Azure DNS Private Resolver intermittent latency resolving host

adam jones 1

Hoping someone can help me with an issue I am having with the new DNS Private Resolver.

A couple of weeks ago I set this up with an inbound-only endpoint, this works perfectly and allows our on-prem infrastructure to resolve our private DNS for azure databases. Once set up we began to convert our on-prem services to use this DNS endpoint for connection string but in the last week, we have had intermittent latency to the resolver.

In troubleshooting I have checked the connections for all on-prems servers using this which found no issues, we then booted up a VM in Azure and called it from there to find that it was also failing sometimes. This show that the issue is from the resolver because direct DNS connections from app services are not affected.

below is the console showing the error response we see, the first is calling the DNS using windows DNS settings. The second is setting the DNS for the nslookup with the same result and the third is an anomaly where if I increment the last digit of the DNS IP it works fine but that IP should not work for the resolver. I am happy to answer any questions.

KapilAnanth-MSFT 44,311 Reputation points Microsoft Employee

2022-07-26T15:57:41.083+00:00

Hi @adam jones

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are facing latency issues with Azure Private Resolver.

Since Private Resolver is currently in Preview and the issue is intermittent, we might need to look into the backend logs and will require a deeper investigation.
So if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support

Thanks,
Kapil
AdamJones-0724 1 Reputation point

2022-07-29T08:36:29.59+00:00

Hi anonymous user-MSFT

I have made contact with support and I am getting the required help now. Thank you for your message.
Peter Kutter 11 Reputation points

2022-10-07T01:09:08.547+00:00

Hi,

experiencing similar issues with private resolver when using conditional forwarding rule to query AD DNS server.
Has there been any progress on this?
KapilAnanth-MSFT 44,311 Reputation points Microsoft Employee

2022-10-07T05:04:54.213+00:00
Hi @Peter Kutter ,

Can you please provide more details about your environment?

Are you experiencing latency issues, or no DNS reply or an empty DNS reply?

Cheers,
Kapil
Peter Kutter 11 Reputation points

2022-10-07T05:18:44.11+00:00

HI Kapil,

its a hub and spoke environment. The hub is connected to on-prem via Expressroute. The private resolver resides in the same hub VNet.
It has one forwarding ruleset attached that forwards request for local AD domain DNS records to two onprem DNS servers.
Resolving public DNS entries that don't require the forwarding work fine.
Resolving on-prem DNS domains via the forwarding ruleset leads to intermittent DNS timeouts. This was tested from a Windows 2019 test VM. Sometimes the DNS response can take up to 10 seconds. If I set the nslookup timeout to 15 seconds all DNS queries are successful.
If I point the test VM directly to the onprem DNS servers than there is no timeout issue, kind of excluding the Expressroute / onprem DNS servers being the issue.

cheers,
Peter
KapilAnanth-MSFT 44,311 Reputation points Microsoft Employee

2022-10-07T10:57:49.527+00:00

Hi @Peter Kutter ,

This issue seems to be intermittent and it would require a deeper investigation, so if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support

Cheers,
Kapil
AdamJones-0724 1 Reputation point

2022-10-07T11:16:56.087+00:00

Hi @Peter Kutter

In the end, we found out that what was causing our issue was a DNS for AD that we have set up in our azure network. It seems that the azure private resolver also looks at that for DNS lookups but not all the time so to get around it we setup a DNS forwarding VM using Bind service. this allows us to only forward traffic to the private DNS zone that we wanted. Hope this helps.

Adam
Peter Kutter 11 Reputation points

2022-10-19T05:20:55.597+00:00

in the end it was a backend issue that was fixed by Microsoft. There was nothing wrong with our setup.
Given its GA now those bugs hopefully dont show up again.
KapilAnanth-MSFT 44,311 Reputation points Microsoft Employee

2022-10-19T05:24:51.51+00:00

Hi @Peter Kutter ,

Thanks for keeping the thread updated.

I am glad the issue has been resolved now.
Yeah, since the service is in GA, there can be some unexpected outcomes.

They should be fixed in the subsequent release cycles.

Cheers,
Kapil

2 answers

Carlos Solís Salazar 17,871 Reputation points

2022-07-26T13:00:34.05+00:00
Hi @adam jones

Thank you for asking this question on the **Microsoft Q&A Platform. **

Check the DNS resolving per each dns server:

nslookup your.privatelink.mysql.database.azure.com onprem.dns.server1 nslookup your.privatelink.mysql.database.azure.com onprem.dns.server2 nslookup your.privatelink.mysql.database.azure.com onprem.dns.server2

Also, if you can share some screenshots of your Azure DNS, and your on-premises DNS if the issues are persisting.

Hope this helps,
Carlos Solís Salazar

----------

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
adam jones 1 Reputation point

2022-07-26T15:50:44.633+00:00

Hi @Carlos Solís Salazar

I have put below some screenshots of how our DNS is set up, as for the DNS server we don't have any DNS server as such we are using private DNS zones and DNS resolver which are all built-in features from azure.

DNS Private Resolver

Private DNS Zone
Please sign in to rate this answer.
Peter Paul Saldanha 0 Reputation points

2024-08-17T17:17:05.3233333+00:00

Hi @Carlos Solís Salazar, I have same azure private dns resolver setup with issue of intermittent servfail while accessing on-prem domains from azure. Could you let me know the resolution
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure DNS Private Resolver intermittent latency resolving host

2 answers

Your answer