Azure DNS Private Resolver Usage — Verification with details 1/3
Intoroduction
Utilising Azure DNS Private Resolver empowers us to establish a DNS forwarding mechanism without the necessity of configuring a DNS server specifically designed for forwarding purposes.
I will provide a comprehensive guide on how to effectively conduct experiments to test the functionality of this feature within your Azure environment, starting from the ground up.
Optionally you can check the next paper: Azure DNS Private Resolver Usage — Verification with details 2/3
Agenda
- “Facilitating name resolution from an on-premise environment to a resource hosted within a Private Endpoint.”
- “Enabling name resolution from a spoke client to an on-premise resource.”
- “Exploring Azure Firewall forwarding and outbound traffic restriction as an alternative approach to utilising the Azure DNS Private Resolver Inbound Endpoint.”
From 1st to 2nd points, the architecture is following image
The alternative approach of making use of Azure Firewall is the following architecture image: I highlited with red colour at the points of having changed.
1. Facilitating name resolution from an on-premise environment to a resource hosted within a Private Endpoint
In this section, the goal is to create the below architecture
In my environment, I have configured a Virtual Network (VNet) designed to simulate an on-premise network, with an address space defined as 192.168.0.0/16. Additionally, I have designated a specific Virtual Machine (VM) to serve as a DNS server. You can transform your Azure VM into a DNS server by following the provided instructions.
Step1: Create Orage line
Prerequisite
・On-premise Virtual Network — 192.168.0.0/16
・Client VM — Windows 2022 Server, 192.168.0.4
・DNS Server — Windows 2022 Server, 192.168.0.5
・Virtual Network Gateways Setup
In the “to-be” DNS server, as soon as you connect with RDP, you can confirm that the Server Manager window opens as following:
As “Add roles and features” has been highlighted, click here to the next step:
At “Select server roles”, you can find “Active Directory Domain Servide” to place a check mark, then maintain the current configuration by leaving all checkboxes unaltered. At the end, you can find “AD DS” has installed properly like as following image:
Alright, let’s promote this server to a domain controller by following steps below:
I named a Root domain name as “contoso.local”.
Maintain the current configuration by leaving all checkboxes unaltered and install it.
The system will initiate an automatic reboot. Within the Azure portal, you can verify that the server has completed the restart process. Afterward, you can reconnect to it using Remote Desktop Protocol (RDP) to confirm whether the DNS feature has been successfully installed, as illustrated in the following image.
Step2
Setup On-premise Network’s VM to be a DNS server you just promoted in Azure Portal.
Open Client VM with RDP and make sure what the its DNS server is — it should still be a Azure-provided server (168.63.129.16) :
We shall be changing the DNS server to be 192.168.0.5 as illustrated in the following image.
Open Client VM with RDP and make sure what its DNS server is
Great! It has chaged as we expected.
In the forthcoming blog post, we will proceed to implement Figure 1.1 and subsequently conduct testing to validate its expected functionality.
