To create Azure DNS for Cisco Meraki

HASSAN BIN NASIR DAR 351

I have a Cisco Meraki and configured with dhcp and dns.

My customer wants to have a dns in Azure but dhcp should be on Meraki, computers should take IP from Meraki.

Can you send me the steps how to configure Azure dns for Cisco Meraki?

Silvia Wibowo 5,126 Reputation points Microsoft Employee

2025-01-14T00:02:09.8333333+00:00
Hi @HASSAN BIN NASIR DAR , please clarify the details:

What kind of Cisco Meraki product are you trying to deploy on Azure?

Please explain more on the DNS requirement - is it Private DNS, Public DNS, and how it relates to the DHCP process.
HASSAN BIN NASIR DAR 351 Reputation points

2025-01-14T09:32:33.3966667+00:00
Hi

What kind of Cisco Meraki product are you trying to deploy on Azure? I m not trying to deploy any Meraki product in Azure.

Please explain more on the DNS requirement - is it Private DNS, Public DNS, and how it relates to the DHCP process. Cisco Meraki AP is already deployed and have configured DHCP. DNS is set to 8.8.8.8 in DHCP scope. But there is no way to name resolution in the meraki dns. We are using host file for the name resolution. Now we want to deploy a DNS in Azure for the name resolution of meraki’s clients in the replacement of host file (we do not want to use host file anymore because this hectic to update it manually) This is my question which dns zone should be created. Should it be private or public? And what are the other configuration?

Regards
Silvia Wibowo 5,126 Reputation points Microsoft Employee

2025-01-14T20:59:52.61+00:00
Hi @HASSAN BIN NASIR DAR , as I understand it, your use case or requirements:

The DNS service provides name resolution of Meraki Access Point (AP) clients.

You need a DNS service to replace local hosts file, which is hard to maintain.

You want to use Azure to provide the DNS service.

To be able to determine whether Private or Public DNS, I need more information:

Do you use (and own) a registered domain name? Or are you using an arbitrary private domain name (something like mylocal.net)?

What kind of IP address the name translates to - private or public IP addresses? Private IP is in the range of 10.x.x.x, 172.16.x.x, or 192.168.x.x.

Will the DNS service provide only private name resolution (the entries that you put into it) or also public name resolution (the AP clients also needs public DNS resolution such as www.microsoft.com)?

If your AP clients reach the DNS service using public IP address similar to current usage of 8.8.8.8, how do you plan to secure your DNS service in Azure against access from the Internet to mitigate threats posed by external agents? In other words, would you be okay if anyone requests name resolution to your DNS service in Azure?
HASSAN BIN NASIR DAR 351 Reputation points

2025-01-15T02:38:37.4333333+00:00
Do you use (and own) a registered domain name? Or are you using an arbitrary private domain name (something like mylocal.net)? meraki does not have domain name. It has only hostname. (Hostname also can access on the internet?

What kind of IP address the name translates to - private or public IP addresses? Private IP is in the range of 10.x.x.x, 172.16.x.x, or 192.168.x.x. Hostfile has private addresses and this host file is resolving names. AP/broadband device is performing NAT.

Will the DNS service provide only private name resolution (the entries that you put into it) or also public name resolution (the AP clients also needs public DNS resolution such as www.microsoft.com)? should be resolved both private and public. Today we are using dns address 8.8.8.8 (google dns). We want to remove this one as well.
Silvia Wibowo 5,126 Reputation points Microsoft Employee

2025-01-15T04:58:16.4733333+00:00
Hi @HASSAN BIN NASIR DAR , these two options are crossed out:

Azure DNS Private Zones can only be used from inside Azure Virtual Network. You require DNS service to serve on-premises clients, so you can't use Azure DNS Private Zones.

Azure DNS Public Zones requires a registered domain name, which you don't have. So, you can't use Azure DNS Public Zones.

It leaves you with the option of creating your own DNS server on Azure VM. Here is a documentation about the concept: Name resolution using your own DNS server.

You'd need to create a new Azure VM with Windows Server OS, then follow the steps to configure it as DNS server Install and configure DNS Server on Windows Server.

Note regarding security, you have not answered my question "how do you plan to secure your DNS service in Azure against access from the Internet to mitigate threats posed by external agents?".
KapilAnanth-MSFT 48,486 Reputation points Microsoft Employee

2025-01-15T11:13:15.69+00:00
@HASSAN BIN NASIR DAR ,

Azure VNET does not have support for custom DHCP Server.

See : Can I deploy a DHCP server in a virtual network?

This means, all the Azure VMs can only get their IP Address from the platform, not a 3rd party Server (such as Meraki) located in OnPrem/Azure VNET either.

So, "computers should take IP from Meraki." is not feasible. (for Azure VMs)

However, if your intention is to use Meraki DHCP for OnPrem machines, there should not be an issue.

Coming to DNS,

You can use Azure DNS Private Resolver.

Alongside Private DNS Zone for resolving local host names.

This Private DNS Zone needs to be updated with your OnPrem machine hostname <---> it's Private IP

This is the tricky part

The Private DNS Zone was intended to be used with Azure Private resources, the autoregistration feature works for VMs in a VNET.

While you can use it to resolve OnPrem's private resources as well, the entries in this Zone needs to be manually updated. i.e., autoregistration feature cannot be used here.

There should not be an issue with Public name resolution as Private Resolver can be configured to query public DNS queries as well (without the need for any DNS Zones)

NOTE :

In Azure, a single hostname (such as "machine1", "machine2") is called Azure-provided name resolution

And the DNS lookup is scoped to a virtual network.

If you want to have a DNS Server in Azure resolving OnPrem servers, each server should have a name such as

machine1.contoso.com

machine2.contoso.com

Trying to resolve "machine1" alone would not work, users/applications must use the FQDN machineX.contoso.com

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
HASSAN BIN NASIR DAR 351 Reputation points

2025-01-15T19:14:52.7633333+00:00

By the way, is it good approach to deploy Dns in azure for Merachi? Or should we find another solution?
Silvia Wibowo 5,126 Reputation points Microsoft Employee

2025-01-15T20:54:39.6933333+00:00

Hi @HASSAN BIN NASIR DAR , how many lines are we talking about (in hosts file)? How many client machines do you need to deploy the hosts file to? How often does the hosts file change?

On the simplest spectrum, it could be client machines regularly copying hosts file from a central repository, so you only need to maintain the central repository. On the most complex spectrum, it could be a full-blown DNS or even domain services like Microsoft Active Directory. Or somewhere in between. In my opinion, if all of your client machines are on-premises, it makes sense to have the DNS service deployed on-premises. Most routers have DNS capability, it could be an option, too.
KapilAnanth-MSFT 48,486 Reputation points Microsoft Employee

2025-01-16T07:32:28.54+00:00
@HASSAN BIN NASIR DAR ,

Wrt "is it good approach to deploy Dns in azure for Merachi?",

Using an Azure VM as DNS server or Private Resolver for OnPrem servers is supported and is configurable

You should evaluate your use-case and envrionment, and go ahead with a solution that matches your requirement

Cheers,

Kapil

Share via

To create Azure DNS for Cisco Meraki

Your answer