I have an Azure Tennent connected to my on premise network through a site to site Azure VPN local gateway.
I have established a DNS private resolver with inbound and outbound endpoints. I can resolve DNS queries successfully from within the VNET.
I can successfully resolve on premise hosted machines through querying the DNS private resolver's inbound endpoint. This successfully forwards the request to the on premise DNS server and returns the correct IP address.
I can success fully ping azure hosted virtual machines from any on premise hosted machine.
I CANNOT query the on premise DNS server for registered virtual machines deployed in the VNET where the DNS Private resolver inbound endpoint is deployed.
I CANNOT query the DNS Private resolver inbound endpoint from on an on premise machine using NSLOOKUP hostname IPADDRESS of DNS Private resolver's inbound endpoint's IP address. I get a "Cannot connect" error.
I CANNOT telnet to the DNS Private resolver's inbound endpoint's IP address utilizing port 53: example telnet 192.168.100.132 53. I receive the same cannot connect error.
The network security group that governs the subnet for the DNS private resolver's inbound and outbound endpoints has inbound and outbound rules that permit ANY ANY any port/service.
DNS Private Resolver and Virtual Machines are in the same Resource Group.
Firewall group state that they see the traffic being routed and passed over the Site to Site VPN.