Centralized DNS with VirtualWAN

Greg Bonk 21

I am using a VirtualWan with several private DNS zones and several VNets.

All of the VNets are attached to the VirtualWAN's associated Virtual HUB.

It's a real pain to attach these private DNS zones to every VNet.

I've seen mentioned something about creating a Centralized DNS that would allow my private DNS zones to be resolved but not attached to every VNet but only a single VNET. If someone could send me a simple diagram and explanation on how to achieve a Centralized DNS when using VirtualWAN I would be very grateful.

ChaitanyaNaykodi-MSFT 22,701 Reputation points Microsoft Employee

2022-11-15T03:46:28.547+00:00

@Greg Bonk , Welcome to the Microsoft Q&A forum. If I understand correctly, you have also created a support ticket for this request. We are reviewing the details shared and will help get you an answer soon. Thank you!
Greg Bonk 21 Reputation points

2022-11-15T13:12:26.92+00:00

Yes, thank you

1 answer

Bas Pruijn 946 Reputation points

2022-11-15T12:48:52.977+00:00

I think this could be fixed by setting up a DNS Private resolver. There you define an inbound endpoint. You should be able to define the IP address of the inbound endpoint as the DNS resolver for your other VNETS. This set-up would only require you to link the private DNS zones to the VNET of the DNS resolver.

This one is still on my 'I want to try this out'-list though.
Please sign in to rate this answer.
Greg Bonk 21 Reputation points

2022-11-15T13:35:02.497+00:00

When reviewing the Azure docs, it appears that yes, I would use a DNS Private resolver, but I have not found an explicit example with a VirtualWAN.

Virtual WAN is a newer service offering and some documentation that implies on how to create a centralized DNS manually. My frustration in general is that the examples for networking are TOO COMPLEX. Rarely there is a simple example that explains a concept and only focuses on that concept.

This example kind of shows what I need to do...
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale

Talks about centralized DNS but we don't want to create our own DNS VMs. We are 100% azure, we don't have an on-premise network to integrate with.

The example I've referenced ( and others I've seen ) refer to the "hub VNet". In the case of VirtualWAN, there doesn't appear to have access to the "hub VNet". VirtualWAN's hub the Vnet is 'managed'.

The VirtualWAN has a VNet, Would I use that instead ?

Then finally, my question on how the Azure Recursive DNS resolver works in a virtual WAN environment too. Is the V-WAN's Vnet now the 'hub' of the hub and spoke model ?

The Example link here: https://learn.microsoft.com/en-us/azure/virtual-wan/migrate-from-hub-spoke-topology#step-6-old-hub-becomes-shared-services-spoke

Comments "Virtual WAN hub is a managed entity"

Should I try something similar where I would put a private DNS resolver in a 'Shared Services' spoke?

Bas Pruijn 946 Reputation points

2022-11-15T13:44:37.863+00:00

I am pretty sure that adding services to a spoke vnet would not solve your issue, since communication is not transitive, and therefor your DNS request would probably never reach the services spoke. Since the pricing of a Virtual WAN setup is way-out-of-reach for most of my customers I am afread I cannot help you with this one any further.
Sign in to comment