Existing code assumes the DNS servers for the tier3 VNET should be the IP address of the firewall. However, that does not work with the Basic SKU of Azure Firewall. Update the code so tier3 uses the same DNS servers from the HUB so if the DNS servers change (IaaS DC or Entra Domain Services), tier3 will inherit those changes.
Description
Existing code assumes the DNS servers for the tier3 VNET should be the IP address of the firewall. However, that does not work with the Basic SKU of Azure Firewall. Update the code so tier3 uses the same DNS servers from the HUB so if the DNS servers change (IaaS DC or Entra Domain Services), tier3 will inherit those changes.