Hi! Thank You for your video, it helped me understanding more of this technology. I suspect there is a mistake in the part describing the conditional forwarder settings, because it should be configured for the public domain and not the privatelink one (as described in the MS documentation - which makes sense since applications like Azure Storage Explorer won't use URLs to privatelink domains). Apparently RU-vid deleted my previous message on the subject, I guess because of a link to MS documentation.
Thanks for this video. I learned also that your DNS server must be configured to use root hints for this to work, or if you do have a general forwarder created, the DNS sever it is forwarded to must have the conditional forwarder and be able to reach your Azure DNS Private Resolver. In my circumstance, DNS was forwarding to a public DNS provider and thus a recursive query was being using instead of iterative and as a result it did not ever hit the conditional forwarder and thus did not return the private address. Was a tricky one to resolve.
Hi Travis nice video. MS document state the conditional forwarder zone on-prem should be the public facing zone so should be: blob core windows net and not privatelink blob windows net - which is correct please? Thanks
Travis, Thank You very much. Your explanation has greatly helped me understanding Azure Private Resolver's and its inbound endpoints role and function.
@@Ciraltos Travis, I know you're a busy person. However, quick question related to Azure File Share: I keep getting an error message, "The specified network password is not correct." when authenticating a domain-joined user who's been added to Azure AD Domain Services configured on (Azure) storage. Any clues why this happening? I verified the computer, over VPN can authenticate to the (Azure) AD Domain Controller. Any little bit would help. Thanks. :) When using the storage access keys, everything works perfectly over VPN, it's just authenticating with Azure AD Domain Service where things seem to break.
Great video Travis :) Everything working as expected expect the DNS server. My DNS server is not responding. Could you please make a video to setup a DNS server on on-prem or share a video link if you already have one! Thanks in advance and looking forward to more videos :)
Thank you so much for explaining the concept so beautifully. I have a follow-up question, I'd appreciate if you could please answer that. I'd like to know if we configure Azure VNET with Azure provided DNS and add Azure Provided DNS IP in the conditional forwarder of local DNS server, then how is Private resolver working differently than Azure Provided DNS IP? Eventually it is still forwarding requests to azure to resolve queries from Azure Private DNS zones.
It was a nice explanation ,what if I dont have Windows machines and DNS servers. How Do I create these conditional forwarders? any thoughts on this please share
Hello travis...i have one question i have private endpoints for storage account and inbould public access for databricks when i am connecting to power bi to adls storage account iam unable to connect to it when i am switching allow public access in networking then i am able to viee the data in power bi and when i n networking i am switching public access disabled i am unable to view it can you please help me on that.
Hi Travis, Great Vid. However a point to the right direction would be appreciated here. I already have Azure Active Directory Domain Service configured handling dns resolution in a production environment. My challenge using this is i cant do conditional forwarding with AADDS. Whats my best route migrating to Azure DNS Private Resolver
I'm using 2 regions currently with 20+ on prem AD-DNS servers. I need clients in both regions to be able to resolve cross-regionally. Is that possible with this configuration?
Hello Robert, thanks for sharing your wonderful knowledge. can you please give me the reason why I am getting DNS request timed out error while resolving the DNS in my lab. FYI, the test VM that I am using is in azure. I have configured same as you shown in video. Thanks.
If it's timing out could be a connectivity issue. verify there is connectivity on the private network to the DNS server in Azure and the IP addresses are correct.
@@Ciraltos Hello Travis. Great video as always! Do I just need to allow port 53 inbound from the on-prem DNS server into Azure (and add the rule to the NSG of the private resolver subnet to allow communication?)
Travis ty again for such a great explanation! In case when azure firewall proxy dns is used, do we put both IPs of DNS private resolver? such as inbound and outbound? Maybe you could cover it in the coming up session? PS: Current setup is to have AD DNS(static IP/DNS) and AZFW are in the same vnet. In AZFW proxy entered AD DNS. In the vnet DNS entered AZFW private IP - works great, how Private DNS would come to this picture?
