Hi Travis nice video. MS document state the conditional forwarder zone on-prem should be the public facing zone so should be: blob core windows net and not privatelink blob windows net - which is correct please? Thanks
Hi! Thank You for your video, it helped me understanding more of this technology. I suspect there is a mistake in the part describing the conditional forwarder settings, because it should be configured for the public domain and not the privatelink one (as described in the MS documentation - which makes sense since applications like Azure Storage Explorer won't use URLs to privatelink domains). Apparently TH-cam deleted my previous message on the subject, I guess because of a link to MS documentation.
Travis, Thank You very much. Your explanation has greatly helped me understanding Azure Private Resolver's and its inbound endpoints role and function.
Thanks for this video. I learned also that your DNS server must be configured to use root hints for this to work, or if you do have a general forwarder created, the DNS sever it is forwarded to must have the conditional forwarder and be able to reach your Azure DNS Private Resolver. In my circumstance, DNS was forwarding to a public DNS provider and thus a recursive query was being using instead of iterative and as a result it did not ever hit the conditional forwarder and thus did not return the private address. Was a tricky one to resolve.
It was a nice explanation ,what if I dont have Windows machines and DNS servers. How Do I create these conditional forwarders? any thoughts on this please share
@@Ciraltos Travis, I know you're a busy person. However, quick question related to Azure File Share: I keep getting an error message, "The specified network password is not correct." when authenticating a domain-joined user who's been added to Azure AD Domain Services configured on (Azure) storage. Any clues why this happening? I verified the computer, over VPN can authenticate to the (Azure) AD Domain Controller. Any little bit would help. Thanks. :) When using the storage access keys, everything works perfectly over VPN, it's just authenticating with Azure AD Domain Service where things seem to break.
Hello travis...i have one question i have private endpoints for storage account and inbould public access for databricks when i am connecting to power bi to adls storage account iam unable to connect to it when i am switching allow public access in networking then i am able to viee the data in power bi and when i n networking i am switching public access disabled i am unable to view it can you please help me on that.
Thank you so much for explaining the concept so beautifully. I have a follow-up question, I'd appreciate if you could please answer that. I'd like to know if we configure Azure VNET with Azure provided DNS and add Azure Provided DNS IP in the conditional forwarder of local DNS server, then how is Private resolver working differently than Azure Provided DNS IP? Eventually it is still forwarding requests to azure to resolve queries from Azure Private DNS zones.
I'm using 2 regions currently with 20+ on prem AD-DNS servers. I need clients in both regions to be able to resolve cross-regionally. Is that possible with this configuration?
Great video Travis :) Everything working as expected expect the DNS server. My DNS server is not responding. Could you please make a video to setup a DNS server on on-prem or share a video link if you already have one! Thanks in advance and looking forward to more videos :)
Hi Travis, Great Vid. However a point to the right direction would be appreciated here. I already have Azure Active Directory Domain Service configured handling dns resolution in a production environment. My challenge using this is i cant do conditional forwarding with AADDS. Whats my best route migrating to Azure DNS Private Resolver
Hello Robert, thanks for sharing your wonderful knowledge. can you please give me the reason why I am getting DNS request timed out error while resolving the DNS in my lab. FYI, the test VM that I am using is in azure. I have configured same as you shown in video. Thanks.
If it's timing out could be a connectivity issue. verify there is connectivity on the private network to the DNS server in Azure and the IP addresses are correct.
@@Ciraltos Hello Travis. Great video as always! Do I just need to allow port 53 inbound from the on-prem DNS server into Azure (and add the rule to the NSG of the private resolver subnet to allow communication?)
Travis ty again for such a great explanation! In case when azure firewall proxy dns is used, do we put both IPs of DNS private resolver? such as inbound and outbound? Maybe you could cover it in the coming up session? PS: Current setup is to have AD DNS(static IP/DNS) and AZFW are in the same vnet. In AZFW proxy entered AD DNS. In the vnet DNS entered AZFW private IP - works great, how Private DNS would come to this picture?
Nice video, thank you, i read like 200 times the azure documentation and still did not understand how this works until i saw your video.
Hi Travis nice video. MS document state the conditional forwarder zone on-prem should be the public facing zone so should be: blob core windows net and not privatelink blob windows net - which is correct please? Thanks
Hi! Thank You for your video, it helped me understanding more of this technology. I suspect there is a mistake in the part describing the conditional forwarder settings, because it should be configured for the public domain and not the privatelink one (as described in the MS documentation - which makes sense since applications like Azure Storage Explorer won't use URLs to privatelink domains). Apparently TH-cam deleted my previous message on the subject, I guess because of a link to MS documentation.
