How to connect Private endpoint created in Azure for Mongo DB (Atlas)

Raviraj Velankar 66 Reputation points
2024-04-07T06:39:26.08+00:00

Hello Experts,

This is regarding Mongo DB (Atlas) cluster & accessing over private endpoint.

Atlas Mongo DB is not Azure native DB service, however it is one of the Partner resource. In Atlas portal, we can create private link service and using resource ID of private link service can create private endpoint in Azure Virtual Network. How to connect to that Private Endpoint of Mongo DB from Azure VM

Since it is not native Azure PaaS resource, as per understanding we can not create Private DNS Zone in Azure for Atlas Mongo DB

As per Atlas documentation, need to use 'DNS seedlist connection string' to connect to Atlas Mongo DB using private endpoint.

Following are the queries

  1. For Azure VM, default DNS Server is Azure DNS which has IP - 168.63.129.16 when tried to perform DNS seedlist query from Azure VM then that DNS query gets forwarded to Azure DNS first and Azure DNS will forward it to Atlas default DNS domain i.e. 'mongodb.net' and it will provide public IP of Mondo DB Cluster Hosts and not the private IP address. What needs to be done in order to get only private IP address (configured as private endpoint in Azure Vnet) for Mongo DB .. Do we need to create any 'A' record and in which DNS ? or is there any other process to be followed
  2. For Onpremise Network which is connected to Azure through Express Route. If End user from Onpremise Network has executed same 'DNS seedlist connection string' query for Mongo DB (Atlas) to access it through private endpoint (configured in Azure) then that DNS query first gets forwarded to local DNS Server in Onprem. Whether it is feasible to use 'conditional forwarder' configured in Onprem local DNS Server to forward that query to Azure DNS Private resolver service and whether Azure DNS private resolver service will be to get the private IP address of Mongo DB (Atlas) by again querying to Azure DNS. Whether it is feasible for Onprem end user to connect to private endpoint of Mongo DB (Atlas) through Azure or it is not feasible . If feasible then please share process/steps/documentation to be followed. I searched in Azure documentation but did not found proper & relevant document about this use case or scenario. It would be helpful if we get the guidance.
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
469 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 35,251 Reputation points Microsoft Employee
    2024-04-08T05:08:04.16+00:00

    @Raviraj Velankar ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to connect to your 3rd party service via Private EndPoint.

    A simple Web search takes me to : Learn About Private Endpoints in Atlas

    Wrt, "Since it is not native Azure PaaS resource, as per understanding we can not create Private DNS Zone in Azure for Atlas Mongo DB"

    • This is incorrect.
    • You can create a Private DNS Zone and link it to the VNET from which you are trying to connect to the PE (VNET of the source VMs)
    • With Azure Native services, this is automated.
    • In your scenario, this is manual and is doable.
    • Please check the 3rd party documentation to arrive at the correct Domain name.
    • From the document, I see, "pl-0-eastus2.uzgh6.mongodb.net" is being used.
      So, you can either
    1. Create a Private DNS Zone named "mongodb.net" and add an A Record "pl-0-eastus2.uzgh6"
    2. or Private DNS Zone named "uzgh6.mongodb.net" and add an A Record "pl-0-eastus2"
    • Both should resolve to the PE IP 10.0.0.4
      User's image
    • I am not sure which is the proper naming convention, please check with the third party.

    Wrt Question 1.)

    • I believe the previous points answers this.
    • You can always create a Private DNS Zone and create your custom A records and make them resolve to the PE 's IP

    Wrt Question 2.)

    "Whether it is feasible to use 'conditional forwarder' configured in Onprem local DNS Server to forward that query to Azure DNS Private resolver service and whether Azure DNS private resolver service will be to get the private IP address of Mongo DB (Atlas) by again querying to Azure DNS."

    Hope this helps.

    Cheers,

    Kapil

    0 comments