1

I have hosted my web application in azure, My team accessing my application vi application gateway private ip using Azure P2P VPN connection. My application is working with private IP, I want to configure dns name and ssl certificates for my private ip.

Following things I have tired so far

  1. Created Azure Private DNS Zone and Linked my VNets

  2. Created A records for my private ips

  3. Added dnssuffixes in azurevpnconfig.xml (Azure VPN Client configuration) enter image description here

  4. I tried accessing test.demo.com, I'm getting site not be reached

Not sure what I'm missing

Clarification would be helpful

  1. Azure wont support private dns configuration for P2S VPN connection ?
  2. Any other workaround to achieve dns and SSL configuration for private IPs ?

Reference :

https://learn.microsoft.com/en-us/answers/questions/64223/issue-with-resolving-hostnames-while-connected-to.html

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems

Improve this question
5
  • you are reffering the document of P2S VPN connection and your question is about P2P VPN connection and i don't see anything related to P2P in azure. Azure Only provide P2S and S2S VPN connection if i am not wrong. Commented Dec 23, 2021 at 6:38
  • @RahulKumarShaw-MT - Apologies for the typo. I updated the question. I'm referring P2S VPN connection. Commented Dec 23, 2021 at 7:09
  • did you tried the solution provided in lnk : learn.microsoft.com/en-us/answers/questions/64223/… Commented Dec 23, 2021 at 8:11
  • As a best practice, do not use a .local domain for your private DNS zone. Not all operating systems support this. : learn.microsoft.com/en-us/azure/dns/private-dns-overview Commented Dec 23, 2021 at 8:29
  • @Debuggger please let me know if above links suggestion works for you or not? Commented Dec 27, 2021 at 6:40

2 Answers 2

Reset to default
2

As per Name resolution for resources in Azure virtual networks:

enter image description here

In order for the P2S VPN clients to be able to resolve Private Endpoint entries hosted on Azure Private DNS Zones, you must leverage an existing DNS Server (Forwarder or Proxy) or deploy one IaaS VM using a DNS Server role. That is required to P2S VPN clients be able to consume Azure Private DNS Zone which is exposed to 168.63.129.16 via DNS Forwarder/Proxy.

Once you have a DNS forwarder/proxy deployed on Azure, you can define the DNS server at the VNET level or set DNS Server configuration directly on client XLM profile. Post this, you will be able to resolve Private Endpoint entries from your P2S clients.

Refer : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

https://github.com/dmauser/PrivateLink/tree/master/DNS-Integration-P2S

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I made a docker container to solve this problem. It's a lean DNS forwarder, which forwards DNS requests to Azure DNS. Set it up as an azure container instance on a private IP and point your VPN DNS client to it. check out the example.

https://hub.docker.com/r/barrybahrami/azurednsforwarder

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.