In Private DNS or Enterprise DDI configurations, DNS containers can be configured to run in either authoritative or recursive resolver mode. By default, the DNS container is configured to run in authoritative mode—answering all queries for known zones. In recursive resolver mode, the DNS instance can use a built-in recursor to resolve zones for which it is not authoritative. Each zone created in the Private DNS instance is appended to a list of known authoritative zones. While in recursive mode, this list is the first point of reference before reaching out to the public internet. The DNS container also allows for configuration of an external resolver instead of using the built-in recurser. For example, Cloudflare (1.1.1.1) and Google (8.8.8.8) are well-known and trusted public resolvers.
A forwarding option is available and can be enabled during initial DNS container configuration. Requests to specific zones are forwarded to the IP address of another DNS server. These requests result in a single response from the forwarding server.
Recursive resolver forwarding: List of zones and recursive server addresses. Any query for a name in the configured zone is forwarded to the corresponding recursive server for full resolution. Use this option if you would like queries for certain domain names to be answered by an alternative resolver. Note: You can configure the resolver to send all recursive queries to another resolver by specifying a single dot (.) for the domain.
Authoritative server forwarding: List of zones and authoritative name server addresses. Any query for a name in the configured zone is sent to the corresponding authoritative server, but the full query resolution occurs locally. Use this option to configure resolution for domains that are not accessible from the public internet.