Acess webapp from custom domain in private DNS

Question

I want a web app to be accessed by VMs in a vnet using custom domian in private DNS. I could access the webapp using custom domain in public DNS but I am not able to do it using private DNS.
I also created a private endpoint of the webapp in the same vnet but could not acess it from VMs in the vnet using private DNS.
Any help on this will be much appreciated.
Thanks.

Answer 1

Hi,

I was able to do this using an app gateway (private ip) doing tls termination and host rewrite - front end had a cert issued by a trusted internal CA - so all internal systems accessing the app gateway front end were able to establish a tls session successfully, back end implicitly trusts the web apps cert due to it being issued by a public trusted root CA.

I registered the front end of my app gateway private ip to my private DNS zone (webapp.sandbox.lab).

The private endpoint automatically created the "privatelink.azurewebsites.net" private dns zone.

Thanks,

J

Answer 2

anonymous user, Thanks for the question. If you need to use a custom DNS name, you must add the custom name in your Web App. The custom name must be validated like any custom name, using public DNS resolution. How are accessing? Do you receive any error?

You could With private DNS server (or an Azure DNS private zone), for tests you can modify the host entry of your test machine. -The DNS zone that you need to create is: privatelink.azurewebsites.net. Register the record for your Web App with a A record and the Private Endpoint IP. For example, the name resolution will be:

| Name | Type | Value | Remark |
| mywebapp.azurewebsites.net | CNAME | mywebapp.privatelink.azurewebsites.net | <--Azure creates this entry in Azure Public DNS to point the app service to the privatelink and this is managed by us |
| mywebapp.privatelink.azurewebsites.net | A | 10.10.10.8 | <--You manage this entry in your DNS system to point to your Private Endpoint IP address |