0

I was wondering is it possible to have multiple Private DNS Zones in a hub and spoke topology, where we have a separate DNS zone for an application (splint), but splint will be retired in a year, so we are creating a DNS zone separate for all other Azure apps and would like a separate DNS zone for everything else in the connectivity Spoke. If we had two how would they talk to each to resolve addresses or would we just “link” the vnets to both DNS zones, but if we did that where would the privatelink.microsoft.com (private endpoint DNS entry be hosted)

Sorry if this seems like a brain dump just trying to understand

Norrin Rad
  • 353
  • 1
  • 4
  • 12
  • Show what you have configured (trying to configure) and the problem. By configure, list the zone details. As written your question is too confusing and will lead to guessing. – John Hanley Jun 27 '22 at 18:52
  • @JohnHanley thanks and apologies it does sound a bit random now I read it back. We have a dns zone configured in splint subscription, we want to set up another private dns zone in the hub subscription, can we have multiple vnets linked to both zones and can the two zones communicate with each other? – Norrin Rad Jun 27 '22 at 21:13
  • DNS requires facts/details. Descriptions do not help. – John Hanley Jun 27 '22 at 21:20

1 Answers1

0

If your hub and spoke are completely isolated it should work fine to have separate private DNS zones for the same Azure service. However it doesn’t sound like that’s your scenario.

This page has several quotes that have convinced me not to try to have two different private DNS zones for the same Azure service tied with VNET links to the same VNET.

Important A single private DNS zone is required for this configuration. Creating multiple zones with the same name for different virtual networks would need manual operations to merge the DNS records.

Important If you're using a private endpoint in a hub-and-spoke model from a different subscription or even within the same subscription, link the same private DNS zones to all spokes and hub virtual networks that contain clients that need DNS resolution from the zones.

GregGalloway
  • 373
  • 1
  • 6