Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,160 questions
DNS Name Resolution from On-premises for APIM Instance Deployed in Internal VNet Mode
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Taranjeet Malik
546
Reputation points
Hi
We're deploying an APIM instance in internal VNet mode, which means it will have a custom Private DNS Zone linked to it that will host the DNS 'A' records for the APIM components (Dev portal Gateway, Management, and SCM).
The DNS zome (say abc) is owned by our organisation, so we already have DNS servers that are authoritative for resolving the names ending in that domain. As per the APIM requirement, if we deploy the custom Private DNS Zone and host these names in it, in principal it also becomes authoritative for the same zone. As the Virtual Network hosting the APIM instance is using our custom DNS servers (AD DS DNS), how will they be able to resolve these names?
Also, clients from the on-prem will have no means to reach these names, as I can't create a forwarder in AD DS DNS for a DNS Zone that it is authoritative for.
I'm sure this is quite common scenario, and wondering if I'm missing something here. Can someone please suggest how is the DNS addressed in this case?
Thanks
Taranjeet Singh
{count} votes
-
Taranjeet Malik 546 Reputation points
2024-07-18T23:22:32.6833333+00:00 Hello
Can someone please respond to the above question?
Thanks
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 93%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Ben Gimblett 4,530 Reputation points Microsoft Employee2024-07-19T13:58:04.1733333+00:00 Hi - thanks for the question and apologies there's been a delay for reply
If I understand correctly you already have your own DNS which the VNET is configured towards which already provides the resolution for the domain you want to apply to your APIM (internal) endpoints
In this case I don't see that you need the private DNS zone - you can simply configure resolution via your current DNS solution
IMO the reason the APIM VNET doc makes the suggestion of using an Az private DNS zone; the private DNS zone is useful in simpler cases and where you dont have a custom DNS solution . And, Az private DNS zone is also useful if the DNS solution you're using does not resolve the domains for Az resources custom names (which could be both public and private). In this case you can conditionally forward to Az for both the resource public/default name and custom names . Private endpoints would be one example of doing this.
Sign in to comment
Sign in to answer