How to Use Azure DNS Private Resolver and Outbound Endpoints
Vložit
- čas přidán 23. 07. 2024
- This video goes over how to use an Azure DNS Private Resolver and Outbound Endpoints with Azure DNS Forwarding Rulesets. These two services allow us to resolve on-premises host names from Azure clients. We no longer need to deploy DNS servers in Azure to bridge on-premises and Windows DNS with Azure DNS. We can leverage the Azure DNS Private Resolver PaaS service to handle DNS lookups for Azure.
00:00 - Start
03:38 - Test Without Outbound Endpoint
04:19 - Add an Outbound Endpoint
05:18 - Create a Forwarding Ruleset
08:55 - Test with Outbound Endpoint
Free Azure guide! Subscribe to the newsletter
subscribepage.io/rbsIjt
Zero to Hero with Azure Virtual Desktop
www.udemy.com/course/zero-to-...
Hybrid Identity with Windows AD and Azure AD
www.udemy.com/course/hybrid-i...
Windows 365 Enterprise and Intune Management
www.udemy.com/course/windows-...
Cost Management in Azure
www.udemy.com/course/cost-man... - Věda a technologie
Thank you so much for this video and the one on the inbound configuration. Helped me out a bunch.
In a use case where there are Active Directory DCs both on prem and in Azure (self managed, AD DCs running in a VM), is there a reason to favour private DNS resolvers over using custom DNS in Azure and having VMs running in Azure resolve DNS via Windows DNS running on the DCs?
on-prem domain and private zone domain are same. Outbound resolver will resolve or VM's will to private zone
thanks for your content
I have done everything shown in the video when I do nslookup for onprem dns it goes to azure wireserver ip and shows timedout error. However ping works fine
What if scenario we need like to resolve public storage endpoints in the internal network and with azure dns custom dns server
I've done everything as in video, but the issue persists. Can a DNS private resolver be used to extend the on premise domain to Azure? So that the servers in Azure can be domain joined with on prem domain? Thnaks
It won’t extend on-prem DNS to Azure, but it can forward requests for on-Orem domains to win DNS servers. If the goal is to join Azure computers to Win AD, you could add DCs to Azure and set custom DNS on the VNet to use them.
@@Ciraltos thank you for clarification. My ultimate goal is to extend on-prem domain so that I can have windows servers in the same domain as on premise. But thinking about it now, maybe I should put one DC in azure and create new domain (same name just put azure in front) and just put conditional forwarders between on prem and azure dns servers.
I used this solution to resolve Azure's private DNS from on-premises. This solves one problem while creating another. If a private is not connected to a vnet (In which Private DNS resolver deployed and linked to itself). It only resolves private DNS entries that are linked to it, and the request is dropped if the entry is not in the private DNS zone linked to the vNet.
It should try to public endpoint but that fails. It is not the better suite for this scenario.
Exactly this. With PR you can resolve private zones in your AAD instance. But it breaks your ability to resolve public zones (of the same name) in another company's AAD instance.
great