DNS Resolve issue from AWS to Azure

Question

Hi Experts,

Need suggestion on the below.

We have an application hosted on AWS side that connects to a Azure postgresql flexible database server located on Azure. The AWS side application is using database endpoint to connect.

Lately, we have been experiencing frequent failovers on the azure database side. These failovers result in a change of the database server's IP address. Unfortunately, the DNS server on AWS side is unable to adapt to these IP address changes, leading to failed connections/connections routing to read-only standby.

To temporarily resolve this issue, we have been manually adding DNS records to the AWS DNS server whenever a failover occurs. However, since failovers are unpredictable, we are seeking a more permanent solution. It would be highly beneficial if you could provide a way or workaround that allows the application hosted on AWS to automatically resolve the correct IP address whenever a failover happens.

Private VnetIntegration: Enabled

Region: West US

Thanks,

Vignesh

Answer 1

Hi Vignesh Murugan,

Welcome to Microsoft Q&A forum and thanks for using Azure Services.

As I understand, you are getting connection issue from AWS to Azure PostgreSQL Flexible Server.

For Dynamic client IP address is preventing access.

• If you have an internet connection with dynamic IP addressing and you're having trouble getting through the firewall, try one of the following solutions:
• Ask your internet service provider (ISP) for the IP address range assigned to your client computers that access the Azure Database for PostgreSQL server. Then add the IP address range as a firewall rule.
• Get static IP addressing instead for your client computers, and then add the static IP address as a firewall rule.

In Delegated subnet. A virtual network contains subnets (sub-networks). Subnets enable you to segment your virtual network into smaller address spaces. Azure resources are deployed into specific subnets within a virtual network.

Your flexible server must be in a subnet that's delegated. That is, only Azure Database for PostgreSQL - Flexible Server instances can use that subnet. No other Azure resource types can be in the delegated subnet. You delegate a subnet by assigning its delegation property as Microsoft.DBforPostgreSQL/flexibleServers. The smallest CIDR range you can specify for the subnet is /28, which provides sixteen IP addresses, however the first and last address in any network or subnet can't be assigned to any individual host. Azure reserves five IPs to be utilized internally by Azure networking, which include two IPs that cannot be assigned to host, mentioned above. This leaves you eleven available IP addresses for /28 CIDR range, whereas a single Flexible Server with High Availability features utilizes 4 addresses.

Reference: https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking

Let me know if the above information helps. If not, please share configuration details of the Flexible Server so that we can further investigate.

Thank you.

Answer 2

If you connect using the Azure DNS name, you should not have to change IP addresses in your AWS DNS servers. On this page https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-high-availability#failover-process---unplanned-downtimes it states (step 2) that the connection string does not change. This is handled by Azure.

If you want to use your own domainname for the database server (like database.mycompany.com), you can use a cname record in the DNS server that redirects the database.mycompany.com address to the Azure name.