Azure <> 本地 DNS 转发器分辨率

Question

We have an Azure infrastructure that is connected to an on premise datacenter via a VPN gateway, and are trying to configure DNS resolution between both.

We have an ADDS configured with forwarders(for app.internal) to the on premise DNS servers and on premise DNS server forwards to our ADDS that forwards to Azure DNS 168.63.129.16.

In a VNET configured with the two IP of the ADDS, we have an app service configured with vnet integration, and when we try to resolve an app.internal the resolution is not stable at all.

At the end of the TTL the A record disappear only to reappear randomly. The only way we found to force him to resolve the A record is to clear cache on the ADDS.

Resolution from on premise to Azure works fine.

Answer 1

In Azure ADDS when you added the conditional forwarding, did you check "store this conditional forwarder in ad and replicate it to": make sure you did NOT select all dns server in this Forest,

Important

If the conditional forwarder is stored in the forest instead of the domain, the conditional forwarder fails.

If this is not the issue, then I'm not sure what the problem is here, but as a workaround, you could create a secondary zone of your on-prem app.internal zone on the ad ds dns server, and have it replicate records from on-prem primary, that would probably increase reliability because it would probably do a better job of caching the zone.

If others have comments about this, feel free.