Merge pull request #208523 from greg-lindsay/private-resolver-ga

prmerger-automator[bot] · web-flow · commit 90a1d63284c9 · 2022-08-19T17:40:42.000Z
edit statement
diff --git a/articles/dns/private-resolver-endpoints-rulesets.md b/articles/dns/private-resolver-endpoints-rulesets.md
@@ -42,7 +42,11 @@ Rulesets have the following associations:
 - A ruleset can have up to 1000 DNS forwarding rules. 
 - A ruleset can be linked to any number of virtual networks in the same region
 
-A ruleset can't be linked to a virtual network in another region. When you link a ruleset to a virtual network, resources within that virtual network will use the DNS forwarding rules enabled in the ruleset. The linked virtual network must peer with the virtual network where the outbound endpoint exists. This configuration is typically used in a hub and spoke design, with spoke vnets peered to a hub vnet that has one or more private resolver endpoints. The following screenshot shows a DNS forwarding ruleset linked to two virtual networks: a hub vnet: **myeastvnet**, and a spoke vnet: **myeastspoke**.
+A ruleset can't be linked to a virtual network in another region. 
+
+When you link a ruleset to a virtual network, resources within that virtual network will use the DNS forwarding rules enabled in the ruleset. The linked virtual network must peer with the virtual network where the outbound endpoint exists. This configuration is typically used in a hub and spoke design, with spoke vnets peered to a hub vnet that has one or more private resolver endpoints. In this hub and spoke scenario, the spoke vnet does not need to be linked to the private DNS zone in order to resolve resource records in the zone, because the forwarding ruleset rule for the private zone sends queries to the hub vnet's inbound endpoint. For example: **azure.contoso.com** to **10.10.0.4**.
+
+The following screenshot shows a DNS forwarding ruleset linked to two virtual networks: a hub vnet: **myeastvnet**, and a spoke vnet: **myeastspoke**.
 
 ![View ruleset links](./media/private-resolver-endpoints-rulesets/ruleset-links.png)
 
diff --git a/articles/dns/private-resolver-hybrid-dns.md b/articles/dns/private-resolver-hybrid-dns.md
@@ -86,7 +86,7 @@ Next, create a rule in your ruleset for your on-premises domain. In this example
 
 ## Configure on-premises DNS conditional forwarders
 
-The procedure to configure on-premises DNS depends on the type of DNS server you're using. In the following example, a Windows DNS server at **10.100.0.2** is configured with a conditional forwarder for the private DNS zone **azure.contoso.com**. The conditional forwarder is set to forward queries to **10.10.0.4**, which is the inbound endpoint IP address for your Azure DNS Private Resolver. There's another IP address also configured here to enable DNS failover. For more information about enabling failover, see [Tutorial: Set up DNS failover using private resolvers](tutorial-dns-private-resolver-failover.md). For the purposes of this demonstration, only the **10.10.0.4** inbound endpoint is required.
+The procedure to configure on-premises DNS depends on the type of DNS server you're using. In the following example, a Windows DNS server at **10.100.0.2** is configured with a conditional forwarder for the private DNS zone **azure.contoso.com**. The conditional forwarder is set to forward queries to **10.10.0.4**, which is the inbound endpoint IP address for your Azure DNS Private Resolver. There's another IP address also configured here that can be used to enable DNS resolution in a spoke vnet. For the purposes of this demonstration, only the **10.10.0.4** inbound endpoint is required.
 
 ![View on-premises forwarding](./media/private-resolver-hybrid-dns/on-premises-forwarders.png) 
 
