app service in vnet isolation with logic app api connector, connectionRuntimeUrl resolution issue of

DavidPerry-1112 11 Reputation points

Hi There folks,

I have an app service in vnet isolation with a logic app using a connector.  Connector uses the connectionRuntimeUrl that points to is not able to be resolved by the default Azure dns of the vnet

Testing confirms that adding a private zone dns for the fqdn resolves the issue.  (this cannot be to permanent fix as its dynamic)

Surely Azure dns should be able to resolve an azure service.

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,895 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,006 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Priya Kumar 1,096 Reputation points Microsoft Employee

    Hello David,

    Thanks for reaching out to Q&A platform.

    Regarding your query, if the issue is getting resolved by creating the “private zone”, I doubt you trying to access the service using Internal Access point.

    Please reconfirm the configuration:

    1. Was the connector is Logic App ISE?
    2. What do you see in the access endpoint?
    3. Internal: Private endpoints permit calls to logic apps in your ISE where you can view and access inputs and outputs from logic apps' runs history only from inside your virtual network.
    4. External: Public endpoints permit calls to logic apps in your ISE where you can view and access inputs and outputs from logic apps' runs history from outside your virtual network. If you use network security groups (NSGs), make sure they're set up with inbound rules to allow access to the run history's inputs and outputs. For more information, see Enable access for ISE.
      If using Private Endpoint, you need Private DNS zone to resolve the FQDN to a private IP address.

    Priya Kumar

  2. JananiRamesh-MSFT 22,121 Reputation points

    Hi @DavidPerry-1112 Thanks for getting back, this seems like a configuration issue, and it needs further investigation I would suggest you open a support ticket as our support engineers have the best tools to assist you further. Do you already have a support plan, or I can create a one-time free support ticket to resolve the issue?

  3. DavidPerry-1112 11 Reputation points

    So as it turns out. There is a problem with these three requirements not mixing

    1. a vnet isolated environment and an internal APIM
    2. a private dns zone for - to reference the internal IPs of the APIM
    3. an application service environment with logic apps, using private IP

    As soon as you try to reference the api connector triggerurl

    you will be confronted with an issue where resolution is broken -> -> -> ->    

    You see the middle of the resolution is CNAMEs that use the zone.

    At this stage the fix would be to remove the logicapp triggerurl from the extra CNAMES.

    0 comments No comments