mohamed benhadjnasr
Reputation: 1
Application gateway can't resolver the dns name of the private endpoint
Hi I am currently trying to build https://learn.microsoft.com/en-us/azure/architecture/web-apps/app-service/architectures/baseline-zone-redundant in terraform but i keep running on this problem where the application gateway can't resolve the private dns name of the private endpoint. the nsgs are not the problem since the I opened all there ports for debugging purposes.
I tried creating a private dns a record or adding a dns resolver but it didn't work
#* Network
resource "azurerm_virtual_network" "the_network" {
name = module.naming.virtual_network.name
location = local.location
resource_group_name = azurerm_resource_group.the_group.name
address_space = [local.vnet_prefixe]
tags = {
environment = "${terraform.workspace}"
}
}
#* Subnets
resource "azurerm_subnet" "Application_Gateway_Subnet" {
name = "Application_Gateway_Subnet"
resource_group_name = azurerm_resource_group.the_group.name
virtual_network_name = azurerm_virtual_network.the_network.name
address_prefixes = [local.gateway_subnet_prefix]
}
resource "azurerm_subnet" "app_service_integration_subnet" {
name = "app_service_integration_subnet"
resource_group_name = azurerm_resource_group.the_group.name
virtual_network_name = azurerm_virtual_network.the_network.name
address_prefixes = [local.app_service_integration_subnet_prefix]
delegation {
name = "webapp"
service_delegation {
name = "Microsoft.Web/serverFarms"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}
resource "azurerm_subnet" "private_endpoints_subnet" {
name = "private_endpoints_subnet"
resource_group_name = azurerm_resource_group.the_group.name
virtual_network_name = azurerm_virtual_network.the_network.name
address_prefixes = [local.private_endpoints_subnet_prefix]
service_endpoints = ["Microsoft.Web"]
}
resource "azurerm_application_gateway" "network" {
name = module.naming.application_gateway.name
resource_group_name = azurerm_resource_group.the_group.name
location = local.location
sku {
name = "Standard_v2"
tier = "Standard_v2"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.Application_Gateway_Subnet.id
}
frontend_port {
name = local.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.the_public_ip.id
}
backend_address_pool {
name = local.backend_address_pool_name
fqdns = [module.the_web_app.endpoint_fqdn]
}
backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
path = "/*"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_name
priority = 9
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
}
}
resource "azurerm_service_plan" "the_plan" {
name = module.naming.app_service_plan.name
resource_group_name = var.resource_group_name
location = var.location
os_type = "Linux"
sku_name = "P1v2"
}
resource "azurerm_linux_web_app" "the_app" {
name = module.naming.app_service.name_unique
resource_group_name = var.resource_group_name
location = var.location
service_plan_id = azurerm_service_plan.the_plan.id
public_network_access_enabled = false
site_config {
application_stack {
dotnet_version = "6.0"
}
}
}
# private endpoints
resource "azurerm_private_dns_zone" "dnsprivatezone" {
name = "privatelink.azurewebsites.net"
resource_group_name = var.resource_group_name
}
resource "azurerm_private_dns_zone_virtual_network_link" "dnszonelink" {
name = "dnszonelink"
resource_group_name = var.resource_group_name
private_dns_zone_name = azurerm_private_dns_zone.dnsprivatezone.name
virtual_network_id = var.vnet_id
}
resource "azurerm_private_endpoint" "privateendpoint" {
name = "${module.naming.private_endpoint.name}-webapp"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = var.private_endpoints_subnet_id
private_service_connection {
name = "privateendpointconnection"
private_connection_resource_id = azurerm_linux_web_app.the_app.id
subresource_names = ["sites"]
is_manual_connection = false
}
private_dns_zone_group {
name = "web-app-dns-zone-group"
private_dns_zone_ids = [azurerm_private_dns_zone.dnsprivatezone.id]
}
}
update: using a vm in the vnet i can resolve the private endpoint dns using the wireserver but can't do the same using the application gateway.
Upvotes: 0
Views: 600
Answers (1)
mohamed benhadjnasr
Reputation: 1
apparently the wire server is not the default dns server for the virtual network unless you add it.
#* Network
resource "azurerm_virtual_network" "the_network" {
name = module.naming.virtual_network.name
location = local.location
resource_group_name = azurerm_resource_group.the_group.name
address_space = [local.vnet_prefixe]
dns_servers = ["168.63.129.16"]
}
Upvotes: 0
Related Questions
- Azure Container Instance Timeout Connecting to Azure SQL Database via Private Endpoint
- Why cannot my Azure Application Gateway connect to my Azure Container App?
- Set up Azure app service calling public access disabled function app that has private endpoint
- Azure private endpoints and Terraform
- Resource was disallowed by policy
- Private endpoint in Azure
- Can we assign a virtual network with multiple private dns zone namespaces as virtual link?
- Not resolving private dns zone over point to site VPN connection into Azure
- Azure ARM template : 'Cannot find VirtualNetwork with name' creating a 'Microsoft.Web/hostingEnvironments' resource