Connected to Azure P2S connection, I can ping IP address of devices however cannot ping hostname.

Question

I am connected to a P2S connection which allows me to see on-prem and Azure cloud devices. I am able to ping the IP address of these and get a response. However I need to be able to ping the hostname/FQDN of these devices.

What DNS changes do I need to make for this? Is it a case of doing some forwarding on Azure?

Answer 1

@Jack Salsbury ,

Thank you for reaching out to us.

As you are unable to resolve the FQDNs of the devices, it is required to set-up a DNS solution to achieve this. You can go through the various scenarios described here to choose your DNS solution as per your requirements.

If you need to resolve on-prem services in Azure and vice versa, you can use Azure DNS Private Resolver to achieve this. Azure DNS Private Resolver is a new service that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers. You can go through this documentation for implementation.

Hope this helps. Please let me know if you have any additional questions. Thank you!

Answer 2

if you create a DNS private resolver and define inbound endpoints, you have a service that can forward DNS requests from your P2S VPN, as described by @ChaitanyaNaykodi-MSFT . However, you also need to update your VPN profile to use this DNS server. Finally, please do not check using nslookup. This will not work, since Azure VPN is resolving names in a different way.

If you have a client (like webbrowser) that tries to connect to the resource, please make sure you activate the VPN BEFORE you start the client. Most clients do cache the IP addresses. This implies that when they resolved the public IP address, they will never connect to the internal IP address.

What resources are you trying to connect to? If using PaaS services, please make sure to create the private endpoints and appropriate privatelink DNS zones.