Azure – You can now configure your own DNS on Azure Firewall and use DNS proxy (preview)

As you know, Azure Firewall is a cloud as a service (FWaaS) from Azure helping you to centrally managed traffic from Azure or to Azure.

As you also know, firewalls (and not specifically just Azure Firewall) rely on correct name resolution to be able to work properly.

Well, until now, Azure Firewall was hardcoded to use Azure DNS only for name resolution. Today, you can now start defining your own/custom DNS servers to be used by Azure Firewall.

Logon to your Azure portal (https://portal.azure.com) and go to the Firewall blade

image

There access the firewall you want to update to use your own DNS server and access the DNS (preview) configuration blade

image

You can then switch from Default (Azure provided) to Custom and define the list of your own DNS servers to use; you can also use your Azure Private DNS if you have it as long as the private DNS zone is linked with the virtual network protected by Azure Firewall (see https://docs.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal#link-the-virtual-network)

image

In addition, but does not require the above action, you can also configure your Azure Firewall to enable the DNS proxy to make Azure Firewall listen on port 53 and forward the request to the defined DNS (either the default ones [Azure] or your custom ones)

image

Leave a Comment

Your email address will not be published. Required fields are marked *