Azure SQL - Custom Domain

Question

Azure SQL - Custom Domain

Sean Hogan 5

I have a question about using a custom domain with Azure SQL.

Let's say we have an Azure SQL resource named sql-server-001.database.windows.net. I want to access this server with the custom domain sql-server-001.dev.mycompany.com. We can easily do this by creating a CNAME record i.e.:

sql-server-001.dev.mycompany.com. IN CNAME sql-server-001.database.windows.net.

This does technically work, however we run into an SSL issue that has to be resolved with TrustServerCertificate=True, which obviously isn't ideal in production environments.

So my question is this: Is there any current or planned support for custom DNS for Azure SQL? (Similar to Azure App Service, for example)

Answer 1

Oury Ba-MSFT 10,331 Microsoft Employee

@Sean Hogan Thank you for reaching out.

My understanding is that you are looking to connect to Azure SQL using your own domain name instead of server name which you were able to achieve using CNAME record however you are running into SSL issues.

Is there any current or planned support for custom DNS for Azure SQL?

Update CNAME record in the DNS server IF you are connecting through private endpoint.

In https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview#dns-configuration, it says we can use private DNS zone or custom DNS server.

Use a private DNS zone. You can use private DNS zones to override the DNS resolution for a given private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.
Use your custom DNS server. You can use your own DNS server to override the DNS resolution for a given private link resource. If your DNS server is hosted on a virtual network, you can create a DNS forwarding rule to use a private DNS zone to simplify the configuration for all private link resources.

How to use different domain name to connect to Azure SQL DB Server

Please let me know if that answer your question. If that not, please comment below so we can work on the same to assist you.

Regards,

Oury

Sean Hogan 5 Reputation points

2023-03-07T17:25:24.84+00:00

Hi Oury -

We've implemented the solution as mentioned. The issue we're facing is the SSL error when connecting to the SQL server via a domain other than database.windows.net
Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2023-03-07T22:20:33.43+00:00

Sean Hogan

Could you please share the SSL error you are getting ?
Sean Hogan 5 Reputation points

2023-03-08T17:04:20.4666667+00:00

@Oury Ba-MSFT

When connecting via SSMS and targeting our custom domain:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (.Net SqlClient Data Provider)
Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2023-03-08T18:15:02.4066667+00:00

Sean Hogan Thank you let me check and get back shortly.

Regards,

Oury
Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2023-03-10T23:17:14.67+00:00

Could you please follow the steps below to fix the ssl error issue.

Resolution

Regards,

Oury
Oury Ba-MSFT 10,331 Reputation points Microsoft Employee

2023-03-14T19:01:39.7633333+00:00

Sean Hogan Just checking if the above resolution link solved the issue. If that does not resolve your issue. I would suggest creating a support ticket so we can further investigate.

Azure SQL - Custom Domain

1 answer

Activity