How to Use Azure DNS Private Resolver and Inbound Endpoints

Рет қаралды 21,056

Күн бұрын

This video goes over how to use a Azure DNS Private Resolver and Inbound Endpoints with Azure Private DNS zones. These two services allow us to resolve private endpoints from an on-premises server. We no longer need to deploy DNS servers in Azure to bridge on-premises and Windows DNS with Azure DNS. We can leverage the Azure DNS Private Resolver PaaS service to handle DNS lookups for Azure.
00:00 - Start
03:56 - Create a Storage Account
04:44 - Create a Private Endpoint
06:13 - Review Private DNS Zones
06:45 - Test DNS Lookup without Private Resolver
09:22 - Create an Azure DNS Private Resolver
12:11 - Create a Conditional Forwarder
Subscribe to my newsletter!
subscribepage.io/rbsIjt
Zero to Hero with Azure Virtual Desktop
www.udemy.com/course/zero-to-...
Hybrid Identity with Windows AD and Azure AD
www.udemy.com/course/hybrid-i...
Windows 365 Enterprise and Intune Management
www.udemy.com/course/windows-...
Cost Management in Azure
www.udemy.com/course/cost-man...

Пікірлер: 29

@kmreiserfs Жыл бұрын

Nice video, thank you, i read like 200 times the azure documentation and still did not understand how this works until i saw your video.

@TheBharatpremi 5 ай бұрын

Travis, Thank You very much. Your explanation has greatly helped me understanding Azure Private Resolver's and its inbound endpoints role and function.

@visceralcinema 10 ай бұрын

This video is exactly what I'm experiencing with a client set-up. Amazing.

@Ciraltos 10 ай бұрын

Great to hear!

@visceralcinema 10 ай бұрын

@@Ciraltos Travis, I know you're a busy person. However, quick question related to Azure File Share: I keep getting an error message, "The specified network password is not correct." when authenticating a domain-joined user who's been added to Azure AD Domain Services configured on (Azure) storage. Any clues why this happening? I verified the computer, over VPN can authenticate to the (Azure) AD Domain Controller. Any little bit would help. Thanks. :) When using the storage access keys, everything works perfectly over VPN, it's just authenticating with Azure AD Domain Service where things seem to break.

@villaran9295 Жыл бұрын

Thank you so much!

@RobertoPrevato86 8 ай бұрын

Hi! Thank You for your video, it helped me understanding more of this technology. I suspect there is a mistake in the part describing the conditional forwarder settings, because it should be configured for the public domain and not the privatelink one (as described in the MS documentation - which makes sense since applications like Azure Storage Explorer won't use URLs to privatelink domains). Apparently KZbin deleted my previous message on the subject, I guess because of a link to MS documentation.

@theokoutanis Жыл бұрын

Nice video as always Travis :) Is this service supposed to support reverse dns in the future?

@scottmcarthur7496 Жыл бұрын

Great video

@naz-x Жыл бұрын

Hi Travis nice video. MS document state the conditional forwarder zone on-prem should be the public facing zone so should be: blob core windows net and not privatelink blob windows net - which is correct please? Thanks

@SophosDefender Жыл бұрын

Hi Travis, Great Vid. However a point to the right direction would be appreciated here. I already have Azure Active Directory Domain Service configured handling dns resolution in a production environment. My challenge using this is i cant do conditional forwarding with AADDS. Whats my best route migrating to Azure DNS Private Resolver

@MrDheeraj14 Жыл бұрын

Great video Travis :) Everything working as expected expect the DNS server. My DNS server is not responding. Could you please make a video to setup a DNS server on on-prem or share a video link if you already have one! Thanks in advance and looking forward to more videos :)

@frankfu1122 Жыл бұрын

Great explainer. Would this be possible without a conditional forwarder? Would be nice if I can configure it for the Azure VPN client's xml

@prasantchettri133 Жыл бұрын

Do we also use DNS resolver inbound address as the Firewall DNS proxy? Is it use to avoid the lopping for forwarding rules

@HiYurd 10 ай бұрын

Thanks!

@Ciraltos 10 ай бұрын

Thank you!

@kanikagupta8780 9 ай бұрын

Hi @travis Do you have any video how to setup on prem network for using this video

@shaakirshaikh6734 5 ай бұрын

Thank you so much for explaining the concept so beautifully. I have a follow-up question, I'd appreciate if you could please answer that. I'd like to know if we configure Azure VNET with Azure provided DNS and add Azure Provided DNS IP in the conditional forwarder of local DNS server, then how is Private resolver working differently than Azure Provided DNS IP? Eventually it is still forwarding requests to azure to resolve queries from Azure Private DNS zones.

@worldofhemu 3 ай бұрын

It was a nice explanation ,what if I dont have Windows machines and DNS servers. How Do I create these conditional forwarders? any thoughts on this please share

@stevegiron8825 10 ай бұрын

I'm using 2 regions currently with 20+ on prem AD-DNS servers. I need clients in both regions to be able to resolve cross-regionally. Is that possible with this configuration?

@prashanth928 5 ай бұрын

Hello travis...i have one question i have private endpoints for storage account and inbould public access for databricks when i am connecting to power bi to adls storage account iam unable to connect to it when i am switching allow public access in networking then i am able to viee the data in power bi and when i n networking i am switching public access disabled i am unable to view it can you please help me on that.

@admnaidu7040 4 ай бұрын

❤❤❤

@PanyalaAbhinayreddy Жыл бұрын

Hello Robert, thanks for sharing your wonderful knowledge. can you please give me the reason why I am getting DNS request timed out error while resolving the DNS in my lab. FYI, the test VM that I am using is in azure. I have configured same as you shown in video. Thanks.

@Ciraltos Жыл бұрын

If it's timing out could be a connectivity issue. verify there is connectivity on the private network to the DNS server in Azure and the IP addresses are correct.

@ibmuser13 Жыл бұрын

@@Ciraltos Hello Travis. Great video as always! Do I just need to allow port 53 inbound from the on-prem DNS server into Azure (and add the rule to the NSG of the private resolver subnet to allow communication?)

@kanikagupta8780 9 ай бұрын

hi, can you help me how you setup on prem network

@xaviersmith3421 Жыл бұрын

Hello is there a way to contact you for business purposes?

@mosksky Жыл бұрын

Travis ty again for such a great explanation! In case when azure firewall proxy dns is used, do we put both IPs of DNS private resolver? such as inbound and outbound? Maybe you could cover it in the coming up session? PS: Current setup is to have AD DNS(static IP/DNS) and AZFW are in the same vnet. In AZFW proxy entered AD DNS. In the vnet DNS entered AZFW private IP - works great, how Private DNS would come to this picture?

@PatriksTechLightning Жыл бұрын

Azure Firewall is like you mention just a DNS Proxy. You point that to the inbound IP address of the Private DNS Resolver.