Where can I find Azure (private) DNS / Network limitations and what are their consequences

databay 0 Reputation points
2023-09-25T13:15:27.62+00:00

Hi,

some of the azure products form an important part of our infrastructure. There are a few, but most importantly a private DNS zone, a virtual WAN, a virtual network, a MSSQL database, a private DNS resolver, and a couple of VMs for DNS forwarding via dnsmasq. The virtual network has no special configuration, e.g. no firewall, no DDos protection and default DNS server.

We have some other servers outside of the Azure infrastructure, which use the database and storage, and are connected through an IPsec tunnel to the WAN. To maintain a private connection to the database and the storages we use the private DNS zone.

It works mostly fine, but we have a serious problem that sometimes some of our hosts experience DNS issues. In every case the duration of the timerange where the timeouts are happening is pretty much exactly one hour (~58 minutes). One of our suspicions was that we might be affected of some rate limiting or quota exhaustion. We tried to get a clear a picture of what the limitions of our used products are, but unfortunately it is rather difficult.

We found these two documentations with different limitations, but no detailed explanation:

So we would like to know: are there any good overview of quotas and/or usage limitions for the following products in terms of networking, like requests per second, etc:

  • virtual network
  • private DNS zone
  • virtual WAN

And if so, even more important, how is the limition handled and what consequences are there? Is the one hour block of DNS timeouts we are experiencing a possible consequence of rate limiting/throttling/something else?

(Another doubt we have is that if we might need some sort of NATing between the two networks.)

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
189 questions
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
599 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 23,031 Reputation points Microsoft Employee
    2023-09-29T03:09:58.63+00:00

    @databay

    Thank you for getting back.

    Based on your question above

    How excatly will the "throttling" affect us? Does any of the resources (eg the DNS resolver) throttle a specific VM or IP for excatly 1 hour?

    Currently there is no such limitation for Azure Private DNS resolver which will throttle a specific VM or IP for exactly 1 hour. Although you can validate if queries per second per endpoint are hitting the limit of 10,000 and if this is causing such issue. You can view this metric in the Metrics section of the Private Resolver on Azure portal.

    User's image

    Is there any information on what exactly happens we reach maximum limitation for a particular service?

    Each service or each limitation has different behaviors, for example

    User's image

    Thank you!

    0 comments