[Launched] Generally Available: Fallback to Internet on Private DNS Zones

-


Here's a concise summary of Azure's Generally Available: Fallback to Internet on Private DNS Zones based on available documentation and relevant sources:

Overview

The Fallback to Internet feature for Azure Private DNS Zones is now generally available, allowing DNS queries for non-private records to resolve via public DNS servers when no matching record exists in the configured private zones[1][3][5]. This ensures seamless hybrid environments and reduces DNS resolution failures.

Key Functionality

  • Automatic Public DNS Resolution: Queries for records not defined in private DNS zones automatically resolve using public internet DNS servers if enabled[5].
  • Hybrid Environment Support: Ideal for scenarios requiring access to both private endpoints and public resources without manual DNS configuration[3][4].
  • Enhanced Resilience: Minimizes application downtime caused by DNS resolution failures in isolated or on-premises environments[2][4].

Configuration Steps

  1. Enable at Zone Level:
  • Navigate to Zone Configuration in the Azure Portal.
  • Toggle "Enable internet fallback"[2][4].
  1. Per Virtual Network Link:
  • Edit the virtual network link on the Private DNS Zone.
  • Enable "Fallback to internet" for granular control[2][4].

Critical Considerations

  • Firewall Rules: Ensure outbound DNS traffic (UDP/TCP port 53) is allowed for public DNS resolution[5].
  • Azure Firewall Integration: Use FQDN tags (e.g., AzureDNS) or enable the DNS proxy feature to manage DNS traffic[5].
  • Private Endpoint Compatibility: Works seamlessly with services like Azure Key Vault, Storage Accounts, and SQL Database that use private endpoints[3][4].

Benefits

  • Reduced Downtime: Failover to public DNS minimizes disruptions during outages[2][4].
  • Simplified Management: Eliminates manual DNS forwarding for public resources[1][3].
  • Multi-Region Support: Ensures consistent DNS resolution in geographically distributed deployments[3].

Note: While the linked Azure update (ID 480005) isn't directly accessible, functional details align with recent Azure documentation and community technical guides[1][3][5].

For verification, use Azure Resource Graph Explorer or the CLI to check fallback status on configured zones or links[2][4].

อ้างอิงค์ : https://azure.microsoft.com/updates?id=480005

ความคิดเห็น

แสดงความคิดเห็น

โพสต์ยอดนิยมจากบล็อกนี้

Retirement: MICROSOFT AZURE OPERATED BY 21VIANET - Action required to migrate to Azure China North 3 region by July 1, 2026 due to China North 1 and China East 1 region retirement

-
รูปภาพ
Retirement of Azure Regions in China Microsoft Azure operated by 21Vianet is planning significant changes to its regional infrastructure in China. Specifically, the China North 1 and China East 1 regions are scheduled for retirement. Key Points About the Retirement Retirement Date : Both China North 1 and China East 1 regions will be retired on July 1, 2026 [1]. Impact : Customers with services in these regions will experience disruptions if they do not migrate their services to other regions by the retirement date[1]. Recommended Action : Microsoft advises customers to migrate their services to alternative regions, such as China North 3 , to avoid service disruptions. Additional Service Updates Beyond the region retirement, there are other service updates relevant to Azure in China: Azure Batch Service Retirement : The Azure Batch service will also be retired on March 31, 2026 , in regions like India West , China North 1 , and China East 1 , due to regional constraints...
อ่านเพิ่มเติม

[Launched] Generally Available: Private subnet

-
รูปภาพ
Here is a structured summary of the Generally Available: Private Subnet launch announcement and key information from the official Azure Updates page referenced (https://azure.microsoft.com/updates?id=492953): General Availability of Azure Private Subnet Announcement Date: May 2025[1] Feature Status: Launched (now generally available for all Azure customers) Description: The "private subnet" feature for Azure Virtual Network is now production-ready, enabling customers to create subnets with enhanced network isolation and security. Key Benefits: Enhanced Security: Private subnets help restrict outbound internet access, reducing the risk of unauthorized data exfiltration. Explicit Internet Access: VMs in a private subnet do not have default outbound internet access, requiring explicit configuration of NAT gateways or other routes for connectivity[5]. Greater Control: Organizations gain more granular management over their Azure VM network traffic, allowing them t...
อ่านเพิ่มเติม

[Launched] Generally Available: User-managed plugin enablement in Azure Database for MySQL – Flexible Server

-
รูปภาพ
Summary of "User-managed plugin enablement in Azure Database for MySQL – Flexible Server" Key Updates: General Availability : User-managed plugin enablement is now generally available for Azure Database for MySQL – Flexible Server. Supported Plugin : Currently supports the validate_password plugin, which enforces strong password policies for enhanced security. Enable/Disable Plugins : Enable: CALL az_install_validate_password_plugin(); Disable: CALL az_uninstall_validate_password_plugin(); Configuration Management : Plugin settings can be adjusted via the Server Parameters page in the Azure portal for easier customization. Undo Log Cleanup : A new stored procedure allows manual cleanup of the Undo Log to reduce storage usage without support intervention. Default Plugin Exposure : The caching sha2 password plugin is now enabled by default and configurable through server parameters in the portal. Benefits: Provides granular control over database plugins. I...
อ่านเพิ่มเติม