DEV Community

Cover image for 📌 How to Use the Azure DNS Resolver for Private Network DNS Management?
tarak-brainboard for Brainboard

Posted on

📌 How to Use the Azure DNS Resolver for Private Network DNS Management?

❶ Description

Azure DNS Private Resolver enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers. This is a first-party service that eliminates the need for the IaaS system to be the DNS forwarder for the private endpoint name resolution.

❷ Architecture components

  1. RGS: Containers for organizing related Azure services. We defined 2 RGS, one for the hub and one for the spoke.
  2. VNets are used to create isolated networks within Azure. The configuration defines a hub network and a spoke network.
  3. Subnets are subdivisions of a VNet. There are several subnets defined, including those for outbound DNS resolution, inbound DNS resolution, the default subnet for the hub, the subnet for Azure Firewall, and the default subnet for the spoke.
  4. DNS Resolver provides DNS resolution within the VNet. There are resources defined for inbound and outbound endpoints, as well as forwarding rules.
  5. Azure Firewall and Firewall Policy provide network security and filtering for the resources within the VNet.
  6. Private DNS Resolver DNS Forwarding Ruleset and Forwarding Rule define how DNS queries are forwarded by the Azure DNS Resolver.
  7. VMs are computing resources on which you can run applications and services. The configuration defines virtual machines for both the hub and the spoke.
  8. PostgreSQL Server is a managed DB service that provides a PostgreSQL server in the spoke resource group.
  9. Private Endpoint allows a private connection from the virtual network to Azure services, such as the PostgreSQL server.
  10. VNet Peering establishes connectivity between the hub and spoke virtual networks.
  11. Network Interfaces are attached to VMs or other resources to enable network connectivity.

🛡️ Once you clone this architecture from the template catalog, you can also scan it with the native CI/CD engine of to know its security posture, its cost, before you deploy it.

😍 Also, when you communicate with your colleagues, it's much easier to show the architecture and explain. Not everyone is a Terraform guru.

🚀 You can get it here:

design to code


Terraform variables


Top comments (0)