I'm trying to resolve private and public ip addresses of databases in Azure. I do that over a VPN connection. I currently have 2 DNS Forwarder vms in Azure, those are specified as DNS servers in my VPN config. The DNS forward config is as follows:
acl goodclients {
10.0.0.0/8;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { goodclients; };
forwarders {
168.63.129.16;
};
forward only;
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on { any; };
};
I have two database server in Azure, one has a private endpoint with a record in a Private DNS zone, the other does not. When I now try to resolve the ips using nslookup I get the following result:
- the one with a private link returns its private ip as expected
- the one that does not have a private link cannot be found: ** server can't find db1.database.windows.net: NXDOMAIN
Does that mean that I cannot use a Private DNS zone in combination with non-private resources on the same domain? I was expecting the Azure DNS to resolve both (over 168.63.129.16)
Update I was able to narrow it down a bit. Seems that when you add a private endpoint and don't register that in your Private DNS zone, it does not work anymore. I was expecting to still be able to resolve the public ip then since DNS does not know anything about the private endpoint at that point and I did not change the firewall settings on the database server? In this particular scenario, I am using the new Managed VNet option on an Azure Data Factory to privately access the database. I, for the time being, was hoping to be able to use the public IP as well.
