If you're using spring-boot, try with 2.3.9.RELEASE and azure-spring-boot-starter-keyvault-secrets 3.2.0 and azure-client-authentication 1.7.12.
Azure Key Vault URI DNS Name Resolver Exception
I am using Azure App Service (Regional Vnet Integrated) and Paas Services Like Azure Key Vault, Azure Storage with System Managed Identity and Service endpoints enabled to access the Azure Key vault.
I am using Spring Boot Application.
And integrated the Key vault as per following doc.
https://learn.microsoft.com/en-us/java/api/overview/azure/spring-boot-starter-keyvault-secrets-readme?view=azure-java-stable
Also in App service we have set the config properties as follows:
WEBSITE_VNET_ROUTE_ALL - 1
WEBSITE_DNS_SERVER - 168.63.129.16
But i am getting below exception on application startup-
Caused by: java.net.UnknownHostException: failed to resolve '$$$$.vault.azure.net' after 2 queries
at io.netty.resolver.dns.DnsResolveContext.finishResolve(DnsResolveContext.java:1013)
... 22 common frames omitted
Caused by: io.netty.resolver.dns.DnsNameResolverTimeoutException: [/8.8.4.4:53] query via UDP timed out after 5000 milliseconds (no stack trace available)
Also similar connection issues to other Paas Services.
There is no document to follow to configure connections in such a case.
Any one faced such issue?
3 answers
Sort by: Oldest
-
-
Siva-kumar-selvaraj 15,681 Reputation points
Mar 17, 2021, 6:56 PM Hello @SonalBK843 ,
Thanks for reaching out.
This issue seems to be more on DNS resolution (io.netty.resolver.dns.DnsNameResolverTimeoutException project) related than Azure Key vault starter.
The Azure SDKs support users to bring their own http client implementation while constructing the sdk client.
In addition that could you try to customize the reactor http client like this
https://projectreactor.io/docs/netty/release/reference/index.html#_host_name_resolution_2
Hope this helps.
----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well. -
Felipe Roris Surerus 6 Reputation points
Mar 25, 2021, 3:48 PM Like @Gabriel Nica mentioned, this started with latest versions of spring boot, which uses netty under the hood, which changed the DNS resolution and now it fails.
I was able to do a work-around like @sikumars-msft suggested! below is an example with certificates library, you can do the same for other libs like secrets
reactor.netty.http.client.HttpClient nettyHttpClient = reactor.netty.http.client.HttpClient.create() .resolver(DefaultAddressResolverGroup.INSTANCE); HttpClient httpClient = new NettyAsyncHttpClientBuilder(nettyHttpClient).build(); CertificateClient certificateClient = new CertificateClientBuilder() .httpClient(httpClient) .vaultUrl(keyVaultUri) .credential(new ManagedIdentityCredentialBuilder().build()) .buildClient();
A similar fix was done with WebClient --> https://github.com/reactor/reactor-netty/issues/1431