Plan and Configure Name Resolution (DNS) for Active Directory (AD) and Azure Active Directory Domain Services (Azure AD DS)
DNS is important for Azure Virtual Desktop to work because the session host is always joined to an ADDS domain, and if the DNS is not working, the session host won’t be able to resolve a domain name for authentication or resolve external domain names for Internet access on Azure Virtual Desktop.
The following are different DNS types supported for Azure Virtual Desktop, and you can select the correct DNS type for your Azure Virtual Desktop deployment based on these scenarios:
•\ Self-hosted DNS: Most enterprises are using Microsoft AD DS integrated DNS or third-party DNS on on-premises, and the same can be used for Azure Virtual Desktop as well. This is a recommended option as you can manage all the DNS records in one place.
Depending on the DNS traffic, the on-premises DNS server can be extended to an Azure hub subscription or point Azure Virtual Desktop resources to use on-premises DNS. DNS server IP address and port 53 need to be opened on the firewall between the DNS
server and Azure Virtual Desktop. The virtual network uses on- premises DNS for name resolution. Additionally, change the virtual network’s DNS setting to point to the DNS server IP address, as shown in Figure 2-7.
Figure 2-7. Azure Virtual Desktop DNS setting on Azure Virtual Desktop Virtual Network
•\ Azure private DNS zone: The Azure private DNS zone can be used to resolve Azure resource names. This provides a reliable and secure DNS service for your virtual network. Azure private DNS zones manage and resolve domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment. Using a custom domain name helps you tailor your virtual network architecture to best suit your organization’s needs. It provides a naming resolution for virtual machines (VMs) within a virtual network and connected virtual networks. Additionally, you can configure zone names with a split- horizon view, which allows a private and a public DNS zone to share the name.
•\ Azure-provided name resolution: Azure-provided name resolution provides only basic authoritative DNS capabilities. If you use this option, the DNS zone names and records will be automatically managed by Azure, and you will not be able to control the DNS zone names or the life cycle of DNS records. If you need a fully featured DNS solution for your virtual networks, you must use Azure DNS private zones or customer-managed DNS servers.