1. Overview

A test conducted to verify if DNS Name Resolution is possible between Azure Virtual Networks (VNets) and simulated on-premises networks connected via S2S VPN.

note:

• ref

2. Objective

• To verify DNS resolution capabilities between Azure VNet and simulated on-premises environments.
• To validate the requirement that DNS resolution between Azure and on-premises networks necessitates Azure ExpressRoute or a VPN.

3. Test Conditions

• Connectivity: A simulated on-premises environment (VNet acting as on-premises) with a Windows DNS server is connected to the main Azure VNet via S2S VPN.
• Azure Side:
  • Hub VNet and Spoke VNet are connected to a Private DNS Zone via Virtual Network Link.
  • Hub VNet and Spoke VNet are connected to a DNS Forwarding Rule Set via Virtual Network Link.
  • Azure DNS Private Resolver (Inbound/Outbound Endpoints) configured.

4. Test Results

4.1 On-premises -> Azure

After configuring the DNS Private Resolver, querying a domain (e.g., tykimdnsstrg.blob.core.windows.net) from simulated on-premises successfully resolved to the Inbound Endpoint IP and returned the private IP of the blob storage.

4.2 Azure -> On-premises

Queries for the simulated on-premises domain (tykim.store) from Azure were successfully forwarded to the simulated on-premises DNS server IP.

Verification of VPN Requirement: Before configuring the DNS Private Resolver, queries to the DNS server failed despite the S2S VPN connection.