Azure firewall filtering dns traffic

red-devil 61 Reputation points
2022-10-03T18:13:38.603+00:00

Hello All ,

I have applications behind Azure firewall , I only want to resolve fqdn that i have added in Application rule and don't want to connect to other fqdn also even don't resolve them .
How can this be achieved .

rule's i have :

  1. dns rule : 53 allowing from certain vm
  2. application rule : allowing only facebook.com
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
656 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 44,556 Reputation points Microsoft Employee
    2022-10-04T06:00:13.507+00:00

    Hi @red-devil ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you would like to use Azure Firewall and restrict DNS resolution for a particular domain only.

    With Azure Firewall, this is not possible.

    As stated by @Jackson Martins , the possible solution is to have your custom DNS server and configure the server to only resolved the expected domains.

    Azure Firewall works with Destination IP/ FQDN.
    For DNS queries, there will be no FQDN and the destination IP would either be Azure default DNS or your custom DNS server.
    Hence, this scenario will not be feasible.

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Cheers,
    Kapil

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jackson Martins 10,151 Reputation points MVP
    2022-10-03T18:20:33.2+00:00

    Hi @red-devil
    You need to create an application rule, placing the protocols and ports as shown in the image below:

    247059-image.png

    reference: https://video2.skills-academy.com/en-us/azure/firewall/tutorial-firewall-deploy-portal#configure-an-application-rule

    Get in touch if you need more help with this issue.

    --please don't forget to "[Accept the answer]" if the reply is helpful--

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.