Azure – You can now deploy an Azure DNS Private Resolver (preview)

As you may already know you can host on Azure 2 DNS services:

  • Azure Private DNS used to manage and resolve DNS names in Azure virtual network
  • Azure Public DNS to host public domain using Azure infrastructure

But there was a gap in the DNS service offering which is now covered with the Azure DNS Private Resolver.

The gap was when you had to conditionally forward request from Azure to your on-premises infrastructure (or vice-versa), you had to deploy DNS solution.

With Azure DNS Private Resolver, you can now resolve DNS names hosted in Azure from your on-premises.

It is available to all customer within the following regions:

  • Australia East
  • UK South
  • North Europe
  • South Central US
  • West US 3
  • East US
  • North Central US
  • Central US EUAP
  • East US 2 EUAP
  • West Central US
  • East US 2
  • West Europe

The below diagram (courtesy Microsoft) details how the solution will work

Now, if you want to take advantage of this new DNS capability you will first need to register the Microsoft.Network provider namespace (if not yet registered) by accessing the Resource Providers blade in your subscription


Then you need to create 2 new subnets in your virtual network; these subnets will be used later when creating the private resolver endpoints.

These subnets can not have any services running and can only be delegated to Microsoft.Network/dnsResolvers

They must be between /28 and /24 address space.


Then you can create the DNS Private Resolver by accessing this specific blade (this is not yet directly available in the Marketplace)


You now have to select the subscription, resource group, region where the private resolver will be deployed. You also have to select the virtual network which will use it.

NOTE the private resolver and virtual network must reside within the same region


Next you have to configure the inbound and outbound endpoints.

NOTE you can create the required subnet at this step too if you missed it above

Inbound endpoints are used to enable DNS resolution from on-premises or private location (through either VPN, Express Route or Azure Bastion).

Outbound endpoints are used for conditional forwarding from Azure to your on-premises, other cloud services or public DNS.


The next step it create the rulesets to configure the conditional DNS forwarding; you can go straight if you want to create these later

image  image

That’s it, your DNS Private Resolver is ready to be created.

Off course (at this is the last step before creation) it is highly recommended to configure the Tags.

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.