You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/private-link/private-endpoint-dns.md
+5-7Lines changed: 5 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -99,21 +99,21 @@ The following diagram illustrates the DNS resolution sequence from virtual netwo
99
99
This model can be extended to multiple peered virtual networks that are associated to the same private endpoint. This can be done by [adding new virtual network links](../dns/private-dns-virtual-network-links.md) to the private DNS zone for all peered virtual networks.
100
100
101
101
> [!IMPORTANT]
102
-
> A single private DNS zone is required for this configuration, creating multiple zones with the same name for different virtual networks would need manual operations to merge the DNS records
102
+
> A single private DNS zone is required for this configuration, creating multiple zones with the same name for different virtual networks would need manual operations to merge the DNS records
103
103
104
104
In this scenario, there's a [hub & spoke](https://docs.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) networking topology with the spoke networks sharing a common private endpoint and all the spoke virtual network are linked to the same private dns zone.
105
105
106
106
:::image type="content" source="media/private-endpoint-dns/hub-and-spoke-azure-dns.png" alt-text="Hub and spoke with Azure-provided DNS":::
107
107
108
108
## On-premises workloads using a DNS forwarder
109
-
109
+
110
110
For on-premises workloads to be able to resolve an FQDN of a private endpoint into the private IP address, you must use a DNS forwarder to make the resolution of the Azure service [public DNS zone](#azure-services-dns-zone-configuration) deployed in Azure.
111
111
112
112
113
113
The following scenario is appropriate for an on-premises network that has a DNS forwarder in Azure, which in turn is responsible for resolving all the DNS queries via a server level forwarder to the Azure provided DNS [168.63.129.16](../virtual-network/what-is-ip-address-168-63-129-16.md)
114
114
115
115
> [!NOTE]
116
-
>This scenario is using Azure SQL database recommended Private DNS zone. For other services you can adjust the model using the following reference [Azure services DNS zone configuration](#azure-services-dns-zone-configuration).
116
+
>This scenario is using Azure SQL database recommended Private DNS zone. For other services you can adjust the model using the following reference [Azure services DNS zone configuration](#azure-services-dns-zone-configuration).
117
117
118
118
To configure properly, you would need the following resources:
119
119
@@ -123,8 +123,7 @@ To configure properly, you would need the following resources:
123
123
- Private DNS zones [privatelink.database.windows.net](../dns/private-dns-privatednszone.md) with [type A Record](../dns/dns-zones-records.md#record-types)
124
124
- Private endpoint information (FQDN record name and Private IP Address)
125
125
126
-
The following diagram illustrates the DNS resolution sequence from an on-premises network that uses a DNS forwarder deployed in Azure,
127
-
where the resolution is made by a private DNS zone linked to a virtual network.
126
+
The following diagram illustrates the DNS resolution sequence from an on-premises network that uses a DNS forwarder deployed in Azure, where the resolution is made by a private DNS zone [linked to a virtual network.](../dns/private-dns-virtual-network-links.md)
128
127
129
128
:::image type="content" source="media/private-endpoint-dns/on-premises-using-azure-dns.png" alt-text="On-premises using Azure DNS":::
130
129
@@ -136,14 +135,13 @@ The on-premises DNS solution needs to be configured to forward DNS traf
136
135
137
136
To configure properly, you would need the following resources:
138
137
139
-
140
138
- On-premises network with a custom DNS solution in place
141
139
- Virtual network [connected to on-premises](https://docs.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/)
142
140
- DNS forwarder deployed in Azure
143
141
- Private DNS zones [privatelink.database.windows.net](../dns/private-dns-privatednszone.md) with [type A Record](../dns/dns-zones-records.md#record-types)
144
142
- Private endpoint information (FQDN record name and Private IP Address)
145
143
146
-
The following diagram illustrates the DNS resolution sequence from an on-premises network that conditionally forwards DNS traffic to Azure, where the resolution is made by a private DNS zone linked to a virtual network
144
+
The following diagram illustrates the DNS resolution sequence from an on-premises network that conditionally forwards DNS traffic to Azure, where the resolution is made by a private DNS zone [linked to a virtual network.](../dns/private-dns-virtual-network-links.md)
147
145
148
146
> [!IMPORTANT]
149
147
> The conditional forwarding must be made to the [public DNS zone](#azure-services-dns-zone-configuration) Ex: `database.windows.net` , instead of **privatelink**.database.windows.net
0 commit comments