![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 10%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,727 questions
@Sunilprasath Elangovan - Thanks for the question and using MS Q&A platform.
From your diagram, it seems like frontend and backend private links are in the same vnet, which makes no sense in the same subnet since they will point out to the same resource.
You can check in the private dns zone if there are the proper A records in there, as per the documentation you refer.
But I think the problem is related to a more architectural design, in the documentation you refer, there isn't any vnet peering, transit and customer data plane vnets are not peered and have different dns zones.
Normally in this type of hub & spoke network topologies, with vnet peering, you would have 3 vnets:
- Transit vnet: Has vpn gateway and private endpoint for web auth, linked with dns zone
- Hub vnet: Has private endpoint for web app and storage accounts
- Data Plane vnet: linked with dns zone
Peering happens between transit and hub, and between hub and data plane.
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.