How to get on-prem devices to reach out to DNS servers in Azure for name resolution

Question

We have a on-prem location which is connected to Azure using site to site ipsec tunnel where our DNS servers are hosted. Our on-prem location has a firewall which is acting as NCP and using ISP's DNS servers for name resolution (all the devices on-prem are also using ISP's DNS servers). Is there a way that we can make use of the DNS servers which are hosted in azure for name resolution for our on-prem devices ?

Answer 1

To make use of the DNS servers hosted in Azure for name resolution for on-prem devices, you can configure on-premises DNS servers with conditional forwarders pointing to DNS Private Resolver service's inbound endpoint IP address in Azure, to forward the request to the Azure Private DNS zone. This is recommended for environments where name resolution across Azure and on-premises is required. Additionally, you can use DNS forwarding rule set associated with the virtual networks to link an Azure Private DNS zone to the virtual networks. For DNS queries generated in the on-premises network to resolve DNS records in Azure Private DNS Zones, you can forward the request to the Azure Private DNS zone.

Reference:

• DNS for on-premises and Azure resources

Answer 2

@Manish

Thank you for reaching out.

I understand you wish to set-up a DNS server in Azure which can help in resolving the on-prem domains. As suggested in the Q&A assist answer above will be a correct approach here to set up a on-premises DNS forwarder pointing to DNS Private Resolver service's inbound endpoint IP address in Azure, to forward the request to the Azure Private DNS zone.Just sharing some documentation here which can help with the implememtation

The DNS resolution will look like as documented here

You can follow the documentation here for implementation.

Hope this helps! Please let me know if you have any additional questions. Thank you!