MicrosoftDocs
diff --git a/‎articles/dns/dns-private-resolver-get-started-bicep.md
Lines changed: 9 additions & 5 deletions b/‎articles/dns/dns-private-resolver-get-started-bicep.md
Lines changed: 9 additions & 5 deletions
diff --git a/‎articles/dns/dns-private-resolver-get-started-portal.md
Lines changed: 35 additions & 54 deletions b/‎articles/dns/dns-private-resolver-get-started-portal.md
Lines changed: 35 additions & 54 deletions
@@ -3,9 +3,9 @@ title: 'Quickstart: Create an Azure DNS Private Resolver - Bicep'
 titleSuffix: Azure DNS Private resolver
 description: Learn how to create Azure DNS Private Resolver. This article is a step-by-step quickstart to create and manage your first Azure DNS Private Resolver using Bicep.
 services: dns
-author: aarunraaj
-ms.author: arselvar
-ms.date: 10/07/2022
+author: greg-lindsay
+ms.author: greglin
+ms.date: 02/28/2024
 ms.topic: quickstart
 ms.service: dns
 ms.custom: devx-track-azurepowershell, subject-armqs, mode-arm, devx-track-azurecli, devx-track-bicep
@@ -18,6 +18,10 @@ This quickstart describes how to use Bicep to create Azure DNS Private Resolver.
 
 [!INCLUDE [About Bicep](../../includes/resource-manager-quickstart-bicep-introduction.md)]
 
+The following figure summarizes the general setup used. Subnet address ranges used in templates are slightly different than those shown in the figure.
+
+![Conceptual figure displaying components of the private resolver.](./media/dns-resolver-getstarted-portal/resolver-components.png)
+
 ## Prerequisites
 
 If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
@@ -35,7 +39,7 @@ This Bicep file is configured to create a:
 
 :::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/azure-dns-private-resolver/main.bicep":::
 
-Seven resources have been defined in this template:
+Seven resources are defined in this template:
 
 - [**Microsoft.Network/virtualnetworks**](/azure/templates/microsoft.network/virtualnetworks)
 - [**Microsoft.Network/dnsResolvers**](/azure/templates/microsoft.network/dnsresolvers)
@@ -145,5 +149,5 @@ Remove-AzDnsResolver -Name mydnsresolver -ResourceGroupName myresourcegroup
 
 ## Next steps
 
-In this quickstart, you created a virtual network and DNS private resolver. Now configure name resolution for Azure and on-premises domains
+In this quickstart, you created a virtual network and DNS private resolver. Now configure name resolution for Azure and on-premises domains.
 - [Resolve Azure and on-premises domains](private-resolver-hybrid-dns.md)
@@ -4,10 +4,10 @@ description: In this quickstart, you create and test a private DNS resolver in A
 services: dns
 author: greg-lindsay
 ms.author: greglin
-ms.date: 11/03/2023
+ms.date: 02/28/2024
 ms.topic: quickstart
 ms.service: dns
-ms.custom: mode-ui
+ms.custom: mode-ui, ignite-2022
 #Customer intent: As an experienced network administrator, I want to create an  Azure private DNS resolver, so I can resolve host names on my private virtual networks.
 ---
 
@@ -20,7 +20,7 @@ Azure DNS Private Resolver enables you to query Azure DNS private zones from an
 ## In this article: 
 
 - Two VNets are created: **myvnet** and **myvnet2**.
-- An Azure DNS Private Resolver is created in the first VNet with an inbound endpoint at **10.0.0.4**.
+- An Azure DNS Private Resolver is created in the first VNet with an inbound endpoint at **10.10.0.4**.
 - A DNS forwarding ruleset is created for the private resolver.
 - The DNS forwarding ruleset is linked to the second VNet.
 - Example rules are added to the DNS forwarding ruleset.
@@ -40,7 +40,7 @@ An Azure subscription is required.
 
 Before you can use **Microsoft.Network** services with your Azure subscription, you must register the **Microsoft.Network** namespace:
 
-1. Select the **Subscription** blade in the Azure portal, and then choose your subscription by selecting on it.
+1. Select the **Subscription** blade in the Azure portal, and then choose your subscription.
 2. Under **Settings** select **Resource Providers**.
 3. Select **Microsoft.Network** and then select **Register**.
 
@@ -58,31 +58,24 @@ First, create or choose an existing resource group to host the resources for you
 
 Next, add a virtual network to the resource group that you created, and configure subnets.
 
