These days, I was working on a simulation to understand why custom DNS servers resolve the public IP instead of the private IP when using Azure Private Endpoints.
Here, I would like to share some lessons learned about this topic.
We have many definitions on how to configure DNS servers, create Forward Zones, Conditional Forwards, Forwarders, etc., for the DNS database.windows.net to resolve the private IP of the Azure SQL Server Private Endpoint.
During several tests, I found that when we define the Private Endpoint configuration for Azure SQL Server, it is crucial to include the Azure Private DNS Zone.
DNS Server Without Forward Zone for database.windows.net:
Busy DNS Server or Timeout Issues:
Using Azure DNS IP (168.63.129.16) as the Last DNS Server:
Given these scenarios, I would like to suggest configuring the Azure Private DNS Zone even when using Conditional Forwards and custom DNS configurations.
When the DNS server that processes the request is 168.63.129.16, it will first check if there is an Azure Private DNS Zone. If one is defined, it will return the private IP instead of the public IP. Without the Azure Private DNS Zone, the IP returned will always be the public IP.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.