Azure Cloud Servers, Relay and Roaming Clients
I have just two servers in Azure Cloud. They are domain controllers used for Kerberos authentication for Azure files. I would like them to be protected by DNS Filter and it seems that DNS forwarding isn't going to work. According to the documentation, I would need to setup a relay. However, I feel like this is overkill for just two VMs. I was wondering if simply installing the roaming client on the servers would accomplish the same thing as the relay. I think it would, but I want to make sure that there isn't something I'm not considering with doing so.
-
Andrew Roper Thanks for your question! We don’t recommend installing the Roaming Client on servers or domain controllers—this can lead to performance issues and interfere with DNS functionality.
For your Azure domain controllers, the best approach is to configure DNS forwarding to our anycast IPs for protection. It’s quick to set up, especially for just two VMs, and avoids the complexity of deploying a Relay. You can find step-by-step instructions here: Configuring Your Network.
If forwarding isn’t an option in your environment, the next best choice is to deploy a DNSFilter Relay for network-level filtering. Here’s our guide for that setup: DNS Relay Deployment Guide.
While installing the Roaming Client may seem simpler, it’s not supported for servers and can cause authentication or DNS reliability issues—forwarding or Relay deployment will give you more consistent and reliable protection.
0 -
When forwarding data you could go along with mfa or file transfer along with filter but it only works if you have correct IP address location I noticed so I change to proxy server and a different filter it's hard to come up upon
0
Please sign in to leave a comment.
Comments
2 comments