Yesterday we had client with many IP and DNS problems and the screenshot below was taken after we cleaned up about half of them. As you can see, 168.63.129.16 is used both as a DHCP server and as a DNS FORWARDER, and the name shows up as <UNABLE TO RESOLVE>. This is unexpected to Windows Server administrators who understand on-prem DNS and DHCP, but completely normal and correct in Azure VM’s.
If you know anything about IP addressing you will immediately recognize this as a public IP but:
So just what is it?
Microsoft calls it the “Azure WireServer IP“. The IP 168.63.129.16 is a special virtual public IP address used by Microsoft Azure for several critical functions within the Azure platform. This IP address is consistent across all Azure regions and national clouds, and it plays a vital role in the operation and management of Azure resources.
As shown in the screenshot above, for DNS servers in Azure, it is generally recommended to have only 168.63.129.16 listed in DNS forwarding.
If you have internal DNS servers that need to resolve internal domain names not managed by Azure, you might consider adding them as DNS forwarders. However, this depends on your specific network architecture and requirements:
The Microsoft “best practice” for DNS Forwarding in Azure is:
The IP address 168.63.129.16 in Azure is “highly available”. It is a virtual public IP that is used across all Azure regions and national clouds, ensuring consistent availability and reliability. It is
Communication with this IP address is secure, as only the internal Azure platform can source messages from it.
Microsoft has been using the Azure WireServer IP address (168.63.129.16) since the very early days of Azure. This IP address is unique in that it is owned by Microsoft and does not ever change, providing a stable and reliable endpoint for critical Azure services.
One interesting aspect of this IP address is that it does not support reverse DNS lookup. This means that if you try to retrieve the Fully Qualified Domain Name (FQDN) using reverse lookup commands, you won’t receive any FQDN.
Also, 168.63.129.16 will not respond to DNS requests from on-prem servers, so don’t use it as a FORWARDER there.
The Azure WireServer IP address 168.63.129.16 is a cornerstone of Azure’s networking infrastructure, providing DHCP, DNS, VM Agent communication, and health probe services. Its consistent presence across all Azure regions and its secure, reliable operation make it an essential component of the Azure platform.
This website uses cookies.