Reputation: 802
Identify Azure Private DNS Zone entry for Azure Database for PostgreSQL flexible server
I set up an Azure Database for PostgreSQL flexible server instance with private access (VNet Integration). It is mandatory to provide a Private DNS Zone which I did. After successfully creating the instance you can find a record inside that Private DNS Zone with a (generated?) name like a13af2aa1234that points to the private IP of the instance.
Is there a link like This record name belongs to this PostgreSQL instance name that reveals the correlation?
I don't get it why it seems to be generated as the PostgresSQL instance name itself already must be unique (as they prepend that name to postgres.database.azure.com as DNS name).
Edit: If I add a second instance I have two entries in the private DNS zone.
How do I know which record belongs to which instance?
Upvotes: 4
Views: 4459
Answers (4)
Reputation: 2027
In the Azure portal, go to your Azure Database for PostgreSQL flexible server resource and look at the Connect page.
You'll see the FQDN for your database in the Connection details section:
export PGHOST=mydb.postgres.database.azure.com.
This works because the database name mydb is globally unique.
In the DNS, mydb.postgres.database.azure.com has a CNAME record that points to the 'hex' record that you mention in your question. This is an implementation detail; you shouldn't ever use the 'hex' record directly, only the FQDN given to you on the Connect page.
Upvotes: 0
Reputation: 1933
It seems that when the PostgreSQL Flexible server is created within a virtual network with a private DNS zone, the "server name" that you can see in the Azure portal will respond with the private IP.
tldr: just use the {server_name}.postgres.database.azure.com name and it will resolve to the private IP of the private DNS zone.
What happens in practice is that the above name has an NS record that points to the "hex" private zone record:
> dig {server_name}.postgres.database.azure.com NS +short
e4f33bc2df77.{server_name}.private.postgres.database.azure.com.
Resolving the domain (the one without private in it) leads you to the "hex" domain with a CNAME and then to the actual IP address.
> dig {server_name}.postgres.database.azure.com
...
;; ANSWER SECTION:
{server_name}.postgres.database.azure.com. 26 IN CNAME e4f33bc2df77.{server_name}.private.postgres.database.azure.com.
e4f33bc2df77.{server_name}.private.postgres.database.azure.com. 26 IN A 10.0.1.4
...
If this is documented somewhere, I don't know where that is, though.
Upvotes: 4
Reputation: 21
The link you are looking for can actually be found in Azure DNS.
You are never supposed to use the cryptic hex DNS names in your private DNS zone. Instead, use the FQDN of your database as shown in the portal or with az cli.
Assume you have an Azure PostgreSQL Flexible Server my-server in resource group example, and your private Azure DNS zone is my-zone.postgres.database.azure.com
Run
% az postgres flexible-server show -n my-server -g example -o json --query 'fullyQualifiedDomainName'
"my-server.postgres.database.azure.com"
to get the FQDN.
Note: nowhere in the output of az postgres flexible-server show you are going to find that hex-gibberish DNS name that was created in your private zone.
However, if you lookup your flexible server FQDN, for example with the host command, you will find that it is an alias for the entry in your private DNS zone.
# host my-server.postgres.database.azure.com
my-server.postgres.database.azure.com is an alias for de12af34.my-zone.postgres.database.azure.com.
de12af34.my-zone.postgres.database.azure.com has address 10.10.0.4
So here's the link between your flexible server an the cryptic DNS entry in your private zone. But the best thing is, you don't really need to worry about this link. Just use your flexible server's FQDN and you're set.
NOTE: when using PostgreSQL flexible servers with delegated VNETs and private DNS zones, the FQDN can only be looked up from within Azure.
Upvotes: 2
Reputation: 954
Is there a link like This record name belongs to this PostgreSQL instance name*?
Yes, its interrelated to Vnet and DNS zone integration where we allow the traffic.
Vnet subnet range.
When Private DNS zone integration is required to connect to your Flexible Server in virtual network using server name (fully qualified domain name). The DNS records for the server name will be updated automatically in case the IP address of your Flexible Server changes. Learn more
Replicated the same scenario
refer this tutorial for more information.
Upvotes: 1
Related Questions
- AttributeError: 'sqlite3.Connection' object attribute 'execute' is read-only - Python
- sqlite3 and python :sqlite3.OperationalError:
- Getting 'not authorized' error with Python 3.7 and set_authorizer method
- How to connect to a protected Sqlite3 database with Python
- python - cannot use sqlite data
- Python3 sqlite3 BEGIN IMMEDIATE error
- Issue Setting Up Django Database Access API Using SQLite
- Sqlite3 : Unable to Authenticate
- Sqlite using Python3 error?
- I encounter an error when using the SQLITE3 module