This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
I have an Azure SQL Server that I would like to access from 2 different VNET's. I can create Private Endpoints to both VNET's, but how about the name resolution?
In here https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns I see the following:
Existing Private DNS Zones tied to a single service should not be associated with two different Private Endpoints as it will not be possible to properly resolve two different A-Records that point to the same service. However, Private DNS Zones tied to multiple services would not face this resolution constraint.
So how would I enable name resolution to Azure SQL from both VNET's? Thanks for any replies!
You should be able the connect your two VNETs with VNET Peering and link the Azure Private DNS zone to both. You only need one private endpoint for the Azure SQL service.
https://learn.microsoft.com/en-us/azure/architecture/guide/networking/private-link-hub-spoke-network
Thanks for the reply! Yeah I thought about peering, but there is no other need for these networks to see each other, only the Azure SQL connection is required in both networks. As such, I would have liked to avoid peering the networks if in any way possible.
As a workaround, you can create a separate private DNS zone in another resource group. It will be the same zone name privatelink.database.windows.net but it is possible to create this in a separate resource group and then integrate your second private endpoint with this private DNS zone. Your two VNETs would be linked to one of these private DNS zones each. This way, each VNET has its own DNS zone to resolve the correct private endpoint. I did a quick test on this, and it is working OK for me.
Thanks @Alan Kinane for the great answers! Kind of weird that this sort of deployment is not supported with just one Private DNS zone, but maybe my situation is not as common as I thought. I'll investigate my options. :)