question

jbx999 avatar image
1 Vote"
jbx999 asked Socas edited

Azure Container Instance does not resolve name within the same vnet using private DNS zone

I have a Vnet with 2 virtual machines and 2 container instances.
I have 2 subnets, 10.0.0.0/24 and 10.0.1.0/24, because apparently Container Instances cannot be deployed in subnets that have other types of resources for some reason.

I have a Private DNS Zone with automatic registration, linked to this vnet and the 2 VMs can resolve each other by name. They also show up in the list of registered records, resolving to 10.0.0.4 and 10.0.0.5 respectively.

However, when I try to connect from the Container Instance to the VM, the name does not resolve. If I connect directly by IP address it works.

Furthermore the 2 container instances don't even show up in the Private DNS Zone.

Is there anything I need to do for my ACI to make use of the Private DNS Zone just like the normal VMs are doing? Why are they not resolving names through the Private DNS Zone as they should?


azure-container-instancesazure-webapps-vnet
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@jbx999 Apologies for the delay in response and all the inconvenience caused because of the issue.I have reached out to our internal team on this and will keep you posted once I have an update.Thank you for your patience over the matter.

0 Votes 0 ·

@jbx999 Just want to comment that we have the exact same problems with ACI only being able to reach the Private DNS in the VNet in which the ACIs are deployed for around 50% of our ACI deploys.

We run approximately 50 ACIs in the West Europe Azure region, and had no issues with Private DNS from May 2020 to end of Jan 2021.

Then, suddenly around 50% of ACI deploys couldn't reach Private DNS and therefore not reach neighbour ACIs in the same VNet, nor Private Endpoints to databases deployed in the same VNet.

Since ACIs may change internal IPs on auto-restart, and since private db-endpoints are also registered in the Private DNS Zone, this problem creates big difficulties for us.

Not that it is a solution or sustainable; but have you tried redeploying ACIs (alternatively stop + start (not restart) through the Azure Portal Interface) with a different outcome? Like I said, for us Private DNS is ok for ca 50% of our ACI deploys.

0 Votes 0 ·
prmanhas-MSFT avatar image
0 Votes"
prmanhas-MSFT answered miq commented

@jbx999 Below thread might be helpful:

https://stackoverflow.com/questions/64700687/how-to-get-azure-container-instances-using-my-dns-server

Hope it helps!!!

Please “Accept as Answer” if it helped so it can help others in community looking for help on similar topics



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I saw that, but I am not quite sure what I have to do. How can I know the IP address of the DNS server Azure is using for my Private DNS Zone?
There isn't this information anywhere on the Azure Portal.

0 Votes 0 ·

privateDNS IP is static: 168.63.129.16
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#considerations

Although we experience similar problem in WestEurope region - we need to restart containers several time to finally make it work.

0 Votes 0 ·
jbx999 avatar image
1 Vote"
jbx999 answered Socas edited

In the end I decided to move away from Azure Container Instances. They are a half baked, buggy and unstable product, with crucial functionality missing. You can't expose an ACI that is inside a vnet publicly. Accessing resources inside the vnet by DNS doesn't work properly. Registering the container itself to the private DNS zone works erratically. Furthermore West EU zone seems to be unstable, with support unable to figure out what is going on.

Just stay away from ACI.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have the same problem and I agree with you. Not only containers does not register to DNS, they don't even show on connected devices. This is definitely a show stopper. I'll move to docker on VM.

0 Votes 0 ·