Share via

No DNS resolution through P2S connection

Nicolas ESPIAU 51 Reputation points
2022-09-30T10:27:51.457+00:00

Hi everyone,

I'm new to Azure.

I've built an infrastructure with vnet peerings like this

vnet-hub <-> vnet1

In vnet-hub I've deployed a virtual GW and successfully created a point-to-site session.

From my personal workstation I can ping and ssh to the VMs in the vnet-hub and vnet1.

The problem is: there is no dns resolution from my workstation. Once connected with a vpn, trafic goes properly to the GW except DNS requests.

I've deployed an AKS private cluster with nodes in vnet1 and I can resolve the api endpoint from any VM in vnet-hub or vnet1.
I've tested az cli and kubectl from a VM in the vnet-hub and it works (peering allows dns resolution of the API private endpoint).

If I add a ligne to my local /etc/hosts binding the private endpoint to the API private IP it works, but I would like to let the Azure DNS do its work.

What am I missing?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,418 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 38,041 Reputation points Microsoft Employee
    2022-09-30T12:24:28.797+00:00

    Hi @Nicolas ESPIAU ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you would like to resolve DNS names of Azure resources from P2S clients

    You have to modify the P2S Configuration file to add DNS suffixes for the domains in which you want DNS resolution.

    Refer : How do I add DNS suffixes to the VPN client?

    I hope this helps

    Thanks,
    Kapil

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Kinane 16,796 Reputation points MVP
    2022-09-30T11:14:00.723+00:00

    Hi Nicolas,

    You will need to have either a DNS forwarder or conditional forwarder (server) that can forward these DNS requests to Azure. There is a new option however called Azure DNS private resolver (this is still in public preview currently).

    I wrote a blog post about this recently which allows you to use Azure Private DNS zones using the new DNS Private Resolver service over a P2S connection. This may be a good solution for you.
    https://azurealan.ie/2022/07/26/how-to-query-a-private-dns-zone-over-point-to-site-connection-with-azure-dns-private-resolver/

    1 person found this answer helpful.
  2. Nicolas ESPIAU 51 Reputation points
    2022-10-05T13:49:03.22+00:00

    For the community and people who can't deploy in a Region where Azure DNS Private Resolver is not available yet:

    I managed to enable the DNS trafic by deploying a DNS forwarder on a VM in the same Vnet as my Network Virtual Gateway.
    I decided to user Bind9 because I found this solution in a Deployment Template proposed here: DNS Forwarder VM

    I didn't use the template because I wanted to reuse an existing VNet but I used the init shell script found on the related Github repository.

    Then I updated my VPN parameters to specify the DNS server to use when it's connected and I used the private IP adresse of the VM hosting Bind9 and a public DNS (choose the one you prefer).

    And guess what, it works.

    Lot of thanks to @KapilAnanth-MSFT and @Alan Kinane for your answers and the time you took to help. Very appreciated!

    0 comments