Those who have worked with hybrid environments where they needed resources located in the on-premises network to resolve Azure resources’ private endpoints would remember that there wasn’t a great way to do this before Azure DNS Private Resolver was available. I remember having to create forward lookup zones such as blob.core.windows.net on the on-premises AD DS domain controller hosting DNS or, if I just needed one record, created a forward lookup zone such as storageaccountname.blob.core.windows.net with a root record pointing to the Azure private endpoint. Fast forward to sometime in 2022, Azure DNS Private Resolver was finally GA-ed (https://azure.microsoft.com/en-us/blog/announcing-azure-dns-private-resolver-general-availability/) allowing us a way to not only resolve Azure resources’ private endpoint IP addresses but also on-premises resources’ DNS from Azure.
For those who may not be familiar with Azure DNS Private Resolver the documentation can be found here: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview
I’ve had plenty of success deploying the service either via click-ops through the GUI or Terraform and given a bunch of dependencies required to provide the Terraform code, I won’t be doing what I usually do and provide the code. The only configuration awareness I want to raise is that when you add domains for the outbound endpoint DNS forwarding ruleset, make sure you add the period (contoso.local. and not contoso.local) after the domain name or you’ll get an error with Terraform and the message isn’t very descriptive for what is wrong. What I’d like to place in this post are more detailed diagrams that I use to walk clients through what the traffic flow looks like for inbound and outbound requests. I find that the client immediately gets the traffic flow whenever I pull up the two diagrams so it will be handy for me to retrieve it from this post rather than dig through the folders on my laptop. Hope this helps anyone who may find it useful. Feel free to use it in any way you like.
Azure DNS Private Resolver – Inbound Endpoint – Querying Azure Resource DNS Record
Azure DNS Private Resolver – Outbound Endpoint – Querying On-Premises DNS Records
