Azure - Private Link Between Virtual Networks

Question

I have two virtual networks: public and private. On the public vnet there is an app service. On the private vnet there is an azure sql database. The azure sql database has public access blocked and is exposing a private link. The two vnets are peered. The private dns zone for the private link has both vnets linked.

When I VPN to the private vnet I can connect to the private link no problem. When I try to connect via the app service I get an error:

SqlException: Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes (https://learn.microsoft.com/azure/azure-sql/database/connectivity-settings#deny-public-network-access). To connect to this server, use the Private Endpoint from inside your virtual network (https://learn.microsoft.com/azure/sql-database/sql-database-private-endpoint-overview#how-to-set-up-private-link-for-azure-sql-database).

It seems like the app service is using the public IP address (thus the error) as opposed to seeing the private IP address (via the private dns zone).

How can I set up the azure app service to connect via private link across vnets?

Update: My app service is using Docker. I ssh'ed into it and saw that the dns name was resolving to the public IP address. I temporarily added the IP to the hosts file (the private IP), but I still get the same error.

user472292 · Accepted Answer

On the configuration page of your app service you need to add the following app settings:

WEBSITE_DNS_SERVER with value 168.63.129.16 WEBSITE_VNET_ROUTE_ALL with value 1

Azure - Private Link Between Virtual Networks

Answers (2)

Related Questions