Custom DNS Support

Task

Customers may choose to use their own DNS server instead of the default Azure-provided DNS for various reasons.

Limitations of On-Prem DNS

By Microsoft’s design, only the Azure DNS server (168.63.129.16) can resolve Azure services (Storage account, Azure SQL, Redis Cache, etc.) with their private IPs (example: 192.168.x.x / 172.16.x.x / 10.x.x.x).

Inforiver’s network setup is designed to communicate only using private IPs (Private endpoints) among its core resources within the deployed VNet. So, if there isn’t any existing service/configuration to forward Azure Private Link DNS queries to 168.63.129.16, the queries will either fail or resolve with public IPs where the communication can’t be made.

How to Resolve?

We will only cover a few scenarios in this document. Your DNS setup and requirements may vary. For the complete list of supported scenarios and Microsoft-recommended approaches for each of them, please refer to: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration

Scenario I - Azure Private Resolver with on-premises DNS forwarder

Reference Architecture:

DNS private resolver rules

Add the following domain names to the ruleset and set the destination to your on-premises DNS IP & Port:

blob.core.windows.net
file.core.windows.net
redis.cache.windows.net
database.windows.net
azurewebsites.net

Azure DNS IP should be added to the forwarders list

Add the Azure DNS IP (168.63.129.16) into the forwarders list of your on-prem DNS where appropriate.

Create conditional forwarders to 168.63.129.16

Create conditional forwarders for the above domains listed in Step 1 and point them to the IP address 168.63.129.16.

Conditional Forwarders reference config:

Establish Virtual Network Links

💡 Important Note:

The resolution is made by a private DNS zone linked to a virtual network. Make sure the Virtual Network links are established between the Azure Private DNS Zone(s) and the VNet where the VPN/ExpressRoute is connected.