# Custom DNS Support ### Task Customers may choose to use their own DNS server instead of the default Azure-provided DNS for various reasons. ### Limitations of On-Prem DNS By Microsoft’s design, only the Azure DNS server (168.63.129.16) can resolve Azure services (Storage account, Azure SQL, Azure Managed Redis, etc.) with their private IPs (example: 192.168.x.x / 172.16.x.x / 10.x.x.x). Inforiver’s network setup is designed to communicate only using private IPs (Private endpoints) among its core resources within the deployed VNet. So, if there isn’t any existing service/configuration to forward Azure Private Link DNS queries to 168.63.129.16, the queries will either fail or resolve with public IPs where the communication can’t be made. ### How to Resolve? {% hint style="info" %} We will only cover a few scenarios in this document. Your DNS setup and requirements may vary. For the complete list of supported scenarios and Microsoft-recommended approaches for each of them, please refer to: {% endhint %} ### Scenario I - Azure Private Resolver with on-premises DNS forwarder #### Reference Architecture: ![](/files/edef4029031f318481ca4265fb200c84b76e7ebc) {% stepper %} {% step %} ### DNS private resolver rules Add the following domain names to the ruleset and set the destination to your on-premises DNS IP & Port: 1. blob.core.windows.net 2. file.core.windows.net 3. redis.azure.net 4. database.windows.net 5. azurewebsites.net 6. vaultcore.azure.net

Ruleset

{% endstep %} {% step %} ### Azure DNS IP should be added to the forwarders list Add the Azure DNS IP (168.63.129.16) into the forwarders list of your on-prem DNS where appropriate. Add to Forwarders list {% endstep %} {% step %} ### Create conditional forwarders to 168.63.129.16 Create conditional forwarders for the above domains listed in Step 1 and point them to the IP address 168.63.129.16. Conditional Forwarder #### Conditional Forwarders reference config:

Conditional Forwarders Reference Config

{% endstep %} {% step %} ### Establish Virtual Network Links {% hint style="info" %} :bulb: Important Note: The resolution is made by a private DNS zone [linked to a virtual network](https://learn.microsoft.com/en-us/azure/dns/private-dns-virtual-network-links). Make sure the Virtual Network links are established between the Azure Private DNS Zone(s) and the VNet where the VPN/ExpressRoute is connected. {% endhint %} #### Reference for privatelink.blob.core.windows.net: ![](/files/ed162e99a4a41d8cfd0b712666b01c053fcdad74) {% endstep %} {% step %} ### Validate Validate DNS resolution using `nslookup` from the DNS server. ![Validate](/files/af67139c9e745c2fe80b7f7a1b4d876a01742c66) {% endstep %} {% endstepper %} ### References 1. **What is IP address 168.63.129.16?** {% embed url="" %} 2\. **Azure Private Endpoint DNS integration Scenarios** {% embed url="" %} 3. **What is a virtual network link?** {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inforiver.com/inforiver-enterprise-on-prem/how-to-guides/custom-dns-support.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.