Skip to content

Use local DNS servers#

Reliability · Virtual Network · 2020_06

Virtual networks (VNETs) should use Azure local DNS servers.

Description#

Virtual networks allow one or more custom DNS servers to be specified. These DNS servers that are inherited by connected services such as virtual machines.

When configuring custom DNS server IP addresses, these servers must be accessible for name resolution to occur. Connectivity between services may be impacted if DNS server IP addresses are temporarily or permanently unavailable.

Avoid taking a dependency on external DNS servers for local communication such as those deployed on-premises. This can be achieved by using DNS services deployed into the same Azure region.

Where possible consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternativelym consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure.

Recommendation#

Consider deploying redundant DNS services within a connected Azure VNET.

Examples#

Configure with Azure template#

To deploy Virtual Networks that pass this rule:

  • Set properties.dhcpOptions.dnsServers to an IP address within the same or peered network within Azure. OR
  • Use the default Azure DNS servers.

For example:

Azure Template snippet
{
  "type": "Microsoft.Network/virtualNetworks",
  "apiVersion": "2022-05-01",
  "name": "vnet-01",
  "location": "[parameters('location')]",
  "properties": {
    "addressSpace": {
      "addressPrefixes": [
        "10.0.0.0/16"
      ]
    },
    "dhcpOptions": {
      "dnsServers": [
        "10.0.1.4",
        "10.0.1.5"
      ]
    }
  }
}

Configure with Bicep#

To deploy Virtual Networks that pass this rule:

  • Set properties.dhcpOptions.dnsServers to an IP address within the same or peered network within Azure. OR
  • Use the default Azure DNS servers.

For example:

Azure Bicep snippet
resource virtualnetwork01 'Microsoft.Network/virtualNetworks@2022-05-01' = {
  name: 'vnet-01'
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.0.0.0/16'
      ]
    }
    dhcpOptions: {
      dnsServers: [
        '10.0.1.4'
        '10.0.1.5'
      ]
    }
  }
}
Last update: 2022-11-06

Comments