P2S VPN resolves to Private endpoint DNS but connects to Public IP for Storage account and blocked

Question

P2S VPN resolves to Private endpoint DNS but connects to Public IP for Storage account and blocked

Nagulan Sundararajan 0

https://luke.geek.nz/azure/azure-point-to-site-vpn-and-private-dns-resolver/

I've created a VNET and added Custom DNS (Private DNS resolver)

Deployed a VM to iaas subnet
Private endpoint for storage account to pvtendpt subnet

User's image

Private DNS Resolver to dnsres subnet

User's image

I can connect to the VM via P2S VPN but not to the storage account via private endpoint.

Local Machine connected via P2S VPN resolves private endpoint on nslookup but connects to public IP on ping but not the VM

User's image

SaiKishor-MSFT 17,331 Reputation points

2023-02-23T20:18:28.8266667+00:00

@Nagulan Sundararajan I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!
SaiKishor-MSFT 17,331 Reputation points

2023-03-06T19:38:21.8333333+00:00

@Nagulan S I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!

1 answer

Your answer

SaiKishor-MSFT 17,331 Reputation points

2023-02-23T20:18:28.8266667+00:00

@Nagulan Sundararajan I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!
SaiKishor-MSFT 17,331 Reputation points

2023-03-06T19:38:21.8333333+00:00

@Nagulan S I am reaching out to see if you have any further questions. If so, please let us know and we will be glad to assist further. If the below answer was helpful, please make sure to Accept it as answer as it helps other members in the community. Thank you!

Answer 1

@Nagulan s Thanks for reaching out to Microsoft Q&A.

Looking at your setup, you have the following-

Vnet
Private DNS Zone with A record for storage
Deployed a VM in the IAAS subnet

However, you cannot get the local machine to connect to storage account via the private endpoint, you need the following resources-

On-premises network
Virtual network connected to on-premises
DNS forwarder deployed in Azure
Private DNS zones privatelink.database.windows.net with type A record
Private endpoint information (FQDN record name and private IP address)

Please refer to the following image to see how this works-

On-premises using Azure DNS

This configuration can be extended for an on-premises network that already has a DNS solution in place. The on-premises DNS solution is configured to forward DNS traffic to Azure DNS via a conditional forwarder. The conditional forwarder references the DNS forwarder deployed in Azure.

Do you have a DNS solution on-premises that can forward this request to Azure DNS? Please refer below to see how this can be setup:

On-premises forwarding to Azure DNS

I see that you may not have a DNS forwarder deployed on-premises and/or in Azure to forward this request to Azure provided DNS to be able to resolve this. Please make sure you have this in place and let me know if that helps.

Thank you!

Share via

P2S VPN resolves to Private endpoint DNS but connects to Public IP for Storage account and blocked

1 answer

Your answer