Unable To Resolve Azure Private DNS Zone with Linked Virtual Network

devopsfj 151

I am having an issue, which may be by design, however I need confirmation.

I have a Virtual Network which is linked to a Private DNS Zone, name resolution worked fine, since then, I have changed the DNS Servers for the Virtual Network from Azure Provided to our custom DNS Servers, since this change, I can no longer resolve the Private DNS Zone's even though they are still linked, is this expected behaviour?

Rolf Theile 0 Reputation points

2024-01-16T11:34:22.0633333+00:00
I have a related question:
I have a subscription with a virtual network and a linked private DNS zone. The virtual network is in custom DNS mode, working with custom DNS servers.

Can I delete the link between the virtual network and the private DNS zone without causing issues in the network, since the name resolution uses the custom DNS servers?

Can I delete the private DNS zone despite the existing link to the virtual network, without causing issues in the network?
devopsfj 151 Reputation points

2024-01-16T12:45:55.6233333+00:00
@Rolf Theile

Hi,

Assuming your custom DNS Server's Virtual Network is linked to the Private DNS Zone, this will still work.

You can't delete the private DNS zone, that will break DNS resolution, your custom DNS Server's Virtual Network must be linked to the Virtual Network for this to work.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Rolf Theile 0 Reputation points

2024-01-24T08:29:09.15+00:00

@devopsfj Thank you for your answer. I followed your advice and it seems to work. :-)

Accepted answer

Sruthi Saranya Karthikeyan 231 Reputation points Microsoft Employee

2022-04-27T08:27:49.667+00:00

Hi @devopsfj ,

This is expected behaviour as the Private DNS Zone records can be accessed and resolved by Azure DNS only. The workaround for this particular situation can be to setup a DNS forwarder VM on the virtual network and setup conditional forwarding on your custom DNS servers to forward the requests for the private domain to the forwarder VM on the Azure Vnet.

Hope this helps.

Regards,
Sruthi
Please sign in to rate this answer.
devopsfj 151 Reputation points

2022-04-27T08:29:00.713+00:00

Thanks, yes that is what I have done, just wondered if it was expected.
Sign in to comment

1 additional answer

Gregory Grskovich 1 Reputation point

2022-11-16T02:50:45.96+00:00

Why do you need a separate VM as a forwarder? Why does this not work with the conditional forwarder sending directly to the Azure DNS IP or alternatively having the Azure IP set as your forwarder on your custom DNS servers. I've tried both and neither works.
Please sign in to rate this answer.
Sruthi Saranya Karthikeyan 231 Reputation points Microsoft Employee

2022-11-16T10:28:41.023+00:00

Hi @Gregory Grskovich ,

This was the requirement previously however now Azure Private DNS Resolver has been introduced in order to do away with the limitation of having to deploy a Forrwarder VM. This was a requirement previously since Private DNS Zone records are limited to virtual network scope and could only be accessed from resources within the linked virtual networks.

For further details on the same, you can refer: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview

Gregory Grskovich 1 Reputation point

2022-11-18T22:54:44.27+00:00

Actually, I realized it did work with simply the forwarder set on my DC DNS servers. After I queried the Azure DNS server from my domain controllers I got the public IP and realized I needed to also link the vnet they were in (where the name resolution request was orginating from) to the private zone. My DCs are in a hub vnet, not the same one as my apps and the data.
Sign in to comment