Share via

Public IP Azure

Erik Svensson 25 Reputation points
2023-07-13T13:25:35.44+00:00

Hi All

I have a dns server witch need a public IP to operate. I have configured a Public IP in Azure but cant add it to the server. The settings in the server is by default DHCP. The DHCP dont send a public IP, just a internal ip (10.0.0.4). To use static configuration in the server instead of DHCP I need default gateway and netmask for my public IP address

How can I get this information.

Azure Virtual Network
Azure Virtual Network

An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.

0 comments

Answer accepted by question author

GitaraniSharma-MSFT 50,197 Reputation points Microsoft Employee Moderator
2023-07-21T16:24:22.1633333+00:00

Hello @Erik Svensson ,

As mentioned by @Jackson Martins , you don't need to configure the subnet mask and default gateway in Azure. It is automatically done by the platform.

You cannot set/change the default gateway in Azure. The first IP (x.x.x.1) in a subnet is reserved by Azure for the default gateway as mentioned here.

Associating a Public IP is done via Azure portal/PowerShell/CLI as mentioned in the below docs:

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/associate-public-ip-address-vm

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/virtual-network-network-interface-addresses

However, if you want to change any of Azure's default routing, you can do so by creating a route table.

Please refer: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

You should never manually assign the public IP address assigned to an Azure virtual machine within the virtual machine's operating system. Azure translates a virtual machine's private IP address to a public IP address. As a result, a virtual machine's operating system is unaware of any public IP address assigned to it, so there is no need to ever manually assign a public IP address within the operating system. This is by design behavior in Azure.

If you are using multiple NICs on your VM and are configuring the private IP address to the OS of the VM, then you need to follow the below doc:

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/virtual-network-multiple-ip-addresses-portal#os-config

Coming to PowerDNS, I'm not sure if you are using the Azure Marketplace listed app but it says the installation includes their support package. And their support team is available for any queries at Hossted. Maye you could take a look and reach out to them for further assistance. Since PowerDNS is listed in Azure Marketplace, their support team should have the relevant guides or information about the proper configuration.

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/meanio.linnovate-powerdns?tab=overview

Azure uses Network Address Translation (NAT) to provide Internet access to resources in a private network. NAT is used to modify network requests from the private network and destined to the Internet, allowing multiple computers to share a single public IP address. NAT is applicable to Azure Virtual Networks where all session hosts reside. When a session host tries to reach the network address on the Internet, the NAT Gateway (either your own or default provided by Azure), or Azure Load Balancer performs the address translation.

For more information about various types of Source Network Address Translation, please refer the below docs:

https://learn.microsoft.com/en-us/azure/virtual-network/network-overview#ip-addresses

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access

My last question is if Azure use NAT for (fe80.. addresses) ipv6 addresses for the VMs?

Yes, when a VM initiates outbound communication with a public Internet IPv6-connected device, its source IPv6 address will be network address translated (NAT) to the public IPv6 address of the load balancer.

Refer: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/ipv6-overview

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-overview

https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-ipv6-for-linux?tabs=redhat

https://learn.microsoft.com/en-us/azure/load-balancer/virtual-network-ipv4-ipv6-dual-stack-standard-load-balancer-powershell

https://learn.microsoft.com/en-us/azure/load-balancer/ipv6-add-to-existing-vnet-powershell

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Was this answer helpful?

0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sousa, Reginaldo Pereira de 0 Reputation points
    2023-12-15T12:50:39.33+00:00

    Ok, I understand that you can't assign a Public IP address, what if I wanted to manage my own route table? I want to upload a Virtual ASA in this environment, close several VPN connections with my other environments.

    In this Azure format, it is impractical to do this.

    Was this answer helpful?

  2. Erik Svensson 25 Reputation points
    2023-07-13T17:21:03.1633333+00:00

    The workaround is as follow.

    1. Allow all incomming outgoing traffic to your local net.
    2. Set your internal IP (in my case 10.0.0.4) as local connector in your DNS server.
    3. install a firewall like iptable or PF to your server instead of Azure.

    Was this answer helpful?

  3. Jackson Martins 10,631 Reputation points MVP
    2023-07-13T13:32:14.5566667+00:00

    Hi @Erik Svensson

    In Azure, you generally don't assign a public IP address directly to the server as you might in a traditional data center environment. Instead, you associate the public IP address to the virtual network interface.

    Microsoft has its own router, in this case the public address is on the router, and what Microsoft does is create a "virtual server" or a "bridge" for your vm.

    Why would you need the public gateway?

    If you need to use reverse DNS you can do it with powershell

    update reverse DNS to an existing PublicIpAddress:

    Azure PowerShellCopyOpen Cloudshell

    $pip = Get-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup"
$pip.DnsSettings.ReverseFqdn = "contosoapp1.westus.cloudapp.azure.com."
Set-AzPublicIpAddress -PublicIpAddress $pip

    To add reverse DNS to an existing PublicIpAddress that doesn't already have a DNS name, you must also specify a DNS name:

    Azure PowerShellCopyOpen Cloudshell

    $pip = Get-AzPublicIpAddress -Name "PublicIp" -ResourceGroupName "MyResourceGroup"
$pip.DnsSettings = New-Object -TypeName "Microsoft.Azure.Commands.Network.Models.PSPublicIpAddressDnsSettings"
$pip.DnsSettings.DomainNameLabel = "contosoapp1"
$pip.DnsSettings.ReverseFqdn = "contosoapp1.westus.cloudapp.azure.com."
Set-AzPublicIpAddress -PublicIpAddress $pip

    reference https://learn.microsoft.com/en-us/azure/dns/dns-reverse-dns-for-azure-services#azure-powershell

    Get in touch if you need more help with this issue.

    --please don't forget to "[Accept the answer]" if the reply is helpful--

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.