DNS Resolution through Express Route Connection

Eugen 25

Hi all,

we have created an Azure Express Route connection between a customer's OnPremise Network (through an APN provider) and our Azure private VNet (AZure private peering). Azure VMs can be reached through that connection by using their private IPs from customers side. But not using their Azure DNS addresses. We use Azure DNS zones with public and private A/AAAA records.

Why DNS resolutions does not work for us?

Is that a matter of APN/Edge Partner or do we need to configure something on Azures side?

Thank you

GitaraniSharma-MSFT 47,421 Reputation points Microsoft Employee

2024-03-19T12:45:02.2+00:00

Hello @Eugen ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you are unable to resolve Azure hostnames from your on-premises via ExpressRoute connection.

As mentioned below by @Deepanshu katara and documented in the Name resolution for resources in Azure virtual networks doc, to resolve Azure hostnames from your on-premises machines, you need to forward queries to a customer-managed DNS proxy server in the corresponding Virtual network.

Refer: https://github.com/MicrosoftDocs/cloud-adoption-framework/blob/main/docs/ready/azure-best-practices/dns-for-on-premises-and-azure-resources.md

https://github.com/Azure/azure-quickstart-templates/tree/master/demos/dns-forwarder

You can also opt for Azure DNS Private Resolver which is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.

Refer: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview https://learn.microsoft.com/en-us/azure/dns/private-resolver-architecture

https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns

Kindly let us know if you need further assistance on this issue.

Regards,

Gita
Eugen 25 Reputation points

2024-03-20T17:41:23.6166667+00:00

Hi @GitaraniSharma-MSFT ,

thank you for your comment, we still are checking solutions with our APN partner.

At least Azure DNS Private Resolver is probably not an option because we dont use private DNS zones.

Regards

Accepted answer

Deepanshu katara 4,905 Reputation points

2024-03-18T09:04:21.7666667+00:00

Hi ,

I think you have to do DNS Forwarding: If the on-premises network is using its own DNS servers, consider setting up DNS forwarding or conditional forwarding on those DNS servers to forward DNS queries for Azure resources to Azure DNS servers. This allows DNS resolution for Azure resources from the on-premises network.

Specify Azure DNS Server IPs: In the "DNS Domain" section, enter the IP addresses of the Azure DNS servers. Azure DNS servers have the following IP addresses:

168.63.129.16

169.254.169.254

Enable Forwarders: Check the box that says "Use root hints if no forwarders are available". This ensures that if the Azure DNS servers are unreachable, DNS queries will fall back to using root hints.

Please follow below links for detail

https://learn.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverforwarder?view=windowsserver2022-ps

https://learn.microsoft.com/en-us/windows-server/networking/dns/quickstart-install-configure-dns-server?tabs=powershell

Kindly check and accept answer if it helps
Please sign in to rate this answer.

1 person found this answer helpful.
Eugen 25 Reputation points

2024-03-18T13:19:03.5766667+00:00

I'll check that with my provider. Thank you

Deepanshu katara 4,905 Reputation points

2024-03-18T13:26:48.4533333+00:00

@Eugen, if it works , please accept answer to help others in community , Thanks

Eugen 25 Reputation points

2024-03-19T08:46:59.5566667+00:00

Will do

Eugen 25 Reputation points

2024-03-21T15:12:30.08+00:00

@Deepanshu katara,

we use Azure Private Peering in ExpressRoute (no MS Peering), as described in my request above. Is that correct, that although the connection is private, clients inside ExpressRoute on both sides (customer/Azure) should still be able to request Azure DNS servers to resolve DNS addresses?

Deepanshu katara 4,905 Reputation points

2024-03-22T06:27:47.17+00:00

Ok , so in this case The on-premises DNS solution is configured to forward DNS traffic to Azure DNS via a conditional forwarder. The conditional forwarder references the Private Resolver deployed in Azure.

Please check this doc for complete end to end , you will get an understanding https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration#on-premises-workloads-using-a-dns-forwarder
Sign in to comment

DNS Resolution through Express Route Connection

0 additional answers