CODEWITHSUNDEEP
azurenetwork-programmingdnsazure-vpnazure-dns
Debugger
Debugger

Reputation: 792

Azure Private DNS configuration not working with P2S VPN

I have hosted my web application in azure, My team accessing my application vi application gateway private ip using Azure P2P VPN connection. My application is working with private IP, I want to configure dns name and ssl certificates for my private ip.

Following things I have tired so far

  1. Created Azure Private DNS Zone and Linked my VNets

  2. Created A records for my private ips

  3. Added dnssuffixes in azurevpnconfig.xml (Azure VPN Client configuration) enter image description here

  4. I tried accessing test.demo.com, I'm getting site not be reached

Not sure what I'm missing

Clarification would be helpful

  1. Azure wont support private dns configuration for P2S VPN connection ?
  2. Any other workaround to achieve dns and SSL configuration for private IPs ?

Reference :

https://learn.microsoft.com/en-us/answers/questions/64223/issue-with-resolving-hostnames-while-connected-to.html

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems

Upvotes: 1

Views: 4641

Answers (2)

BarrySDCA
BarrySDCA

Reputation: 101

I made a docker container to solve this problem. It's a lean DNS forwarder, which forwards DNS requests to Azure DNS. Set it up as an azure container instance on a private IP and point your VPN DNS client to it. check out the example.

https://hub.docker.com/r/barrybahrami/azurednsforwarder

Upvotes: 0

Gitarani Sharma
Gitarani Sharma

Reputation: 911

As per Name resolution for resources in Azure virtual networks:

enter image description here

In order for the P2S VPN clients to be able to resolve Private Endpoint entries hosted on Azure Private DNS Zones, you must leverage an existing DNS Server (Forwarder or Proxy) or deploy one IaaS VM using a DNS Server role. That is required to P2S VPN clients be able to consume Azure Private DNS Zone which is exposed to 168.63.129.16 via DNS Forwarder/Proxy.

Once you have a DNS forwarder/proxy deployed on Azure, you can define the DNS server at the VNET level or set DNS Server configuration directly on client XLM profile. Post this, you will be able to resolve Private Endpoint entries from your P2S clients.

Refer : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

https://github.com/dmauser/PrivateLink/tree/master/DNS-Integration-P2S

Upvotes: 2

Related Questions