Travis, Thank You very much. Your explanation has greatly helped me understanding Azure Private Resolver's and its inbound endpoints role and function.
Thanks for this video.
I learned also that your DNS server must be configured to use root hints for this to work, or if you do have a general forwarder created, the DNS sever it is forwarded to must have the conditional forwarder and be able to reach your Azure DNS Private Resolver. In my circumstance, DNS was forwarding to a public DNS provider and thus a recursive query was being using instead of iterative and as a result it did not ever hit the conditional forwarder and thus did not return the private address.
Was a tricky one to resolve.
Thanks!
Thank you!
It was a nice explanation ,what if I dont have Windows machines and DNS servers. How Do I create these conditional forwarders?
any thoughts on this please share
This video is exactly what I'm experiencing with a client set-up. Amazing.
Great to hear!
@@Ciraltos Travis, I know you're a busy person.
However, quick question related to Azure File Share: I keep getting an error message, "The specified network password is not correct." when authenticating a domain-joined user who's been added to Azure AD Domain Services configured on (Azure) storage. Any clues why this happening? I verified the computer, over VPN can authenticate to the (Azure) AD Domain Controller. Any little bit would help. Thanks. :)
When using the storage access keys, everything works perfectly over VPN, it's just authenticating with Azure AD Domain Service where things seem to break.
Hello travis...i have one question i have private endpoints for storage account and inbould public access for databricks when i am connecting to power bi to adls storage account iam unable to connect to it when i am switching allow public access in networking then i am able to viee the data in power bi and when i n networking i am switching public access disabled i am unable to view it can you please help me on that.
Hi @travis
Do you have any video how to setup on prem network for using this video
Thank you so much for explaining the concept so beautifully. I have a follow-up question, I'd appreciate if you could please answer that.
I'd like to know if we configure Azure VNET with Azure provided DNS and add Azure Provided DNS IP in the conditional forwarder of local DNS server, then how is Private resolver working differently than Azure Provided DNS IP? Eventually it is still forwarding requests to azure to resolve queries from Azure Private DNS zones.
I'm using 2 regions currently with 20+ on prem AD-DNS servers. I need clients in both regions to be able to resolve cross-regionally. Is that possible with this configuration?
Do we also use DNS resolver inbound address as the Firewall DNS proxy? Is it use to avoid the lopping for forwarding rules
Nice video as always Travis :) Is this service supposed to support reverse dns in the future?
Great video Travis :)
Everything working as expected expect the DNS server. My DNS server is not responding. Could you please make a video to setup a DNS server on on-prem or share a video link if you already have one!
Thanks in advance and looking forward to more videos :)
Hi Travis, Great Vid. However a point to the right direction would be appreciated here. I already have Azure Active Directory Domain Service configured handling dns resolution in a production environment. My challenge using this is i cant do conditional forwarding with AADDS. Whats my best route migrating to Azure DNS Private Resolver
Great explainer. Would this be possible without a conditional forwarder? Would be nice if I can configure it for the Azure VPN client's xml
Hello is there a way to contact you for business purposes?
I dont have an onprem dns server, how I can resolve DNS using my onprem endpoints (win10 devices) to azure vm and resources?
For that you change vpn dns server setting in windows networking setting to manual and add private resolver inbound end point dns ip
very very good feature...
Hello Robert, thanks for sharing your wonderful knowledge. can you please give me the reason why I am getting DNS request timed out error while resolving the DNS in my lab. FYI, the test VM that I am using is in azure. I have configured same as you shown in video.
Thanks.
If it's timing out could be a connectivity issue. verify there is connectivity on the private network to the DNS server in Azure and the IP addresses are correct.
@@Ciraltos Hello Travis. Great video as always! Do I just need to allow port 53 inbound from the on-prem DNS server into Azure (and add the rule to the NSG of the private resolver subnet to allow communication?)
hi, can you help me how you setup on prem network
Great video
Thank you so much!
Travis ty again for such a great explanation! In case when azure firewall proxy dns is used, do we put both IPs of DNS private resolver? such as inbound and outbound? Maybe you could cover it in the coming up session?
PS: Current setup is to have AD DNS(static IP/DNS) and AZFW are in the same vnet. In AZFW proxy entered AD DNS. In the vnet DNS entered AZFW private IP - works great, how Private DNS would come to this picture?
Azure Firewall is like you mention just a DNS Proxy. You point that to the inbound IP address of the Private DNS Resolver.
❤❤❤