How can I set up a Hub and Spoke model using Azure DNS Private Resolver?

By
Elli Mongillo
-
0
8
Asked By TechWhizKid87 On

I'm working on a home lab to clear up some networking concepts and need help setting up a Hub and Spoke model using Azure. Currently, I have two VNets: a Hub VNet and a spoke VNet (vnet1). There's an NVA VM in the Hub that just passes traffic. I've successfully connected the Hub with vnet1, and I can access a Storage Account from my Hub VM by linking a Private DNS Zone directly to the Hub. However, I'm concerned about scalability. If I add more spoke VNets, linking the DNS zone to each one manually will be tedious. I was thinking about using Azure DNS Private Resolver for centralized DNS resolution, where I only set up an inbound endpoint in the Hub and create a rule for my Private DNS Zone. However, I've been advised that I might need an outbound endpoint for my DNS resolutions. Can someone clarify if I need an outbound endpoint for internal resolutions and if my general approach is correct?

4 Answers

Answered By AzureGuru24 On

If everything is in Azure and you don't need to resolve any on-premise DNS, maintaining Private DNS Zones only in the Hub should suffice. You just need to ensure that in your spoke VNets, the DNS settings correctly reference the inbound IP of the Private DNS Resolver.

Answered By CloudyThoughts42 On

You actually don't need an outbound endpoint for what you're trying to do. In Azure Private Resolver, the outbound endpoint is usually reserved for scenarios where you need to forward DNS requests to on-premise DNS systems. If you set up the inbound endpoint and link the Private DNS zones correctly to the Hub, it should work fine without the outbound.

Answered By NetworkingNinja99 On

I agree that you don't need the outbound endpoints. Your setup sounds alright, and the inbound endpoint should work for DNS resolution. Just ensure that the DNS settings for your spoke VNets point to the IP of the Private DNS Resolver inbound endpoint.

Answered By CodeCrafter55 On

Linking the zones to your VNets is definitely the right way to go. But consider using Infrastructure as Code for scalability, as this will streamline your setups and avoid repetitive manual linking for future VNets.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.