UW Azure DNS Bridge solution

NOTE: The Azure DNS Bridge solution is no longer available to new customers. 
This service will go away on: <date to be determined> 
Existing customers are encouraged to migrate to the new UW Azure Platform via a UW-IT managed subscription. 

The UW Azure Platform includes redundant ExpressRoute circuits homed in geo-redundant locations, 
simplified networking via Azure VWAN capabilities, DNS resolution that supports private links, 
stronger security standards, and a 10% discount on Azure costs.

Specific to DNS configuration, the UW Azure Platform allows customers to use the default Azure DNS, while
still enjoying the benefits noted here, and also being able to use Azure private link DNS.

This page will be removed when this service is retired 
but is left as a courtesy for existing customers.

The UW Azure DNS Bridge solution enables customers to resolve hostnames which are registered in UW DNS and Azure DNS. It also provides a consistent DNS resolver for all UW Azure-based resources.

What are the DNS problems associated with using Azure?

Hosts with private IP addresses on the UW network generally register their DNS hostname with the UW DNS servers and can only be resolved from the UW network. Azure native services with private links have private IP addresses on the Azure network, have their hostnames registered with the Azure DNS server, and can only be resolved from the Azure network. Any given network client can only use one DNS server for hostname resolution. These general facts form the basis for the problems in this area. The problems are:

If I point my UW network clients at UW DNS, they can not resolve private hostnames that are only registered in Azure DNS
If I point my Azure network clients at Azure DNS, they can not resolve private hostnames that are only registered in UW DNS
I don't want to run my own DNS services to solve the above problems, nor do I want the additional overhead associated with managing an additional private DNS zone on UW DNS to proxy Azure private hostnames

UW-IT has provided this solution for these problems.

What DNS servers should I use for my Azure resources?

You should use the UW Azure DNS Bridge servers: 10.4.10.20 10.4.10.21 Use of these servers requires Azure VNet peering with the UW Hub VNet and you'll need to leverage the Shared ExpressRoute.

NOTE: We recommend new Azure customers have a UW-IT managed subscription that leverages the default Azure DNS 
which in turn leverages the private DNS resolvers in the UW Azure Platform. Existing customers are encouraged 
to migrate to a UW-IT managed subscription.

What DNS servers should I use for my campus clients?

You should continue to use the UW DNS servers, as you currently do. When your campus client encounter a private hostname associated with an Azure DNS zone, the UW DNS servers will forward those requests to the Azure DNS Bridge servers. These DNS servers are on the Azure network, and in turn forward these request to the Azure DNS service. This results in returning the private IP address back to your campus client.

Are there other solutions to these problems?

Yes, there are other solutions but none of them is as ideal as this solution. If you need to explore other solutions because this solution doesn't meet your need, please reach out to UW-IT for consultation. We recommend you address your email to help@uw.edu and ask for the "Microsoft Infrastructure team" which will be specially acquainted with the other solutions in this problem space.