-1. In the Azure portal, search for and select **Virtual networks**.
-2. On the **Virtual networks** page, select **Create**.
-3. On the **Basics** tab, select the resource group you just created, enter **myvnet** for the virtual network name, and select the **Region** that is the same as your resource group.
-4. Select the **IP Addresses** tab and enter an **IPv4 address space** of 10.0.0.0/16. This address range might be entered by default.
-5. Select the **default** subnet.
-6. Enter the following values on the **Edit subnet** page:
-    - Name: snet-inbound
-    - IPv4 address range: 10.0.0.0/16
-    - Starting address: 10.0.0.0
-    - Size: /28 (16 IP addresses)
-    - Select **Save**
-7. Select **Add a subnet** and enter the following values on the **Add a subnet** page:
-    - Subnet purpose: Default
-    - Name: snet-outbound
-    - IPv4 address range: 10.0.0.0/16
-    - Starting address: 10.0.1.0
-    - Size: /28 (16 IP addresses)
-    - Select **Add**
-8. Select the **Review + create** tab and then select **Create**.
+1. Select the resource group you created, select **Create**, select **Networking** from the list of categories, and then next to **Virtual network**, select **Create**.
+2. On the **Basics** tab, enter a name for the new virtual network and select the **Region** that is the same as your resource group.
+3. On the **IP Addresses** tab, modify the **IPv4 address space** to be 10.0.0.0/8.
+4. Select **Add subnet** and enter the subnet name and address range:
+    - Subnet name: snet-inbound
+    - Subnet address range: 10.0.0.0/28
+    - Select **Add** to add the new subnet.
+5. Select **Add subnet** and configure the outbound endpoint subnet:
+    - Subnet name: snet-outbound
+    - Subnet address range: 10.1.1.0/28
+    - Select **Add** to add this subnet.
+6. Select **Review + create** and then select **Create**.
 
     ![create virtual network](./media/dns-resolver-getstarted-portal/virtual-network.png)
 
 ## Create a DNS resolver inside the virtual network 
 
-1. In the Azure portal, search for **DNS Private Resolvers**.
+1. Open the Azure portal and search for **DNS Private Resolvers**.
 2. Select **DNS Private Resolvers**, select **Create**, and then on the **Basics** tab for **Create a DNS Private Resolver** enter the following:
     - Subscription: Choose the subscription name you're using.
     - Resource group: Choose the name of the resource group that you created.
@@ -95,32 +88,28 @@ Next, add a virtual network to the resource group that you created, and configur
     ![create resolver - basics](./media/dns-resolver-getstarted-portal/dns-resolver.png)
 
 3. Select the **Inbound Endpoints** tab, select **Add an endpoint**, and then enter a name next to **Endpoint name** (ex: myinboundendpoint).
-4. Next to **Subnet**, select the inbound endpoint subnet you created (ex: snet-inbound, 10.0.0.0/28).
-5. Next to **IP address assignment**, select **Static**.
-6. Next to IP address, enter **10.0.0.4** and then select **Save**.
-
-   > [!NOTE]
-   > You can choose a static or dynamic IP address for the inbound endpoint. A dynamic IP address is used by default. Typically the first available [non-reserved](../virtual-network/virtual-networks-faq.md#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets) IP address is assigned (example: 10.0.0.4). This dynamic IP address does not change unless the endpoint is deleted and reprovisioned (for example using a different subnet). In this example **Static** is selected and the first available IP address is entered.
-
+4. Next to **Subnet**, select the inbound endpoint subnet you created (ex: snet-inbound, 10.0.0.0/28) and then select **Save**.
 5. Select the **Outbound Endpoints** tab, select **Add an endpoint**, and then enter a name next to **Endpoint name** (ex: myoutboundendpoint).
 6. Next to **Subnet**, select the outbound endpoint subnet you created (ex: snet-outbound, 10.1.1.0/28) and then select **Save**.
 7. Select the **Ruleset** tab, select **Add a ruleset**, and enter the following:
     - Ruleset name: Enter a name for your ruleset (ex: **myruleset**).
-    - Endpoints: Select the outbound endpoint that you created (ex: myoutboundendpoint).
+    - Endpoints: Select the outbound endpoint that you created (ex: myoutboundendpoint). 
 8. Under **Rules**, select **Add** and enter your conditional DNS forwarding rules. For example:
     - Rule name: Enter a rule name (ex: contosocom).
     - Domain Name: Enter a domain name with a trailing dot (ex: contoso.com.).
     - Rule State: Choose **Enabled** or **Disabled**. The default is enabled.
-    - Under **Destination** enter a desired destination IPv4 address (ex: 11.0.1.4).
+    - Select **Add a destination** and enter a desired destination IPv4 address (ex: 11.0.1.4).
     - If desired, select **Add a destination** again to add another destination IPv4 address (ex: 11.0.1.5).  
     - When you're finished adding destination IP addresses, select **Add**.
 9. Select **Review and Create**, and then select **Create**.
 
     ![create resolver - ruleset](./media/dns-resolver-getstarted-portal/resolver-ruleset.png)
 
-    This example has only one conditional forwarding rule, but you can create many. Edit the rules to enable or disable them as needed. You can also add or edit rules and rulesets at any time after deployment.
+    This example has only one conditional forwarding rule, but you can create many. Edit the rules to enable or disable them as needed.
 
