Usually on our other private DNS zones, they reference things like core.windows.net<\/code> or arc.azure.com<\/code> etc.<\/p>\n

This is the first time we’ve tried doing a sub of our mydomain.com<\/code> namespace.<\/p>\n

I’ve seen on the internet I can just delegate k8s.mydomain.com<\/code>. The process is create an “A” record for the IP of the Inbound Endpoint of the DNS private Resolver. For the sake of this lets say that’s 10.10.5.5<\/code>.<\/p>\n

So I created an “A” record and called it “azure-k8s-dns.mydomain.com<\/code>” and pointed it to 10.10.5.5<\/code><\/p>\n

Then I created a delegation for the zone “k8s” and entered the hostname “azure-k8s-dns.mydomain.com<\/code>” as the DNS server. And saved it.<\/p>\n

If I do an nslookup of the kubernetes test service I have called “store-front” it fails to resolve.<\/p>\n

So:<\/p>\n

nslookup store-front.k8s.mydomain.com<\/code><\/p>\n

Returns:
\n*** dc1.mydomain.com can't find store-front.k8s.mydomain.com: Server failed<\/code><\/p>\n

However, if I enter:<\/p>\n

nslookup store-front.k8s.mydomain.com azure-k8s-dns.mydomain.com<\/code><\/p>\n

Which tells my nslookup to use that host for DNS it returns:<\/p>\n

Server:  UnKnown\nAddress:  10.10.5.5\n\nNon-authoritative answer:\nName:    store-front.k8s.mydomain.com\nAddress:  10.224.0.7\n<\/code><\/pre>\n
(IP of my load balancer out in Azure - so that works)<\/p>\n
So I’m not sure why this isn’t working. Is this not possible? Do I just need to not use a sub of mydomain.com<\/code> for stuff out on Azure?<\/p>","upvoteCount":5,"answerCount":1,"datePublished":"2025-06-18T20:39:17.748Z","author":{"@type":"Person","name":"anthonyg","url":"https://community.spiceworks.com/u/anthonyg"},"suggestedAnswer":[{"@type":"Answer","text":"
We have an Azure Kubernetes Instance and we created a Private DNS Zone that is a sub-domain of our AD domain (AD domain being mydomain.com<\/code>). So like:<\/p>\n
k8s.mydomain.com<\/code><\/p>\n
Usually on our other private DNS zones, they reference things like core.windows.net<\/code> or arc.azure.com<\/code> etc.<\/p>\n
This is the first time we’ve tried doing a sub of our mydomain.com<\/code> namespace.<\/p>\n
I’ve seen on the internet I can just delegate k8s.mydomain.com<\/code>. The process is create an “A” record for the IP of the Inbound Endpoint of the DNS private Resolver. For the sake of this lets say that’s 10.10.5.5<\/code>.<\/p>\n
So I created an “A” record and called it “azure-k8s-dns.mydomain.com<\/code>” and pointed it to 10.10.5.5<\/code><\/p>\n
Then I created a delegation for the zone “k8s” and entered the hostname “azure-k8s-dns.mydomain.com<\/code>” as the DNS server. And saved it.<\/p>\n
If I do an nslookup of the kubernetes test service I have called “store-front” it fails to resolve.<\/p>\n
So:<\/p>\n
nslookup store-front.k8s.mydomain.com<\/code><\/p>\n
Returns:
\n*** dc1.mydomain.com can't find store-front.k8s.mydomain.com: Server failed<\/code><\/p>\n
However, if I enter:<\/p>\n
nslookup store-front.k8s.mydomain.com azure-k8s-dns.mydomain.com<\/code><\/p>\n
Which tells my nslookup to use that host for DNS it returns:<\/p>\n
Server:  UnKnown\nAddress:  10.10.5.5\n\nNon-authoritative answer:\nName:    store-front.k8s.mydomain.com\nAddress:  10.224.0.7\n<\/code><\/pre>\n
(IP of my load balancer out in Azure - so that works)<\/p>\n
So I’m not sure why this isn’t working. Is this not possible? Do I just need to not use a sub of mydomain.com<\/code> for stuff out on Azure?<\/p>","upvoteCount":5,"datePublished":"2025-06-18T20:39:17.819Z","url":"https://community.spiceworks.com/t/azure-dns-question-about-zone-delegation/1216475/1","author":{"@type":"Person","name":"anthonyg","url":"https://community.spiceworks.com/u/anthonyg"}}]}}