issues

Christian Nicholson 21 Reputation points

I'm currently trying to setup a hybrid lab to use a VDI solution with AVD, I've gotten everything else working but there are some onprem remnants that I need to resolve DNS for to access some assets in the onprem lab from Azure.

I've configured both a private zone and resolver according to the documentation, the onprem environment is liked via a Site-Site tunnel. I can access everything normally onprem via the hybrid tunnel via IP, I can also resolve DNS if I do nslookup as an example and specify to use the onprem DNS server, however if I try to resolve the DNS normally without explicitly specifying the onprem server, I get a timeout when trying to resolve any of the onprem devices, but not when trying to resolve an internet item or a azure item.

I've subsequently also validated that my DNS forwarding rules in azure are correct as well per the documentation, however it's still not working and the DNS requests repeatedly timeout when being sent via the forwarder.
There is an Azure firewall in the mix, and it has been provided the proper DNS per documentation as well and told to use the forwarding rules

Any ideas?

Test scenarios performed:

VM -> DNS lookup of internet address -> works as expected
VM -> DNS lookup of Azure device -> works as expected
VM -> DNS lookup of onprem device -> timeout
VM -> DNS lookup of onprem not using DNS forwarding -> works as expected

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
529 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,244 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 27,831 Reputation points Microsoft Employee

    Hi @Christian Nicholson ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you are in the middle of setting up Private DNS Resolver for OnPrem workloads.

    Turns out, there was an overlap in the route table from the on-prem side, the subnet where the resolver endpoints were hosted in, didn't have a proper route specified for it on the on-prem side, so traffic was not being routed back on return

    You informed you were able to resolve this.



    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments

0 additional answers

Sort by: Most helpful