Azure API Management resolving internal URL

7
votes

We've implemented a setup as follows:

  • App Service Environment having different app services exposing different APIs. This instance is configured as an internal instance, so no public access.
  • We've configured an internal (private) DNS zone. This zone is used to create internal URLs for the API's.
  • API Management instance which is exposed to the outside. Here the API's need to be registered using the Swagger files exposed by the APIs themselves.
  • Everything is contained within the same VNet.

Now what we see is two things:

  1. From a VM inside the VNet, I can browse the URL of the API without any issue and download the Swagger file.
  2. When we try to register the API within API management, it throws an error stating the file could not be downloaded. When we register manually and then try to call the API, we get a DNS resolve error.

So it seems as if the API Management instance is not able to resolve our custom DNS zone as setup in Azure. I could not find any information that tells me whether this scenario is supported or not. Any pointers that might help find the problem are very welcome indeed.

Update when we register the API via uploading a file and then try to call one of the API methods, the following error appears: 

The remote name could not be resolved

This same address resolved just fine from a VM within the exact same VNet.

1
azurevirtual-machineazure-api-managementvnet
Did you resolve this issue as I am experiencing something similarPhil Murray
We did not, no. It seems this is (was?) a limitation of API Management even though the support engineer we discussed this with was under the impression that it should work. Due to time constrains we ended up not using this.Jasper
Just out of curiosity - do you operate APIM in internal or external VNET mode? We are operating APIM in internal mode in 2 scenarios like dev.to/kaiwalter/… and we are able to resolve private DNS zones in our APIs.Kai Walter
The honest answer is: no idea :) I've moved on from this project so I don't know and have no way of checking any more. Thanks for posting the info though, might help future readers.Jasper

1 Answers

0
votes

I have the same issue, when I look for online, the below solution looks promising. It is self-explanatory, DNS forwarded need to enable between vnets. More information is here https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server

enter image description here