Use this template
Cloud architecture templates
Azure DNS Resolver

Azure DNS Resolver

    DescriptionComponentsRequirementsHow to useMantainers
    # Azure DNS Resolver ## Description 📝 One challenge with private endpoints is DNS name resolution. When a private endpoint is established for a resource, Azure updates the public DNS CNAME record to an alias in the relevant privatelink subdomain. For your organization’s clients to resolve that private address, the on-premises DNS service must conditionally forward requests for the public domains to an Azure hosted DNS server, which in turns uses the Azure DNS resolver to provide the correct IP Address. Before the new service was introduced by Microsoft, this required you to stand up your own VM in Azure, install a DNS Service, and configure forwarding to the internal Azure Servers. This is where the DNS Private Resolver fits in. Azure DNS Private Resolver is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers. This is a first-party service that eliminates the need for the IaaS system to be the DNS forwarder for the private endpoint name resolution. # Architecture components 🏛️ 1. Resource group for hub and spoke 2. Virtual Network for Hub and Spoke 3. Network Peering 4. Subnets 5. Virtual Machines 6. Postgres Database 7. Private endpoint 8. Inbound endpoints ( Ingress to Azure) Inbound endpoints provide an IP address to forward DNS queries from on-premises and other locations outside your virtual network. DNS queries sent to the inbound endpoint are resolved using Azure DNS. Private DNS zones that are linked to the virtual network where the inbound endpoint is provisioned are resolved by the inbound endpoint. 9. Outbound endpoints (Egress from Azure) Outbound endpoints are part of the private virtual network address space where the private resolver is deployed. An outbound endpoint is associated with a subnet, but isn't provisioned with an IP address like the inbound endpoint. 10. DNS forwarding rulesets DNS forwarding rulesets enable you to specify one or more custom DNS servers to answer queries for specific DNS namespaces. The individual rules in a ruleset determine how these DNS names are resolved. # Requirements | Name | Configuration | | --- | --- | | Terraform | all versions | | Provider | Azure | | Provider version | 3.33 | The new services were introduced Azure Provider version 3.29 so every version higher than 3.28 supports the Azure DNS Resolver services. ## How to use the architecture To use this architecture , clone it within your project and change the following variables: | Variable | Description | | --- | --- | |prefix| Application name | | snet_default_hub_prefix | Default Hub Subnet Prefix | | snet_default_spoke_prefix | Default Spoke Subnet Prefix | | snet_dns_inbound_prefix | DNS Inbound Subnet Prefix | | snet_dns_outbound_prefix | DNS Outbound Subnet Prefix | | snet_firewall_prefix | Firewall Subnet Prefix| | vnet_hub_addrspace | Address Space for Hub Virtual Network | | vnet_spoke_addrspace | Address Space for Spoke Virtual Network |