Hi @red-devil ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to use Azure Firewall and restrict DNS resolution for a particular domain only.
With Azure Firewall, this is not possible.
As stated by @Jackson Martins , the possible solution is to have your custom DNS server and configure the server to only resolved the expected domains.
Azure Firewall works with Destination IP/ FQDN.
For DNS queries, there will be no FQDN and the destination IP would either be Azure default DNS or your custom DNS server.
Hence, this scenario will not be feasible.
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Cheers,
Kapil