This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 49%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
I recently deployed an AKS Cluster using terraform but I cannot connect to it using the API Server FQDN visible from the portal as it doesn't appear to have registered itself with Azure DNS.
I googled for solutions and found the following troubleshooting guide, but although it mentions checking the DNS of the FQDN for the API Server, it doesn't mention how to correct the problem if the FQDN does not resolve. https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/connectivity/troubleshoot-cluster-connection-issues-api-server
I've tried "reconciling" the cluster using "az aks update" but this doesn't appear to have corrected the missing DNS entry. Can anyone suggest how I can fix this please and what may have caused it?
Additionally, since I can't get the FQDN to resolve, I could potentially just add a static entry into my local hosts file for now, but could anyone tell me how I can identify the private IP of the API server without the FQDN please?
Thanks,
James
Hello James McGuire,
Thanks for posting your question in the Microsoft Q&A forum.
The FQDN resolution failure typically stems from missing links between the Private DNS Zone and your custom DNS infrastructure:
privatelink.<region>.azmk8s.io to Azure’s built-in DNS. Conditional forwarding rules must cover subdomains.For DNS servers in a separate VNet or subscription: Navigate to the Private DNS Zone in the AKS-managed resource group. Under Virtual network links, add a link to the VNet where your DNS servers reside
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful
Thanks for your reply. I managed to use the AI Troubleshooting feature in the cluster and it was telling me that the DNS configuration was ok -- although it would have helped if it could display precisely how it was checking this! I became aware that it was creating a Private DNS Zone and I did indeed have a missing link to the VNET which I was connected from, so I've added that in now and hopefully it has fixed the issue. Thanks again. Although I must admit I am wholly confused by how any of this works. In the DNS Zone there is only a single SOA record, no A records for the cluster's API Server FQDN/IP.
There was a pre-existing vnet link in the PDNS zone to the vnet on which the cluster resides, and this vnet is already configured to use Azure's DNS servers. So I'm left confused as to why if I use nslookup to directly query the FQDN of the AKS Cluster API Server from the Azure DNS Servers, why I wasn't able to resolve the FQDN? Puzzling mechanism.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 9%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Hi James McGuire,
Just checking in to see if your issue has been resolved or further assistance is required for your query.
Feel free to reach out if you have any further queries.
If you found the information useful, please click "Accept answer" and "Upvote" on the post to let us know.
Hi James McGuire,
Just checking to see if you could solve the issue or further assistance is required for your query.
Feel free to reach out if you have any further queries.
If you found the information by hossein jalilian useful, please click "Accept answer" and "Upvote" on the post to let us know.