-    After selecting **Create**, the new DNS resolver begins deployment. This process might take a minute or two. The status of each component is displayed during deployment.
+    ![Screenshot of Create resolver - review.](./media/dns-resolver-getstarted-portal/resolver-review.png)
+
+    After selecting **Create**, the new DNS resolver will begin deployment. This process might take a minute or two. The status of each component is displayed during deployment.
 
     ![create resolver - status](./media/dns-resolver-getstarted-portal/resolver-status.png)
 
@@ -132,28 +121,20 @@ Create a second virtual network to simulate an on-premises or other environment.
 2. Select **Create**, and then on the **Basics** tab select your subscription and choose the same resource group that you have been using in this guide (ex: myresourcegroup).
 3. Next to **Name**, enter a name for the new virtual network (ex: myvnet2).
 4. Verify that the **Region** selected is the same region used previously in this guide (ex: West Central US).
-5. Select the **IP Addresses** tab and edit the default IP address space. Replace the address space with a simulated on-premises address space (ex: 10.1.0.0/16). 
-6. Select and edit the **default** subnet:
-    - Subnet purpose: Default
-    - Name: backendsubnet
-    - Subnet address range: 10.1.0.0/16
-    - Starting address: 10.1.0.0
-    - Size: /24 (256 addresses)
-7. Select **Save**, select **Review + create**, and then select **Create**.
+5. Select the **IP Addresses** tab and edit the default IP address space. Replace the address space with a simulated on-premises address space (ex: 12.0.0.0/8). 
+6. Select **Add subnet** and enter the following:
+    - Subnet name: backendsubnet
+    - Subnet address range: 12.2.0.0/24
+7. Select **Add**, select **Review + create**, and then select **Create**.
 
-    ![second vnet create](./media/dns-resolver-getstarted-portal/vnet-create.png)
+    ![Screenshot showing creation of a second vnet.](./media/dns-resolver-getstarted-portal/vnet-create.png)
 
 ## Link your forwarding ruleset to the second virtual network
 
-> [!NOTE]
-> In this procedure, a forwarding ruleset is linked to a VNet that was created earlier to simulate an on-premises environment. It is not possible to create a ruleset link to non-Azure resources. The purpose of the following procedure is only to demonstrate how ruleset links can be added or deleted. To understand how a private resolver can be used to resolve on-premises names, see [Resolve Azure and on-premises domains](private-resolver-hybrid-dns.md). 
-
 To apply your forwarding ruleset to the second virtual network, you must create a virtual link.
 
 1. Search for **DNS forwarding rulesets** in the Azure services list and select your ruleset (ex: **myruleset**).
-2. Under **Settings**, select **Virtual Network Links**
-    - The link **myvnet-link** is already present. This was created automatically when the ruleset was provisioned.
-3. Select **Add**, choose **myvnet2** from the **Virtual Network** drop-down list. Use the default **Link Name** of **myvnet2-link**.
+2. Select **Virtual Network Links**, select **Add**, choose **myvnet2** and use the default Link Name **myvnet2-link**.
 3. Select **Add** and verify that the link was added successfully.  You might need to refresh the page.
 
     ![Screenshot of ruleset virtual network links.](./media/dns-resolver-getstarted-portal/ruleset-links.png)
@@ -178,8 +159,8 @@ Add or remove specific rules your DNS forwarding ruleset as desired, such as:
 
 Individual rules can be deleted or disabled. In this example, a rule is deleted.
 
-1. Search for **DNS Forwarding Rulesets** in the Azure Services list and select it.
-2. Select the ruleset you previously configured (ex: **myruleset**) and then under **Settings** select **Rules**.
+1. Search for **Dns Forwarding Rulesets** in the Azure Services list and select it.
+2. Select the ruleset you previously configured (ex: **myruleset**) and then select **Rules**.
 3. Select the **contosocom** sample rule that you previously configured, select **Delete**, and then select **OK**.
 
 ### Add rules to the forwarding ruleset
@@ -195,7 +176,7 @@ Add three new conditional forwarding rules to the ruleset.
     - Rule Name: **Internal**
     - Domain Name: **internal.contoso.com.**
     - Rule State: **Enabled**
-4. Under **Destination IP address** enter 10.1.0.5, and then select **Add**.
+4. Under **Destination IP address** enter 192.168.1.2, and then select **Add**.
 5. On the **myruleset | Rules** page, select **Add**, and enter the following rule data:
     - Rule Name: **Wildcard**
     - Domain Name: **.** (enter only a dot)
@@ -206,7 +187,7 @@ Add three new conditional forwarding rules to the ruleset.
 
 In this example: 
 - 10.0.0.4 is the resolver's inbound endpoint. 
-- 10.1.0.5 is an on-premises DNS server.
+- 192.168.1.2 is an on-premises DNS server.
 - 10.5.5.5 is a protective DNS service.
 
 ## Test the private resolver