![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 38%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 67%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 48%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello @Alang,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand your question regarding the DNS timeout filtering. By default,
1. Azure does not block outbound DNS queries. However, some networking features may influence DNS resolution. Unless you specify custom DNS servers, Azure virtual machines use the default Azure DNS resolver at 168.63.129.16.
2. If DNS Security Policies are active in your virtual network, they may log or filter DNS traffic and, in some cases, block access to certain domains. Likewise, enabling the Azure Firewall DNS proxy allows DNS queries to be inspected and filtered using domain-based (FQDN) rules. Without these settings, DNS queries typically proceed without restriction.
3. If your Azure VM’s direct queries to the domain’s authoritative servers are timing out, it may be due to how the DNS resolver processes requests or issues with outbound connectivity. The Azure DNS resolver tends to be more strict and can fail quickly when it detects delegation or DNSSEC problems, while public DNS services like Google DNS are generally more flexible in handling these situations. Also, please note that default outbound access for VMs was deprecated in September 2025. If your VM still relies on it, you might experience intermittent connectivity or port exhaustion. Using a NAT Gateway or Azure Firewall helps maintain stable outbound DNS connections.
4. Since you’ve confirmed that your web server is reachable and that public DNS resolvers work fine, the routing itself looks healthy. Microsoft doesn’t block DNS lookups from Azure VMs, but filtering could still happen if a DNS Security Policy or Firewall DNS proxy rule is active in your setup.
Next steps:
- Check your domain’s DNS setup using tools like dnsviz.net or the dig +trace command to identify any DNSSEC or delegation problems.
- If needed, use Azure DNS Private Resolver for hybrid setups, or switch to a reliable public resolver such as Google (8.8.8.8) or Quad9 (9.9.9.9).
- Connect a NAT Gateway to your subnet for stable outbound connectivity.
- Examine your DNS Security Policy and Azure Firewall DNS proxy rules to ensure domain lookups aren’t being blocked by mistake.
Azure DNS overview: Azure DNS overview | Azure Docs
Azure NAT Gateway: What is Azure NAT Gateway? | Microsoft Learn
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote it” wherever the information provided helps you, this can be beneficial to other community members__.__ It would be greatly appreciated and helpful to others.