Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, you learn how to configure a Domain Name System (DNS) forward lookup zones for Azure VMware Solution Generation 2 (Gen 2) private clouds. It explains the options and behaviors for domain name resolution within an Azure Virtual Network.
Prerequisite
Gen 2 private cloud successfully deployed.
DNS forward lookup zone configuration options
Azure VMware Solution allows you to configure DNS forward lookup zones in two ways: public or private. This configuration defines how DNS name resolution for Azure VMware Solution components, such as vCenter Server, ESX hosts, and NSX Manager, is performed.
Public: The public DNS forward lookup zone allows domain names to be resolved using any public DNS servers.
Private: The private DNS forward lookup zone makes it resolvable only within a private customer environment and provides other security compliance. If a customer chooses Private Forward Lookup Zone, the Software-Defined Data Center (private cloud) Fully Qualified Domain Names (FQDNs) are resolvable from the Virtual Network where the private cloud is provisioned. If need to enable this zone to be resolvable outside of this Virtual Network, such as in a customer on-premises environment, you need to configure an Azure DNS Private Resolver or deploy your own DNS server in your Virtual Network that uses the Azure DNS Service (168.63.129.16) to resolve your private cloud FQDNs.
DNS forward lookup zone can be configured at the time of creation or changed after the private cloud is created. The following diagram shows the configuration page for the DNS forward lookup zone.
Configuring Private DNS for your Azure VMware Solution Generation 2 Private Cloud
If you select the Private DNS option, the private cloud will be resolvable from the Virtual Network where the private cloud is provisioned. This is done by linking the private DNS zone to your Virtual Network. If you need to enable this zone to be resolvable outside of this Virtual Network, such as in your on-premises environment, you need to configure an Azure DNS Private Resolver, or deploy your own DNS server in your Virtual Network. Private DNS will use the Azure DNS Service (168.63.129.16) to resolve your private cloud FQDNs. This section explains configuring an Azure DNS Private Resolver.
Prerequisite
First, create two /28 subnets to delegate to the Azure DNS Private Resolver service. As an example. They can be named dns-in and dns-out.
Deploy Azure DNS Private Resolver
In your Resource Group, deploy the Private DNS Resolver.
- Click create.
- In the Search the Marketplace field, type Private DNS Resolver and click enter.
- Click create for the Private DNS Resolver.
- Ensure the Subscription, Resource group, and Region fields are correct. Enter a name and choose your Virtual Network. This network must be the same as where you deployed your private cloud, then click Next: Inbound Endpoints.
- Click Add an Endpoint, enter a name for the Inbound endpoint, such as dns-in and select the subnet for the DNS inbound endpoint and click Save.
- Click Next: Outbound Endpoints.
- Click Add an Endpoint, enter a name for the Outbound endpoint, such as dns-out and select the subnet for the DNS outbound endpoint and click Save.
- Click Next: Ruleset.
- Click Next: Tags.
- Click Next: Review + Create.
- When the Validation passes, click create.
You can now resolve your private cloud DNS records from any workload using the Inbound endpoint of the Azure DNS Private Resolver as it’s DNS server. You should now create a conditional forwarder in your on-premesis DNS server and point it to the Inbound Endpoint of the Azure DNS Private Resolver to allow DNS resolution of your private cloud from your corporate network.
Enable Resolution for private cloud Workload Virtual Machines
If you need workload Virtual Machines deployed in your private cloud to resolve the private cloud management components you must add a forwarder to VMware NSX.
- In your Resource group, open your private cloud.
- Expand Workload Networking and click on DNS.
- Click the Add button, select FQDN zone, enter your private cloud’s DNS zone name and Domain, for IP address enter the IP address of the inbound endpoint of your Azure DNS Private Resolver and click OK.
- Click on DNS Service.
- Click Edit.
- Select the zone you just created in the FQDN zones dropdown and click OK.
Your workload Virtual Machines can now resolve the private cloud management components.