Azure Private Resolver and more than one VNET

Ryan Jensen 0 Reputation points


I'm going to have a bunch of context followed by a question, so bear with me.


I have a DNS / Privatelink question / issue.

I have two VNETs, one is our "private", main, internal VNET (VNET1), the 2nd is a VNET (VNET2) that we have a 3rd party building an application in for us. I have an Express Route from my on-prem datacenter to Azure.

We have the VNETs peered with NSG in place and there is connectivity.

Both VNETs have private links configured for the resources and there are duplicate private dns zones for each VNET. In particular,

Until now, I had just created the zone on our internal DNS / DDI platform (Infoblox) and manually put in the handful of entries we needed in there. Now that VNET2 is being used, there are around 70 or so entries in that zone for that VNET.

My goal is to keep from having to update my on-prem DNS server with the entries from both privatelink private dns zones in azure.

I learned about the Private DNS Resolver. I deployed one in VNET1 and setup Infoblox to forward requests to the Private DNS resolver in VNET1, and I can resolve private DNS entries in VNET1 as expected.

Then, I setup a second Private DNS Resolver in VNET2, I set Infoblox to forward requests to that IP, again, working as expected for private entries in VNET2.

I setup Infoblox with two forwarders for that zone, one to each private resolver, but, it only forwards the requests to ONE of the resolvers based on the order I enter them into the config. I was hoping it would forward to BOTH and return whichever entry comes back, but that's not the case.


Is there any way I can access the dns entires for BOTH VNETs without having to manually manage the zone on-prem? Is there any way to use the private resolver with outbound endpoints or anything to access the other VNET?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
505 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
383 questions
{count} votes