Skip to main content
Azure
  • 4 min read

Announcing Azure DNS Private Resolver general availability

We are excited to share that Azure DNS Private Resolver is now in general availability. We offer two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records.

A successful hybrid networking strategy demands DNS services that work seamlessly across on-premises and cloud networks. Azure DNS Private Resolver now provides a fully managed recursive resolution and conditional forwarding service for Azure virtual networks. Using this service, you will be able to resolve DNS names hosted in Azure DNS private zones from on-premises networks as well as DNS queries originating from Azure virtual networks that can be forwarded to a specified destination server to resolve them.

This service will provide a highly available and resilient DNS infrastructure on Azure for a fraction of the price of running traditional IaaS VMs running DNS servers in virtual networks. You will be able to seamlessly integrate with Private DNS Zones and unlock key scenarios with minimal operational overhead.

We are excited to share that Azure DNS Private Resolver is now in general availability.

A quick overview of Azure DNS

A flow diagram of multi-region workloads running on Azure with DNS Private Resolver provisioned in two regional, centralized workloads.

We offer two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records. In the preceding illustration, multi-region workloads running on Azure with Azure DNS Private Resolver are provisioned in two regional, centralized virtual networks with one or more spokes peered to each centralized virtual network. These virtual networks have inbound and outbound endpoints provisioned. From on-premises, there are two distinct locations (East and West) and each location connects via Express Route to the centralized virtual network where Private Resolver is provisioned. These on-premises locations have one or more local DNS servers configured to do conditional forwarding to the inbound endpoint of Private Resolver. The local DNS servers in East have the IP address of the East inbound endpoint as the primary DNS target, and the West inbound endpoint as secondary. Alternatively, the local DNS servers in West have the IP address of the West inbound endpoint as the primary DNS target, and the East inbound endpoint as secondary. There is a single private DNS zone linked to both regions and both on-premises locations can resolve names from this zone even in the event of a regional failure.

  • Azure Private DNS: Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment.
  • Azure Public DNS: DNS domains in Azure DNS are hosted on Azure’s global network of DNS name servers. Azure DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

What is being announced today?

Azure DNS Private Resolver enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying virtual machine-based DNS servers.

Azure DNS Private Resolver general availability is being announced to all customers and will have regional availability in the following regions:

  • East US
  • East US 2
  • Central US
  • South Central US
  • North Central US
  • West Central US
  • West US 3
  • Canada Central
  • Brazil South

  • West Europe
  • North Europe
  • UK South
  • France Central
  • Sweden Central
  • Switzerland North

  • East Asia
  • Southeast Asia
  • Japan East
  • Korea Central
  • South Africa North
  • Australia East

 

What will customers be able to do with Azure Private Resolver?

Apart from the features which were announced earlier in preview, customers will now be able to leverage the following additional functionality and content:

In the following diagram, an on-premises network connects to Azure via ExpressRoute and has on-premises DNS servers configured to conditionally forward queries to the private IP address of the inbound endpoint. The inbound endpoint then resolves names available on Azure Private DNS zones which are linked to the virtual network where private resolver is provisioned. If there is no matching private DNS zone in the virtual network, it will use the outbound endpoint and resolve using the ruleset rules via longest suffix match. If no match in the ruleset is found it will recurse to the internet for public name resolution.

A diagram showing an on-premises network connected to Azure via ExpressRoute forwarding queries to the private IP address of the inbound endpoint. The inbound endpoint then resolves names available on Azure Private DNS zones.

Features and benefits

  • Cross-subscription support to link virtual networks from different subscriptions to rulesets.
  • Resource Health Check Integration to provide visibility of endpoint health to our customers.

Alert condition for resource health check can be configured in the Portal and allows to select resource status on which you’d like to receive alerts such as: available, degraded, and unavailable.

TBD.

  • Visibility of query metrics per endpoint to plan for future capacity:

Query metrics per endpoint are shown in a bar graph.

  • PrivateLink enabled services integration in conditional forwarding to exclude Azure infra zones from being resolved on-premises.

Private Resolver general availability is also available to use via PowerShell, CLI, .NET, Java, Python, REST, Typescript, Go, ARM, and Terraform.

Key use cases for this service

  • Conditionally forward from on-premises with Azure ExpressRoute/VPN and resolve names hosted on Azure Private DNS Zones via private IP address.
  • Seamlessly resolve Private Endpoints which are registered in Azure Private DNS Zones.
  • Configure default DNS servers and forward all DNS queries to either a Protective DNS service or other target DNS servers with a wildcard rule.
  • Conditionally forward to any reachable target DNS server using a simple rule.
  • Access resources on-premises with Azure Bastion using names hosted on DNS servers on-premises or Azure Private DNS zones.

Fully managed

Built-in high availability, zone redundancy, and low latency name resolution.

Reduces cost

Reduce operating costs and run at a fraction of the price of traditional IaaS solutions.

Private access to your Private DNS Zones

Conditionally forward from your Virtual Networks to any reachable DNS server and from on-premises to Azure Private DNS Zones.

Scalability

High performance per endpoint.

Highly available

Availability Zone aware and resilient to failures within a region. Service-legal agreement (SLA) of 99.99 percent during general availability.

DevOps-friendly

Build your pipelines with Terraform, ARM, or Bicep.

Get started and share your feedback

You can try Azure DNS Private Resolver today. For more information about the capabilities available, please visit the Azure DNS Private Resolver technical documentation webpage. Post your ideas and suggestions on the networking community page.