Unable to resolve the DNS address in Azure

Question

I have a Hub-Spoke model. I also have an Azure DNS zone. I have a firewall in the Hub and Spoke uses Route table(s). I have created a VM in the Spoke and added the 'A' record in the Azure DNS zone, however, I am unable to resolve the DNS address in Azure.

I have an Azure Firewall with the following Roles

# Create a Azure Firewall Network Rule for DNS
resource "azurerm_firewall_network_rule_collection" "fw-net-dns" {
  name                = "azure-firewall-dns-rule"
  azure_firewall_name = azurerm_firewall.azufw.name
  resource_group_name = azurerm_resource_group.ipz12-dat-np-connection-rg.name
  priority            = 102
  action              = "Allow"

  rule {
    name = "DNS"
    source_addresses = [
      "*",
    ]
    destination_ports = ["53"]
    destination_addresses = [
      "*",
    ]
    protocols = ["TCP","UDP"]
  }
}

I have a Route Table with the below Routes

resource "azurerm_route_table" "azurt" {
  name                          = "AzfwRouteTable"
  resource_group_name           = azurerm_resource_group.ipz12-dat-np-connection-rg.name
  location                      = azurerm_resource_group.ipz12-dat-np-connection-rg.location
  disable_bgp_route_propagation = false

  route {
    name                   = "AzgwRoute"
    address_prefix         = "10.2.3.0/24" // CIDR of 2nd SPOKE
    next_hop_type          = "VirtualNetworkGateway"
  }  

  route {
    name                   = "Internet"
    address_prefix         = "0.0.0.0/0"
    next_hop_type          = "VirtualAppliance"
    next_hop_in_ip_address = azurerm_firewall.azufw.ip_configuration.0.private_ip_address
  }  

  tags = {
    environment = "Staging"
    owner       = "Someone@contoso.com"
    costcenter  = "IT"
  }

  depends_on = [
    azurerm_resource_group.ipz12-dat-np-connection-rg
  ]
}

It is associated with the subnet

resource "azurerm_subnet_route_table_association" "virtual_machine_subnet_route_table_assc" {
  subnet_id      = azurerm_subnet.virtual_machine_subnet.id
  route_table_id = azurerm_route_table.azurt.id

  depends_on = [
    azurerm_route_table.azurt,
    azurerm_subnet.virtual_machine_subnet
  ]
}

I have a VM in the above mentioned subnet

resource "azurerm_network_interface" "virtual_machine_nic" {
  name                = "virtal-machine-nic"
  location            = azurerm_resource_group.ipz12-dat-np-applications-rg.location
  resource_group_name = azurerm_resource_group.ipz12-dat-np-applications-rg.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = data.azurerm_subnet.virtual_machine_subnet.id
    private_ip_address_allocation = "Dynamic"
  }

  depends_on = [
    azurerm_resource_group.ipz12-dat-np-applications-rg
  ]  
}

resource "azurerm_windows_virtual_machine" "virtual_machine" {
  name                = "virtual-machine"
  resource_group_name = azurerm_resource_group.ipz12-dat-np-applications-rg.name
  location            = azurerm_resource_group.ipz12-dat-np-applications-rg.location
  size                = "Standard_B1ms"
  admin_username      = "...."
  admin_password      = "...."
  network_interface_ids = [
    azurerm_network_interface.virtual_machine_nic.id
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsDesktop"
    offer     = "Windows-10"
    sku       = "21h1-pro"
    version   = "latest"
  }

  depends_on = [
    azurerm_network_interface.virtual_machine_nic
  ]    
}

I have created a Azure DNS Zone

resource "azurerm_dns_zone" "dns_zone" {
  name                = "learnpluralsight.com"
  resource_group_name = azurerm_resource_group.ipz12-dat-np-connection-rg.name
  
  depends_on = [
    azurerm_resource_group.ipz12-dat-np-connection-rg
  ]  
}

and added the 'A' record

But I am not able to resolve the FQDN

Do you own `learnpluralsight.com` domain? – harshavmb Oct 23 '22 at 07:29 — harshavmb, Oct 23 '22 at 07:29

score 2 · Answer 1 · answered Oct 23 '22 at 19:09

I tried to reproduce the same in my environment I am getting same request timed out.

enter image description here

To resolve this issue, you need to add Reverse lookup zone and Create PTR record for DNS server name and IP.

enter image description here

In Reverse lookup zone -> right click choose new zone

enter image description here

Click Next as a primary zone -> check the store the zone box ->Next -> click the 2nd option all the dns server...in the domain -> IPv4 reverse lookup -> Next

Here you should add your Ip address as 150.171.10 1st three octets -> click next -> choose to allow only secure dynamic -> next -> Finish

enter image description here

Once you refresh your default records are added and right click and create pointer (PTR) like below type your ip address 150.171.10.35 and provide your host name and your PTR will be added successfully

enter image description here

And when I run nslookup server run successfully without request timed out.

enter image description here

If this still persist in your search box -> network and internet -> ethernet -> Right click ->properties -> internet protocol version provide DNS server as below.

Still any issue occurs try:

preferred dns server as 8.8.8.8 Alternate DNS server as 8.8.4.4 or
preferred dns server as 8.8.8.8 Alternate DNS server as Your ip

Reference: dns request timeout (spiceworks.com)

enter image description here