Does Azure Private DNS resolver need to have its own separate VNet?

Sharjeel Bashir 20 Reputation points
2023-05-30T15:45:27.98+00:00

Does Azure Private DNS resolver need to have its own separate VNet, or we can use existing hub VNet and should just create two subnets with in it for the Inboud & Outbound Endpoints for Azure DNS Resolver?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
634 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,309 questions
0 comments No comments
{count} votes

Accepted answer
  1. Jackson Martins 10,141 Reputation points MVP
    2023-05-30T15:53:54.2+00:00

    Hi

    Azure Private DNS Resolver doesn't need to have its own separate VNet. You can use an existing hub VNet. You would just create two subnets within it for the Inbound and Outbound Endpoints for Azure DNS Resolver.

    User's image

    You create an outbound virtual network (VNet) DNS Resolver endpoint. This endpoint forwards DNS queries from your virtual network to the Azure DNS Resolver. This setup allows your virtual network to use Azure's DNS capabilities while maintaining your private DNS namespaces

    reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-resolver

    Get in touch if you need more help with this issue.

    --please don't forget to "[Accept the answer]" if the reply is helpful--

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee
    2023-05-30T15:55:22.9266667+00:00

    Hello @Sharjeel Bashir ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know if Azure Private DNS resolver need to have its own separate VNet.

    No, Azure Private DNS resolver doesn't need to have its own separate VNet. It only requires dedicated subnets which are not used by any other services for the inbound and outbound endpoints.

    Refer: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services#services-that-can-be-deployed-into-a-virtual-network

    As mentioned in the below doc, both inbound and outbound endpoints require a dedicated subnet in the VNet where it’s provisioned, with no other service running in the subnet, and can only be delegated to Microsoft.Network/dnsResolvers. https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview#dns-resolver-endpoints

    For more information on subnet restrictions, refer: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview#subnet-restrictions

    You can use your existing hub VNet and just create two dedicated subnets within it for the Inbound & Outbound Endpoints for Azure Private DNS resolver.

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments