Unable to connect Azure PaaS Services without host entry.

Prince Rastogi Admin Account 16 Reputation points
2021-12-28T20:46:43.717+00:00

We have resources in Azure like Azure SQL Database and Azure Data Lake Storage Account. All of these are running on private network in azure. we are trying to connect these resources from on premise workstations and getting error. When we add these FQDN and their private IP in host file then we are able to connect these resources without any issue.

We are looking for a solution that will work without adding entries into host file.

Azure SQL Database
Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,351 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,167 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
469 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 47,686 Reputation points Microsoft Employee
    2021-12-29T17:53:33.993+00:00

    Hello @Prince Rastogi Admin Account ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    It's important to correctly configure your DNS settings to resolve the private endpoint IP address to the fully qualified domain name (FQDN) of the connection string.

    You can use the following options to configure your DNS settings for private endpoints:

    1. Use the host file (only recommended for testing)
    2. Use a private DNS zone.
    3. Use your DNS forwarder (optional).

    At the moment, you are using the host file method which is only recommended for testing.

    For on-premises workloads to resolve the FQDN of a private endpoint, you must use a DNS forwarder in Azure, which in turn is responsible for resolving all the DNS queries via a server-level forwarder to the Azure-provided DNS 168.63.129.16.
    Reference : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

    If you check the table in Name resolution for resources in Azure virtual networks article, you can find the below:

    161252-image.png

    Currently, there is no other way to accomplish this requirement as conditional forwarding isn't natively supported for Azure Private DNS but Azure Private DNS Zone resolution from On-premise is planned and is on the roadmap. You can vote for this feature in the below forum:
    https://feedback.azure.com/d365community/idea/f50bd7e3-8526-ec11-b6e6-000d3a4f0789

    Hence, at the moment, you need to configure your on-premises DNS solution to forward DNS traffic to Azure DNS via a conditional forwarder that references the DNS forwarder deployed in Azure for resolution of private endpoint IP address from your on-premises.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments