What are differences between Firewall DNS Proxy and DNS Private Resolver?

ks 35 Reputation points
2023-05-17T13:49:53.06+00:00

I am unsure which to choose Azure Firewall DNS Proxy and DNS Private Resolver as a DNS forwarder.
I'd like to know the main differences and practical situations for each.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
631 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
607 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 49,386 Reputation points Microsoft Employee
    2023-05-17T14:55:24.6266667+00:00

    Hello @ks ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know the main differences between Azure Firewall DNS Proxy and DNS Private Resolver and their practical uses as a DNS forwarder.

    Azure Firewall DNS Proxy and DNS Private Resolver are two different services in Azure that can be used as DNS forwarders. Here are the main differences and practical uses for each:

    Azure Firewall DNS Proxy:

    • Azure Firewall DNS Proxy acts as a proxy between your virtual network and the DNS servers. It intercepts DNS queries from the virtual network and forwards them to the appropriate DNS servers.
    • It provides a centralized DNS forwarding solution for the entire virtual network.
    • Azure Firewall DNS Proxy can perform DNS caching, which can improve the performance of DNS resolutions.
    • It allows you to apply firewall rules to control DNS traffic, providing additional security and filtering options.

    Practical uses: Azure Firewall DNS Proxy is suitable when you want to have centralized DNS forwarding with the ability to apply firewall rules and caching. It is beneficial in scenarios where you need to control DNS traffic and apply security policies at the network level.

    Refer: https://learn.microsoft.com/en-us/azure/firewall/dns-details

    https://learn.microsoft.com/en-us/azure/firewall/dns-settings

    Azure DNS Private Resolver:

    • Azure DNS Private Resolver is a service that bridges an on-premises DNS with Azure DNS. You can use this service to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM-based DNS servers.
    • It resolves DNS queries using Azure's internal DNS service, which is highly available and provides automatic resolution for Azure resources.
    • DNS Private Resolver supports conditional forwarding, allowing you to forward specific DNS zones to your on-premises DNS servers.
    • It can be used in combination with Azure Private DNS zones to resolve private DNS names within virtual networks.

    Practical uses: DNS Private Resolver is useful when you want to resolve DNS queries within your virtual network without exposing DNS servers to the public internet. It is suitable for scenarios where you need to resolve Azure resources' DNS names and have control over private DNS zones.

    Refer: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview

    https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-resolver

    https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns

    In summary, Azure Firewall DNS Proxy is more focused on providing centralized DNS forwarding with advanced security and filtering capabilities, while DNS Private Resolver is designed for resolving DNS queries within virtual networks and integrating with Azure Private DNS zones with the capability to query Azure DNS private zones from an on-premises environment and vice versa.

    So, depending upon your existing setup, your requirement and features needed, you should decide which service fits your criteria.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Fabricio Godoy 2,611 Reputation points
    2023-05-17T14:49:29.1433333+00:00

    Hello @ks

    Welcome to Microsoft Q&A

    First of all, let me start by explaining each one

    • Azure Firewall DNS Proxy: Azure Firewall DNS Proxy allows you to proxy DNS website visitors from virtual networks through Azure Firewall for DNS resolution. When you enable DNS Proxy, Azure Firewall acts as a DNS server for the digital networks behind it, forwarding DNS requests to the best DNS servers on behalf of clients. The most important benefit of using a DNS Proxy is that it allows you to centralize and manipulate DNS visitors through Azure Firewall... which introduces additional security features such as DNS filtering, DNS logging, and DNS analytics.
    • DNS Private Resolution: DNS Private Resolution is a feature of Azure Firewall that allows digital networks to resolve DNS names of assets deployed in other virtual networks. By default... virtual networks in Azure use Azure-supplied DNS for call decision, which resolves handiest the DNS names of assets deployed within the equal virtual network. However... with DNS Private Resolution enabled, digital networks can clear up DNS names of assets deployed in peered or digital network-to-digital network-connected digital networks. It simplifies the management and configuration of DNS resolution across interconnected digital networks.

    In a nutshell....Azure Firewall DNS Proxy is used to proxy DNS website visitors through Azure Firewall for better security and manipulation, while DNS Private Resolution enables DNS call resolution across interconnected virtual networks.

    I hope this help u.

    Regards

    1 person found this answer helpful.