I'm trying to figure out how DNS queries are handled once VMware solutions are deployed in Azure. Specifically, how do the virtual machines forward these DNS queries to a private DNS server? Any help would be appreciated!
3 Answers
You're on the right track! When a VM makes a DNS request, it usually goes through the NSX-T DNS service first. The NSX-T Gateway forwards those queries to either the Azure Private Resolver or an internal DNS server, depending on your configuration. If you're using Gen2 architecture, this should be handled smoothly.
A few key points for DNS resolution in Azure:
- To resolve an Azure resource IP, you need a private DNS zone and for the DNS query to hit the Azure WireServer Virtual IP (168.63.129.16).
- For on-premise IPs, make sure your DNS queries reach your on-premise DNS resolvers.
The Private DNS Resolver connects everything: you can create rules for specific domains to direct queries to the right resolvers.
I've noticed that when deploying LDAP integration on AVS-based vCenter, DNS queries sometimes time out for certain IP ranges. We use a hub-spoke model with AVS and AD in separate spokes, and I've seen queries coming from the NSX-T DNS service but failing to resolve.
It sounds like you might need an Azure DNS Private Resolver. The typical flow goes like this: the VM sends a DNS request to the NSX-T DNS Service, which then forwards the query to the Azure DNS Private Resolver. From there, it can either resolve to an Azure Private DNS Zone or go out to public DNS. Just make sure to set up proper rules for it!
Exactly! The Outbound endpoint in the Private Resolver decides where to send those queries based on the linked rules.
If everything is running in Azure and NSX-T can do conditional forwarding already, you might not even need the Private Resolver in the first place.