Private Endpoint DNS integration over Point to Site VPN connection with Azure Cosmos DB for MongoDB

Question

Facing an issue while resolving the IP of my DB. My scenario is:

1. I have created private endpoint in "Azure Cosmos DB for MongoDB" in the same subnet as my vpn gateway p2s configured.
2. I have tested the DB connection by creating VM in same subnet range, also My VPN is working correctly. I am not able to connect to my local system even after connecting to my VPN, I have added IP of "Azure Cosmos DB for MongoDB" private link in VNET DNS server. still getting the same issue.

then I have followed: https://github.com/dmauser/PrivateLink/tree/master/DNS-Integration-P2S it worked and was able to connect to DB from my local system.

But,

I don't want to create a VM for the simple task. what are the other options to resolve this issue? also If I use DNS private resolver then still I need to configure forward rule in my local system to access the DB? which is also not a good approach can not do this on each client's system manually?

any suggestions & Solution?

Answer 1

@Brijesh Muliya Welcome to the Microsoft Q&A platform, thanks for posting the question and for using Azure Services.

If I understand correctly want to resolve the private endpoint for Azure Cosmos DB for MongoDB without creating a VM or manually configuring each client's system. you can achieve this by integrating Private Link with Azure Private DNS.  Here's a suggested approach:

1. Create an Azure Private DNS zone.
2. Link the Private DNS zone to your VNET.
3. Create a Private Endpoint for your Cosmos DB account.
4. Create an alias record in the Azure Private DNS zone.
5. Configure your VPN Gateway to use the Azure Private DNS zone for DNS resolution. After completing these steps, VPN clients should be able to resolve the Cosmos DB's private endpoint using the Azure Private DNS zone without the need for a VM or manual configuration on each client's system.

I hope this information helps.

Regards

Geetha

Answer 2

1. Instead of using VM as a DNS forwarder, Just create DNS private resolver in the same VNET but add it to another subnet.
2. once you have created DNS private resolver, go to the inbound endpoints of the DNS private resolver and add an endpoint. (choose the subnet of your VPN gateway)
3. Then you will see the IP address will be assigned to that endpoint. Copy that IP address and go to the VNET in which you have configured VPN, Then go to DNS servers and choose custom DNS then add the IP Inbound endpoint. Note: also add 8.8.8.8 otherwise you will lose internet connection after you get connected to VPN.

Don't forget to accept answer if this worked ;-)

Answer 3

I have the same exact issue, but this step can't be done:

1. Configure your VPN Gateway to use the Azure Private DNS zone for DNS resolution. After completing these steps, VPN clients should be able to resolve the Cosmos DB's private endpoint using the Azure Private DNS zone without the need for a VM or manual configuration on each client's system.

As the point to site does not have a DNS configuration, the hub and VWan has no dns configuration, no vnet related (seems internal when you define the ip rantge of the vwan/hub), and I dont have a dns ip where to point int. If I try to create a dns resolver, there is no chance to select a related vnet cause as i said, there is not vnet releated to the vwan/hub.