Azure domain joined VM DNS settings issue

azuredomaindomain-name-systemvirtual-machines

I have got an on-premise AD-DC which I am trying to extend to Azure. This server hosts the DNS services as well. I created a VNet on Azure and set its DNS server property to point to my on-premise server. Now from the Vms within the Vnet I can ping my on-premise server and domain join with it. However when I look into the DNS setting section for the VM using the command Get-AzureRmNetworkInterface I still see .fx.cloudapp.net. I am not sure why this is not set to reddog.microsoft.com which should be the case as per the documentation. Any help highly appreciated.

Update on infrastructure details:
1. A Hub network on Azure connected to on-premise over S2S (in future to be converted to Express Route)
2. The Hub network hosts an Azure VM which is hosting ADDC/DNS replicated with on-premise AD. This VM is domain joined with on-premise AD This also hosts a windows jump box
3. The Hub network has its VNet DNS setting pointing to the Azure ADDC/DNS VM IP
4. There is a spoke network connected to the hub over VNet peering which is hosting SAP VMs. The Spoke network is having its DNS setting pointing to the Azure ADDC/DNS VM IP.

Current Issue: None of the VMs on hub/spoke network are showing reddog.microsoft.com as its DNS. Instead some of the VMs are showing .fx.cloudapp.net while others are showing blank when I use Get-AzureRmNetworkInterface command

Best Answer

I guess you have seen this doc.

When you are using Azure-provided name resolution, Azure Dynamic Host Configuration Protocol (DHCP) provides an internal DNS suffix (.internal.cloudapp.net) to each VM. This suffix enables hostname resolution because the hostname records are in the internal.cloudapp.net zone. When you are using your own name resolution solution, this suffix is not supplied to VMs because it interferes with other DNS architectures (like domain-joined scenarios). Instead, Azure provides a non-functioning placeholder (reddog.microsoft.com).

By default, reddog.microsoft.com will be the specific DNS suffix for the ethernet adapter for Azure VM. When a VM joins an AD domain however the primary DNS suffix will automatically be changed for the IP configuration to that of the AD domain which overrides others and adapter DNS suffix ignored.

In this case, even though you see reddog.microsoft.com as the DNS suffix for the adapter as long as the IP configuration primary suffix is that of the domain there is no further action needed. Make sure you joined the domain and added the AD domain suffix correctly. Also, you can restart your Azure VM to take the domain changing effect. You can refer to this similar case.

Related Topic