Private DNS Infrastructure Support in Hybrid Scenarios
•Download as PPTX, PDF•
0 likes•43 views
A discussion of DNS private resolver architecture, how it is leveraged for private resolution for Azure <-> Azure and Azure <-> On-Prem and other things including private DNS zones and conditional forwarding rules. As presented to the Brisbane Azure Group by Rachel Calleia (https://www.linkedin.com/in/rachel-calleia-669439144/)
Recommended
More Related Content
Similar to Private DNS Infrastructure Support in Hybrid Scenarios
Similar to Private DNS Infrastructure Support in Hybrid Scenarios (20)
More from Daniel Toomey
More from Daniel Toomey (20)
Recently uploaded
Recently uploaded (20)
Private DNS Infrastructure Support in Hybrid Scenarios
- 1. Private DNS Infrastructure support in Hybrid Azure scenarios
- 2. DNS is the phonebook of the internet and your private network
- 3. Private DNS DNS Private Resolver Public DNS Azure Private DNS / Private DNS Zones Private DNS Records supports custom domains for the organization & private endpoint. You link virtual networks to these zones so records can be read. Azure DNS Private Resolver Allowed you to extend your on- prem DNS infrastructure into Azure. Allows you to query records in private DNS zones from an on- prem environment and vice versa. Azure DNS / DNS Zones Used for Public DNS Records e.g. We have a public record for api.org.edu.au pointing to the public IP of the application gateway which fronts the APIM Azure DNS
- 4. How to extend your on-prem DNS into Azure IaaS supported • Operational Management: Requires OS support such as patching etc. PaaS supported • Fully managed: Built-in high availability, zone redundancy. • Scalability: High performance per endpoint. • Cost reduction: Reduce operating costs and run at a fraction of the price of traditional IaaS solutions.
- 6. DNS Private Resolver Configuration - PaaS A Virtual Network with dedicated inbound and outbound subnets /28 CIDR range on both. • 1 or more inbound endpoints are supported (dedicated/visible IP from the subnet) • 1 or more outbound endpoints are supported DNS Server Configuration on your Virtual Network (Hub and all spokes) • For each inbound endpoint you have, you list it as a DNS server in your VNET config Each outbound endpoint has a DNS forwarding rule set associated • Multiple rules can exist within 1 rule set i.e. multiple domains can be forwarded on
- 7. DNS Forwarding Rule Sets Rules The individual rules in a ruleset determine how these DNS names are resolved. • A domain name • A target IP address • A target Port and Protocol (UDP or TCP) Virtual Network Links Virtual network links for DNS forwarding rulesets enable resources in other VNets to use forwarding rules when resolving DNS names. You link virtual networks to these rulesets to ensure they are considered when a query is trying to be evaluated. For Hub-Spoke Topology (less management) Central DNS approach only requires links to the VNET which the DNS resolver is deployed into, hence the central DNS approach. For Non Hub-Spoke Topology e.g. legacy network infrastructure (more management) Requires more admin of VNETs, forwarding ruleset links and private DNS zones. DNS forwarding rulesets enable you to specify one or more custom DNS servers to answer queries for specific DNS namespaces.
- 9. IP: 10.10.10.2 Scenario 1 - Azure to Azure
- 10. Scenario 2 - On-prem to Azure
- 11. Scenario 3 - Azure to On-Prem
- 12. Thankyou!
Editor's Notes
- Organizations on-prem network Holds: On prem DNS servers, other on-prem source DBs etc. Hub Virtual Network Holds: DNS Private Resolver, Express Route, Gateways, Firewalls etc. Also the shared private link zones that many workloads across the enterprise would leverage for private resolution. Spoke Virtual Network Holds: spoke / application workload resources e.g. app services, key vaults with private endpoints and workload specific managed dns zones for both public resolution and private resolution.