Azure Postgres Flexible Server - Vnet integration DNS not resolving

Question

I provisioned the resources accordingly to the documentation. https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking I did the provisioning using BICEP.

The name of the server is my-dev-db and I created a DNS private zone: my-dev.postgres.database.azure.com

Now what I see, is that from my local computer, so public internet, I can ping both my-dev.postgres.database.azure.com and my-dev-db.postgres.database.azure.com

I created a VM in the same VNET and I managed to connect via postgres client, but, not to the private DNS, my-dev.postgres.database.azure.com but to the my-dev-db.postgres.database.azure.com which is the one automatically created by azure as server name. When I try to connect with the private DNS it doesn't resolve.

So my question: Why can I ping both dns from outside Azure. Why the private dns doesn't resolve in the VM.

Really can't make sense of this behavior.

Answer 1

Private DNS

Did you also add an A record to said Azure Private DNS Zone?

I think the zone name should be "postgres.database.azure.com", where you add an A record for "my-dev-db", pointing to the IP(s) of the PostgreSQL instance.

Public DNS

Even though you disable public endpoint for a given Azure resource, its FQDN will still be resolvable by public DNS. But it should not be ping-able nor reachable in general. So nslookup should resolve to a public IP. But ping or PowerShell Test-NetConnection -ComputerName '<fqdn>' -Port 443 should fail.