Azure Key Vault Private Endpoint to resolve to a newly created Private DNS Zone
Hi Team,
I was trying to setup a new Private DNS Zone for Azure Key Vault Private Endpoint, instead of utilizing Azure Provided DNS (privatelink.vaultcore.azure.net)
This is what was created:
- Newly created Private DNS Zone: jupiter.core.net
- Created Azure Key Vault Private Endpoint: hellokv123
- In the new Private DNS Zone, specified the A record to the Key Vault Private Endpoint IP Address
- New Private FQDN name for the Azure Key Vault Private Endpoint: hellokv123.jupiter.core.net
Troubleshooting Steps:
Logged into the Virtual Machine, launch Powershell to perform 'nslookup'
- When i add the DNS configuration to associate with newly created Private DNS Zone, this was how it was configured by Azure, NO FQDN & NO IP ADDRESS:
Note: It is not like this when did with Azure Provided DNS (FQDN & IP Address appears as normal)
- When i perform 'nslookup' of the KeyVault with the newly created private DNS FQDN, it resolves with no issue. Please refer to the screenshot.
- When i perform 'nslookup' of the KeyVault with the 'public DNS' FQDN, it does not resolve to the private DNS that was created. Please refer to the screenshot.
- Even than, i tried to access the the Key Vault after logging, it prompted the below error:
From the above, i am thinking the Azure is not registering the newly created Private DNS zone that's being created? If that's so, why? What's the benefit of creating a new private DNS zone when it's not able to be recognized by Azure?
When there's no issue when resolving to Azure provided DNS "privatelink.vaultcore.azure.net", why there's an issue with a newly created Private DNS Zone, when by logic & rightfully, it should work the same.
Private DNS Zone creation is up to the customer's choice of what DNS zone they would like to name & configure and assign the resources. (DNS Zone name can be of any choice by the customer) There isn't a necessity for an organization to use the Azure provided DNS specifically for all the resources. And if that's the manner, than why there is an option to create 'A new private DNS Zone?"
Customers should not be pushed to create several DNS Servers, DNS Forwarders, DNS Rulesets or even have a Hybrid solution when they are unable to maximize the feature of a new Private DNS Zone feature in Azure Cloud to perform the necessary connectivity & resolution within the Cloud Platform.
Is there any way, with the same steps that will be taken to set an A record for the Azure Key Vault Private Endpoint with the Azure provided DNS and able to resolve automatically with the newly created Private DNS Zone?
- When i perform nslookup "hellokv123.vault.azure.net" it resolves to "privatelink.vaultcore.azure.net"
- THE SAME should apply when i perform nslookup "hellokv123.vault.azure.net", it SHOULD resolve to hellokv123.jupiter.core.net (10.0.0.6) with the aliases of hellokv123.vault.azure.net
I would like a solution for the above i asked and not any other recommendations/solutions to configure any other additional components, just ONLY with the Newly Created Private DNS Zone to be able to resolve within the Cloud Platform which it should have been pretty straight forward.
I appreciate your time & patience in reading my post.
Looking forward to your solution & advise.
Thanks
Sathiya