search

Custom DNS Support

hashtag
Task

Customers may choose to use their own DNS server instead of the default Azure-provided DNS for various reasons.

hashtag
Limitations of On-Prem DNS

By Microsoft’s design, only the Azure DNS server (168.63.129.16) can resolve Azure services (Storage account, Azure SQL, Azure Managed Redis, etc.) with their private IPs (example: 192.168.x.x / 172.16.x.x / 10.x.x.x).

Inforiver’s network setup is designed to communicate only using private IPs (Private endpoints) among its core resources within the deployed VNet. So, if there isn’t any existing service/configuration to forward Azure Private Link DNS queries to 168.63.129.16, the queries will either fail or resolve with public IPs where the communication can’t be made.

hashtag
How to Resolve?

circle-info

We will only cover a few scenarios in this document. Your DNS setup and requirements may vary. For the complete list of supported scenarios and Microsoft-recommended approaches for each of them, please refer to: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integrationarrow-up-right

hashtag
Scenario I - Azure Private Resolver with on-premises DNS forwarder

hashtag
Reference Architecture:

1

hashtag
DNS private resolver rules

Add the following domain names to the ruleset and set the destination to your on-premises DNS IP & Port:

  1. blob.core.windows.net

  2. file.core.windows.net

  3. redis.azure.net

  4. database.windows.net

  5. azurewebsites.net

Ruleset
2

hashtag
Azure DNS IP should be added to the forwarders list

Add the Azure DNS IP (168.63.129.16) into the forwarders list of your on-prem DNS where appropriate.

Add to Forwarders list
3

hashtag
Create conditional forwarders to 168.63.129.16

Create conditional forwarders for the above domains listed in Step 1 and point them to the IP address 168.63.129.16.

Conditional Forwarder

hashtag
Conditional Forwarders reference config:

Conditional Forwarders Reference Config
4

hashtag
Establish Virtual Network Links

circle-info

πŸ’‘ Important Note:

The resolution is made by a private DNS zone linked to a virtual networkarrow-up-right. Make sure the Virtual Network links are established between the Azure Private DNS Zone(s) and the VNet where the VPN/ExpressRoute is connected.

hashtag
Reference for privatelink.blob.core.windows.net:

5

hashtag
Validate

Validate DNS resolution using nslookup from the DNS server.

Validate

hashtag
References

  1. What is IP address 168.63.129.16?

LogoAzure IP Address 168.63.129.16 OverviewMicrosoftLearnchevron-right

2. Azure Private Endpoint DNS integration Scenarios

LogoAzure Private Endpoint DNS Integration ScenariosMicrosoftLearnchevron-right

  1. What is a virtual network link?

LogoWhat is a virtual network link subresource of Azure DNS private zonesMicrosoftLearnchevron-right
PreviousDeploy Inforiver Writeback Matrix using TerraformNextMigrating to Azure Managed Redis

Last updated

Was this helpful?