Hi,
I am currently in the process of deploying infrastructure using ARM (and bicep), the requirements for this infrastructure will see the deployment of a virtual network into which I need to host both Azure SQL Database and Azure App Service, both using private endpoints. I have a set of working templates that can deploy the resources and configuration I need, including the necessary private DNS zones and configuration for privatelink.azurewebsites.net and privatelink.database.windows.net.
The problem I have subsequently encountered in that the private DNS zone configuration generated when creating the private endpoint only creates DNS records that support the primary deployment slot on the web app:
The image shows 2 web apps created along with the associated kudu site host pointing to the appropriate private IP addresses. This works as expected from within the virtual network, a ping to ***-aweb01.azurewebsites.net
returns the expected IP address of 10.200.10.5
, however if any deployment slots are present they are not accessible, with a ping for ***-aweb01-slotname.azurewebsites.net
not resolving within the private DNS zone and instead returning the public IP address, leading to a 403 if any attempt is made to visit the URL within the virtual network.
The only workaround I have found requires that a set of manually added DNS records needs to be created for each slot, this is a more difficult task to perform within ARM templates but also means that private endpoints for web app are not fully compatible with all app service features.
I don't feel like this workaround should be required and that the DNS configuration options within the private endpoint should be respinsible for maintaining this records?
----------