In this design diagram I explain a hybrid DNS architecture on Azure. This diagram covers two scenarios:
Scenario 1 with User1 (blue lines):
- User1’s computer is in Project1 vnet.
- User1 is trying to reach the file share in a different vnet (possibly in a separate subscription).
- User1 must rely on the DNS server in his/her vnet for name resolution.
Scenario 2 with User2 (green lines):
- User2’s computer is in Project2 vnet.
- User2 is trying to reach the file share in the same vnet.
- User2 relies on the default vnet-bound private DNS zone for name resolution (this design is still valid even if user2 relies on the DNS server in the other vnet for name resolution).
Important points to note:
- For hybrid name resolution across Azure and on-prem, your on-prem users can use the DNS server as a DNS proxy to be able to reach the private endpoint (file share). That requires Project1 vnet to be connected to your on-prem network.
- Use this guide on Microsoft docs for more detailed scenarios.