Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

Version 1 Next »

By importing Azure private zones as forward zones, you can bring existing DNS configurations into your own account in the Cloud Services Portal and have control over routing and management while ensuring changes made on those imported zones reflect back to their original source. Queries for domains added as forward zones will be forwarded by the BloxOne hosts to an Azure private resolver endpoint for resolution, thus ensuring that the most up-to-date data is referenced.

The following diagram explains this feature:

Prerequisites

The following prerequisites need to be taken into consideration before importing Azure private zones:

  • At least one Azure private resolver inbound endpoint is configured. See Azure documentation for details.

  • The BloxOne host has a logical connection to the Azure subnet that is configured with the inbound resolver. This can be through virtual network peering or a VPN connection.

  • The DNS service is up and running on the BloxOne host.

  • The credentials used to synchronize zones and records in BloxOne DDI will need to include the following permission (in addition to the standard BloxOne DDI roles required):

    • Microsoft.Network/dnsResolvers/inboundEndpoints/read

Configure BloxOne DDI to import Azure private zones as forward zones

Complete the following steps to import Azure private zones as forward zones:

  1. Go to Manage > DNS.

  2. Go to Third-Party DNS Providers page.

  3. Click click Create and select AWS.

  4. Configure the Third-party DNS Provider details as required. Fore more information, see Creating Third Party DNS Providers. When creating the Azure provider in BloxOne DDI, make sure that the Forward Only Zone checkbox is selected. Please note that this is a mutable configuration, i.e. you can disable or enable Forward Only Zone on a created provider. Wait for zone and records to sync (provider status shows green / Synced).

  5. Go to the DNS view and edit the desired private zone and add the BloxOne host as an Authoritative DNS server.

To verify that forward zone works, you can run a dig query using the BloxOne host as the DNS server:

# dig @oph_ip private_zone.example.com

This query will be forwarded to Azure private inbound endpoint and responded with the proper resolution.

  • No labels