Allow DNS servers to be advertised per subnet instead of VNET
Instead of advertising the DNS servers per VNET, is there anyway we can specify what DNS servers should be advertised per subnet? In most cases, I would create a VNET and use NSGs to segregate out my traffic.
The problem with specifying the DNS servers for the whole VNET, is now I am required to create a completely separate VNET for a DMZ, as my internal DNS servers are being advertised to those machines. In this case, being able to specify DNS servers at a subnet level will allow more flexibility in regards to creating one VNET instead of multiple VNETs with VNET-to-VNET connections (which come at additional billing).
This remains on our long-term backlog as something we want to offer.
J Montgomery commented
We are just implementing Azure Application Gateways and have problems with this inflexible network config. The Azure Application Gateways live in DMZ subnets and, as we found out the hard way, they needed to use the Azure default DNS. However, the rest of our servers are in separate "internal" subnets in Azure and must use the AD domain controllers for DNS. We had to put in a kludge to get the App Gateways working, but now we need to re-visit our design and the only option seems to be to set the VNET DNS servers to the Azure subnets, and go to the NICs for each "internal" VM and override the DNS servers (which says it will reboot the servers). What a mess!
Please, please implement a "DNS servers per subnet" setting!
Dave Lee commented
Still not implemented.... The only workaround so see currently is to manually set each NIC for all resources on a subnet to specific DNS servers. It works but is pretty clunky.
Denis Lepropre commented
Idea submitted 4 years ago now... And still not implemented (?!).
"...This remains on our long-term backlog..." : yes indeed !
Puneet Ghanshani commented
This should work with ASE by design as well
Ondrej Vaclavu commented
This is an important feature for enterprise infrastructure scenarios. We can assign DNS per VM or create separate VNets/peerings for each subnet. Both is a huge administrative overhead.
Minh Trieu commented
We are also looking at introducing Azure AD Domain Services and finding it much more difficult to implement without the ability of changing the default DNS on each Subnet. Updating NICs on each VM is much more tedious and prone to errors.
under review for quite awhile, any update?
Andrea Marchi commented
[Deleted User] commented
Yes I think this is definitely required , as seeting dns for an entire vnet is always suitable
Drew Lanclos commented
Definitely surprised at this feature gap.
John C commented
Why is this still not done?
Would it be possible to create a smaller VNET for internal and another small VNET for DMZ and peer them together. That way you can have two separate DNS entries (internal and DMZ)
Haven't tried this but it may work.
I just attempted to deploy Azure Managed SQL Instance in my VNET, which uses custom DNS.
Managed SQL Instance has a hard requirement of using the default Azure DNS resolvers to work.
I cannot make it work in my environment without deploying another VNET and reworking the VPN configuration.
This feature really is needed.
Requested over 2 years ago, and still no sign of implementation. Can you not enable an option on individual network interfaces to have a choice of 'Use the Azure DNS servers', along with inherit from VNet and Custom?
Andy B commented
Any news on this one? The lack of per-subnet DNS settings is a big limitation. I note that https://docs.microsoft.com/en-us/azure/best-practices-network-security suggests putting DMZ & internal subnets in the same VNet, but doesn't cover this point.
We're about to deploy a DMZ in Azure & it looks like a separate VNet is the only way to get DMZ hosts using a DMZ DNS server.
John Delisle commented
This is very important functionality. We have VNETs where we have many subnets that belong to different AD domains, and need to use different DNS servers. Currently, we have to edit the DNS server of half the VMs on the NIC in Azure, and this is administratively frustrating and error-prone.
Please allow per-subnet DNS configuration!
it will be nice to have the ability to enter DNS IP for subnet as well.
currently now we have for vnet and per vm.
different subnets may require different network settings...as I can't set custom DNS on subnet level in Azure , I have to update any single VM within the vnet as we are migrating some DNS servers...
Please add per-subnet DNS capabilities so that we can create a DMZ within a VNET
Martin Stevnhoved commented
We would like to have separate ADs in separate Subnets.
This is also impossible because we can not set DNS per Subnet. Any ideas?