Which software/resource/PaaS should I use for DNS Forwarder

[svdHero]

The documentation talks about the VM "DNS Forwarder". It reads:

This DNS forwarder is responsible for resolving all the DNS queries via a server-level forwarder to the Azure-provided DNS service 168.63.129.16.

So now I understand what it does and why it is needed. However, I do not know how to set up or configure such a DNS Forwarder.

What kind of software can I use to achieve the DNS forwarding? Can I use a Linux VM with some out-of-the-box DNS server software? What is the best practice here? Or can I also use some low-cost Azure PaaS that acts as the DNS Forwarder?

I would highly appreciate some information in this regard. Maybe the documentation could elaborate on this a little bit? That would be especially helpful for DevOps that are more on the Dev-side of things like myself.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: a88af182-32aa-a8f3-359d-b92ae1cfb8c7
• Version Independent ID: 01ce07fc-4bc2-def5-9ecd-a80330ad9488
• Content: Azure Private Endpoint DNS configuration
• Content Source: articles/private-link/private-endpoint-dns.md
• Service: private-link
• GitHub Login: @asudbring
• Microsoft Alias: allensu

[SaurabhSharma-MSFT]

@svdHero Thanks for your feedback! We will investigate and update as appropriate.

[svdHero]

@SaurabhSharma-MSFT Thank you. Could you already give me some advice what to use? What would you recommend for DNS Forwarder?

[ChaitanyaNaykodi-MSFT]

Hello @svdHero, apologies for the delayed response here. You can refer to this DNS forwarder template which utilizes a VM(1x Standard A1 v2 SKU) for DNS forwarding. I am afraid there is no other Azure PaaS service which can act as DNS forwarder as you have to create a windows\Linux based DNS server. Please let us know if you have any additional questions. Thank you!

[ChaitanyaNaykodi-MSFT]

We will now proceed to close this issue out. Please tag me in your response if there are any additional concerns.

[svdHero]

Thank you for your help. I am very grateful for the link to the ARM template.

[svdHero]

@ChaitanyaNaykodi-MSFT I actually do have a follow-up question:

Since I already have set up my hub-spoke-architecture with existing VNets, what would be the fastest and easiest way to use said template with existing VNets? For testing purpose I just clicked the "Deploy to Azure" button which is great, but which created a dnsproxy-vnet that conflicted with my other VNets and which also did not adhere to our company naming convention of Azure resources.

I also created a feature request for this: https://github.com/Azure/azure-quickstart-templates/issues/11923

However, can you give me advice for a quick solution? In particular, I am not sure how to deal with _artifactsLocation in order to provide forwarderSetup.sh. We are using Azure DevOps in my company. Should I just create a public git repo there, upload forwarderSetup.sh and point the modified template to it?

[sopelt]

@ChaitanyaNaykodi-MSFT ... could you please comment/gather feedback on using Azure Firewall as the DNS forwarder as that would avoid maintaining VMs for that purpose (SaaS all (most of) the things! :-) ). The approach seems to have been documented by someone at Microsoft at https://github.com/adstuart/azure-privatelink-dns-azurefirewall but we have not evaluated the feasibility yet.

Thanks.

[ChaitanyaNaykodi-MSFT]

Hello @svdHero, apologies for the delayed response here. I think the proposed solution should work, please let me know if you are facing any issues. @sopelt, thank you for pointing this Azure Firewall as a DNS forwarder solution to us. I am reopening and assigning this issue to @ivapplyr to review further and update the document.

[ChaitanyaNaykodi-MSFT]

Hello @ivapplyr, just following up here. Any help in help in updating the documentation will be very helpful. Thank you!

[tcsougan]

We can use this as DNS forwarder: https://azure.microsoft.com/en-us/resources/templates/dns-forwarder/

[asudbring]

@svdHero

Thank you for the feedback. We now have a service called Azure Private Resolver that eliminates the need for a DNS forwarder VM. The following links will give more information:

https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview

https://learn.microsoft.com/en-us/azure/private-link/tutorial-dns-on-premises-private-resolver

please-close