Common Private DNS Issues

Troubleshoot common issues with private DNS.

If a resolver rule matches the set conditions then the action is applied regardless of result. Later rules are not applied. For example, if the target destination of a forward rule is unreachable, the traffic is forwarded and no further rule actions are taken.
When creating a resolver endpoint, ensure the subnet has enough available IP addresses. Listening resolver endpoints require one. Forwarding resolver endpoints require two.
If compute instances want to resolve private DNS views and rules using the 169.254.169.254 resolver and they're using custom DHCP settings, 169.254.169.254 must appear in the DHCP nameserver list, otherwise 169.254.169.254 only resolves queries to the internet.
The private DNS system evaluates DNS requests in the following sequence:
1. Private views (zones )
2. Rules
3. Internet
Attached views are evaluated first in the order configured. The default view is evaluated next, unless it was included in the list of attached views. A match in the sequence ends the resolution, even if the match results in an NXDOMAIN .
For example, if there were a rule to forward any name matching onprem.example.com to an on-premises system, but there was a zone in a private view defined as example.com. The private view would answer the lookup for onprem.example.com and the forwarding rule would never be reached.