To resolve hostnames within an Azure Private DNS zone (fabrikam.com) from an on-premises network, a DNS forwarder within the Azure virtual network is required. This is because the Azure-provided DNS resolver (at IP 168.63.129.16) is not directly reachable from on-premises.

The solution involves two steps:

1. Deploy a Windows Server virtual machine in the Azure VNet, install the DNS Server role, and configure it to forward DNS queries to Azure's internal DNS service. This VM acts as a proxy. (Option E)

2. Configure the on-premises DNS server (DC1) with a conditional forwarder for the fabrikam.com zone. This forwarder will point to the private IP address of the DNS forwarder VM in Azure, directing all fabrikam.com queries across the Site-to-Site VPN for resolution. (Option A)

B. A stub zone resolves authoritative name servers for a zone, not individual host records. A conditional forwarder is the correct mechanism for this query forwarding scenario.

C. Azure Private DNS does not support the zone transfers required to create and maintain a secondary zone on an external DNS server like DC1.

D. Modifying the virtual network's DNS settings primarily affects name resolution for resources within that VNet, not for resolving names from the on-premises network.

1. Microsoft Learn. (2023). Azure Private DNS scenarios. Section: "On-premises workloads using a DNS forwarder". This document explicitly states

"To resolve private zone records from on-premises

you need to deploy a DNS forwarder in the VNet that is linked to the private zone... Then you can configure your on-premises DNS server with a conditional forwarder pointing to the DNS forwarder in Azure." This directly validates the combination of answers A and E.

2. Microsoft Learn. (2023). Name resolution for resources in Azure virtual networks. Section: "Name resolution that uses your own DNS server". This article details how a custom DNS server (such as the forwarder VM in option E) can be used in a VNet to forward queries to Azure's recursive resolvers for hybrid scenarios.

3. Microsoft Learn. (2023). Use conditional forwarders. This document explains the function of a conditional forwarder on a Windows Server DNS server

which is the technology used on the on-premises DC1 as described in option A.