Azure Private DNS Zone resolution from OnPremise
Make it possible to enable the Name Resolution from onpremise if i have an azure private dns Zone.
It should be possible to make an Forward from onpremise dns to an azure private dns Zone.
Marcus Adams commented
Is there an update on this?
Mark Nash commented
Need this to work over p2S VPNs aswell.
Using Private DNS in our hub Network, and we can't pull any of the records through the P2S.
I would think this is a good feature to prevent hundreds of home workers from having to updated their hosts files.
Brian Richardson commented
I fixed this by installing an A2 instance running dnsmasq, forwarding all authoritative zones to our local DNS, and forwarding everything else to the Azure resolver. The DNS proxy is in the vnet that has been assigned a private endpoint.
Fadejevs, Jurijs commented
Another vote for this feature.
Made a workaround which runs CoreDNS container instance as private DNS forwarder - https://github.com/groovy-sky/azure/tree/master/docker-coredns-00#introduction
It's a bad thing deppends on a VM to maintain Azure SQL name resolution. Private Link is good, but this blocks us to use it
Another vote for this need.
Working in a hybrid scenario and trying to push SQL over an express route using private peering. I'd love to just forward DNS traffic out to azure (how the documentation says it's supposed to work), but the "magic" of private link dns zones only works coming from an attached vnet.
I solved this issue by putting a Citrix Netscaler in front of DNS to load balance between my DNS servers. I then added an A record for my private link endpoints on the netscaler itself. This causes the netscaler to resolve the name and send the client the correct private IP address. I don't really want to manage DNS in azure with static entries onprem, so being able to forward the requests is a much better solution.
Dun Luo commented
On premise dns should be able to be redirected to private dns zone for internal ip addresses of Paas services in azure. This will avoid manual creation of the dns record in on premise DNS server, This is essential to large enterprises with many development teams working at same time. Also will increase the security of the network as generally 1433 port to the public will be blocked by firewall to minimize the risk, but internally it will not be blocked.
Daniel Hermans commented
there is a quickstart that shows a solution mentioned by Jack Chen and anonymous below:
We're trying to use this for private endpoints (privatelink.blob.core.windows.net, for example). This does not seem to be possible if using AD with Windows DNS servers. Windows servers will not forward if the forwarder is not authoritative. Subdomain delegation works with a conditional forwarder set up but these are not subdomains on the DNS server in this case. Any suggestions would be appreciated. Absent the implementation of changes here, it seems our only option is to put private link zones on our on-premise DNS servers. It seems that the most basically obvious features were left out of Private DNS. Not very well thought out.
Keiran Steele commented
To add to Jacks comment. I also was able to use private DNS from CoreDNS running in a VNet by fowarding to the virtual IP 220.127.116.11. You need to setup a virtual network link for the zone into the vnet that CoreDNS is in.
Jack Chen commented
Finally got it working with our AD. The workaround is setup subdomain delegation and conditional forwarder together, then the query will have recursive.
Tomer Cohen commented
When is this services planed to be available? What is the roadmap/ ETA?
Jack Chen commented
hit this issue as well. One issue I see is Azure DNS doesn't answer query with "Don't query recursively" option.
Nivas Y commented
+1 we need this for integrations with our onPrem infra as as well as those of our customers.
Bill Stoddart commented
Our use case i think is a bit unique as we are 100% hosted in the cloud (Azure). We just have enough gear in the office to connect us to the internet. Our folks all connect to the network resources using P2S VPN client. Being able to use an FQDN to access private Azure resources would be awesome!
Ryan Adler commented
This is key for us to be able to properly restrict access to resources!
Agree this is critical for hybrid environments. Clients don't want to manage bind or windows DNS on IaaS if they can avoid it. AWS have route 53 resolver, so would envisage something similar in Azure might work with private endpoints?
Nathan Becker commented
We're also experiencing some pain with this. We're using Private Link to restrict access to our on-prem network, but since we can't forward on-prem queries directly to Azure DNS, we have to set up and maintain a VM, which is a headache.
On-prem systems not being able to forward the queries to Private DNS forces to maintain some of the records [that need a resolution from on-prem] on Public DNS zones. This is super inefficient and in a way solves half of the problem only.