enable Azure Firewall DNS proxy where APIM is used with custom DNS

Chanaka Nissanka 1 Reputation point
2022-07-20T05:30:41.887+00:00

Hi MS support,
we need to check your recommendation on enabling Azure Firewall DNS proxy where custom DNS is used. We have HUB and Spoke model where APIM is used in spoke connecting to another public cloud provider via Azure Firewall(API calls). As per the documentation we have to enable and point AZ FW DNS IP as custom DNS forwarder. VNET DNS settings to AZ FW private IP. Is this the case or just default Azure DNS at DNS proxy is suffice. Reason for this configuration is to make use of FQDNs in network rules and what impact will it have in either cases ?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,769 questions
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
598 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
570 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,261 Reputation points Microsoft Employee
    2022-07-20T05:53:57.207+00:00

    Hi,

    You will need to perform 2 steps:

    1. Setup DNS proxy in Azure Firewall settings
    2. Set the Firewall's Private IP as DNS server in the VNET settings, so that the resources (VMs) will send the DNS query to Firewall.

    Reference: https://learn.microsoft.com/en-us/azure/firewall/dns-settings

    Regards,
    Karthik Srinivas

    0 comments