Merge pull request #210951 from gabesmsft/patch-2

prmerger-automator[bot] · web-flow · commit d8b8c2318c51 · 2022-09-21T17:03:58.000Z
Update networking.md
diff --git a/articles/container-apps/networking.md b/articles/container-apps/networking.md
@@ -150,7 +150,7 @@ The second URL grants access to the log streaming service and the console. If ne
 ## Ports and IP addresses
 
 >[!NOTE]
-> The subnet associated with a Container App Environment requires a CIDR prefix of /23.
+> The subnet associated with a Container App Environment requires a CIDR prefix of /23 or larger (/23, /22 etc.).
 
 The following ports are exposed for inbound connections.
 
@@ -190,6 +190,15 @@ If you're using the Azure CLI and the [platformReservedCidr](vnet-custom-interna
 
 There's no forced tunneling in Container Apps routes.
 
+## DNS
+-	**Custom DNS**: If your VNET uses a custom DNS server instead of the default Azure-provided DNS server, configure your DNS server to forward unresolved DNS queries to `168.63.129.16`. [Azure recursive resolvers](../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server) uses this IP address to resolve requests. If you do not use the Azure recursive resolvers, the Container Apps environment will not function.
+
+-	**VNET-scope ingress**: If you plan to use VNET-scope [ingress](./ingress.md#configuration) in an internal Container Apps environment, configure your domains in one of the following ways:
+
+    1. **Non-custom domains**: If you do not plan to use custom domains, create a private DNS zone that resolves the Container Apps environment's default domain to the static IP address of the Container Apps environment. You can use [Azure Private DNS](../dns/private-dns-overview.md) or your own DNS server.  If you use Azure Private DNS, create a Private DNS Zone named as the Container App Environment’s default domain (`<UNIQUE_IDENTIFIER>.<REGION_NAME>.azurecontainerapps.io`), with an `A` record that points to the static IP address of the Container Apps environment.
+
+    1. **Custom domains**: If you plan to use custom domains, use a publicly resolvable domain to [add a custom domain and certificate](./custom-domains-certificates.md#add-a-custom-domain-and-certificate) to the container app. Additionally, create a private DNS zone that resolves the apex domain to the static IP address of the Container Apps environment. You can use [Azure Private DNS](../dns/private-dns-overview.md) or your own DNS server. If you use Azure Private DNS, create a Private DNS Zone named as the apex domain, with an `A` record that points to the static IP address of the Container Apps environment.
+
 ## Managed resources
 
 When you deploy an internal or an external environment into your own network, a new resource group prefixed with `MC_` is created in the Azure subscription where your environment is hosted. This resource group contains infrastructure components managed by the Azure Container Apps platform, and shouldn't be modified. The resource group contains Public IP addresses used specifically for outbound connectivity from your environment and a load balancer. In addition to the [Azure Container Apps billing](./billing.md), you will be billed for the following:
