Using On-Premise DNS (Pi hole) in VPN environment

Michail 26 Reputation points
2024-02-09T10:00:48.44+00:00

I have set up a site-to-site connection between our local network and an Azure Virtual Network (VNet), with a VPN gateway facilitating connectivity between our local network and a VPN client. Within our company, we have a pi-hole server managing some xxx.local DNS records. When I connect to the Azure VNet using the Azure VPN client, I can successfully ping and connect to on-premise devices without any issues. However, when I attempt to change the DNS settings of the Virtual Network from the standard Azure ones to our on-premise DNS (local) IP address, I encounter problems. Not only am I unable to reach my custom DNS records, but I also lose internet access altogether. Additionally, when I use 'ipconfig /all', the DNS server does not appear. I suspect there might be some DNS forwarding mechanism at play here that redirects to the specified DNS IP address, but fails to connect to it, as public DNS servers do work. Does anyone have any insights or suggestions on how to configure an on-premise DNS server to function properly for a VPN client? Thank you. Edit: "nslookup google.com dns_server_ip" also doesnt work.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,798 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,777 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator
    2024-02-14T07:00:40.5366667+00:00

    @Michail

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue :

    Use OnPrem Custom DNS server for P2S Clients via transit over Azure (P2S ---- AzVPNGateway ---- S2S)

    Solution :

    • You changed the "Interface settings" to "Respond only on interface eth0" in the DNS section of the pi-hole.
    • Post this just setting the server IP in the DNS settings of the VNET does the trick.

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.