Hello @Sharjeel Bashir ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if Azure Private DNS resolver need to have its own separate VNet.
No, Azure Private DNS resolver doesn't need to have its own separate VNet. It only requires dedicated subnets which are not used by any other services for the inbound and outbound endpoints.
Refer: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network
As mentioned in the below doc, both inbound and outbound endpoints require a dedicated subnet in the VNet where it’s provisioned, with no other service running in the subnet, and can only be delegated to Microsoft.Network/dnsResolvers.
https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview#dns-resolver-endpoints
For more information on subnet restrictions, refer: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview#subnet-restrictions
You can use your existing hub VNet and just create two dedicated subnets within it for the Inbound & Outbound Endpoints for Azure Private DNS resolver.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.