Announcements, Azure DNS, Networking
By Sergio Figueiredo Principal Product Manager
Posted on
4 min read
A successful hybrid networking strategy demands DNS services that work seamlessly across on-premises and cloud networks. Azure DNS Private Resolver now provides a fully managed recursive resolution and conditional forwarding service for Azure virtual networks. Using this service, you will be able to resolve DNS names hosted in Azure DNS private zones from on-premises networks as well as DNS queries originating from Azure virtual networks that can be forwarded to a specified destination server to resolve them.
This service will provide a highly available and resilient DNS infrastructure on Azure for a fraction of the price of running traditional IaaS VMs running DNS servers in virtual networks. You will be able to seamlessly integrate with Private DNS Zones and unlock key scenarios with minimal operational overhead.
We are excited to share that Azure DNS Private Resolver is now in general availability.
We offer two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records. In the preceding illustration, multi-region workloads running on Azure with Azure DNS Private Resolver are provisioned in two regional, centralized virtual networks with one or more spokes peered to each centralized virtual network. These virtual networks have inbound and outbound endpoints provisioned. From on-premises, there are two distinct locations (East and West) and each location connects via Express Route to the centralized virtual network where Private Resolver is provisioned. These on-premises locations have one or more local DNS servers configured to do conditional forwarding to the inbound endpoint of Private Resolver. The local DNS servers in East have the IP address of the East inbound endpoint as the primary DNS target, and the West inbound endpoint as secondary. Alternatively, the local DNS servers in West have the IP address of the West inbound endpoint as the primary DNS target, and the East inbound endpoint as secondary. There is a single private DNS zone linked to both regions and both on-premises locations can resolve names from this zone even in the event of a regional failure.
Azure DNS Private Resolver enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying virtual machine-based DNS servers.
Azure DNS Private Resolver general availability is being announced to all customers and will have regional availability in the following regions:
Apart from the features which were announced earlier in preview, customers will now be able to leverage the following additional functionality and content:
In the following diagram, an on-premises network connects to Azure via ExpressRoute and has on-premises DNS servers configured to conditionally forward queries to the private IP address of the inbound endpoint. The inbound endpoint then resolves names available on Azure Private DNS zones which are linked to the virtual network where private resolver is provisioned. If there is no matching private DNS zone in the virtual network, it will use the outbound endpoint and resolve using the ruleset rules via longest suffix match. If no match in the ruleset is found it will recurse to the internet for public name resolution.
Private Resolver general availability is also available to use via PowerShell, CLI, .NET, Java, Python, REST, Typescript, Go, ARM, and Terraform.
Built-in high availability, zone redundancy, and low latency name resolution.
Reduce operating costs and run at a fraction of the price of traditional IaaS solutions.
Conditionally forward from your Virtual Networks to any reachable DNS server and from on-premises to Azure Private DNS Zones.
High performance per endpoint.
Availability Zone aware and resilient to failures within a region. Service-legal agreement (SLA) of 99.99 percent during general availability.
Build your pipelines with Terraform, ARM, or Bicep.
You can try Azure DNS Private Resolver today. For more information about the capabilities available, please visit the Azure DNS Private Resolver technical documentation webpage. Post your ideas and suggestions on the networking community page.
Let us know what you think of Azure and what you would like to see in the future.
Provide feedback
Build your cloud computing and Azure skills with free courses by Microsoft Learn.
Explore Azure learning
Application Gateway, Azure DNS, Azure Front Door, Industry trends, Load Balancer, Networking, Traffic Manager, Web Application Firewall
Announcements, Azure DNS, Networking
Announcements, Azure DNS, Networking
Azure DNS, Networking
About The Author
More Stories
Community Snapshot—October
2025 Postel Awardee David Clark, an Architect and Implementer of the Internet
Making Internet Policy Make Sense—Your Multilingual Guide to the Internet