# Custom DNS Support ### Task Customers may choose to use their own DNS server instead of the default Azure-provided DNS for various reasons. ### Limitations of On-Prem DNS By Microsoft’s design, only the Azure DNS server (168.63.129.16) can resolve Azure services (Storage account, Azure SQL, Azure Managed Redis, etc.) with their private IPs (example: 192.168.x.x / 172.16.x.x / 10.x.x.x). Inforiver’s network setup is designed to communicate only using private IPs (Private endpoints) among its core resources within the deployed VNet. So, if there isn’t any existing service/configuration to forward Azure Private Link DNS queries to 168.63.129.16, the queries will either fail or resolve with public IPs where the communication can’t be made. ### How to Resolve? {% hint style="info" %} We will only cover a few scenarios in this document. Your DNS setup and requirements may vary. For the complete list of supported scenarios and Microsoft-recommended approaches for each of them, please refer to: {% endhint %} ### Scenario I - Azure Private Resolver with on-premises DNS forwarder #### Reference Architecture: ![](https://content.gitbook.com/content/tn9fmavAcyzaE7MAMP2U/blobs/OMX7jIDzJ3fcDmipIgdV/on%20premises%20forwarding%20to%20azure.png) {% stepper %} {% step %} ### DNS private resolver rules Add the following domain names to the ruleset and set the destination to your on-premises DNS IP & Port: 1. blob.core.windows.net 2. file.core.windows.net 3. redis.azure.net 4. database.windows.net 5. azurewebsites.net 6. vaultcore.azure.net

Ruleset

{% endstep %} {% step %} ### Azure DNS IP should be added to the forwarders list Add the Azure DNS IP (168.63.129.16) into the forwarders list of your on-prem DNS where appropriate. ![Add to Forwarders list](https://content.gitbook.com/content/tn9fmavAcyzaE7MAMP2U/blobs/JBtkHbL8nPAzkDWAR9EK/Screenshot_2024%2012%2012_201012.png) {% endstep %} {% step %} ### Create conditional forwarders to 168.63.129.16 Create conditional forwarders for the above domains listed in Step 1 and point them to the IP address 168.63.129.16. ![Conditional Forwarder](https://content.gitbook.com/content/tn9fmavAcyzaE7MAMP2U/blobs/XgsYUCBj57kOvrY7Mtpd/Screenshot_2024%2012%2012_213802.png) #### Conditional Forwarders reference config:

Conditional Forwarders Reference Config

{% endstep %} {% step %} ### Establish Virtual Network Links {% hint style="info" %} :bulb: Important Note: The resolution is made by a private DNS zone [linked to a virtual network](https://learn.microsoft.com/en-us/azure/dns/private-dns-virtual-network-links). Make sure the Virtual Network links are established between the Azure Private DNS Zone(s) and the VNet where the VPN/ExpressRoute is connected. {% endhint %} #### Reference for privatelink.blob.core.windows.net: ![](https://content.gitbook.com/content/tn9fmavAcyzaE7MAMP2U/blobs/jMaj7mFcK5z7dz6d9n2g/Screenshot_2024%2012%2012_221056.png) {% endstep %} {% step %} ### Validate Validate DNS resolution using `nslookup` from the DNS server. ![Validate](https://content.gitbook.com/content/tn9fmavAcyzaE7MAMP2U/blobs/UptxFB5MiqwS7J29Wsoh/Screenshot_2024%2012%2012_222223.png) {% endstep %} {% endstepper %} ### References 1. **What is IP address 168.63.129.16?** {% embed url="" %} 2\. **Azure Private Endpoint DNS integration Scenarios** {% embed url="" %} 3. **What is a virtual network link?** {% embed url="" %}