question

AidanBree-2512 avatar image
0 Votes"
AidanBree-2512 asked GitaraniSharmaMSFT-4262 answered

Private DNS / Link - certificate issue

We have an issue with the use of Private DNS and I'm wondering if someone has encountered the same issue and whether there is a solution out there.

Scenario:

We are operating a three environment model in Azure whilst we operate from a single on-premise environment. We will be utilising services in Azure deployed with Private Link, where the only access is over the internal network. We need to be able to resolve names from the on-premise network for each of the three environments

Here is the solution that I designed
134530-screenshot-2021-09-23-at-143744.png



Unfortunately, this has an issue in that by deploying custom Private DNS names - and not the out-of-the-box zone, the certificate validation fails when connecting to resources.

Can anyone suggest how this should be done?

azure-dnsazure-private-link
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @AidanBree-2512 ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Conditional forwarding isn't currently natively supported for Azure Private DNS.
References: https://docs.microsoft.com/en-us/azure/dns/private-dns-overview#other-considerations
This is a feature request by many customers and the backend team is working on it.

Azure Private DNS manages and resolves domain names in the virtual network and provides hostname resolution between virtual networks using virtual network peering.
To enable resolution between Azure and on-premises networks, see Name resolution for VMs and role instances.

If you need resolution of Azure hostnames from on-premises computers, you need to forward queries to a customer-managed DNS proxy server in the corresponding virtual network, the proxy server forwards queries to Azure for resolution.

If you need resolution of Azure Private Endpoints from your on-premises, you can use your DNS forwarder to override the DNS resolution for a private link resource.
Reference : https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.