Azure App service using custom dns to resolve server machine hostname using fqdn instead of private IP

Question

Azure App service custom dns server name resolver to machines hostname fqdn instead of private IP

I have azure app service hosted which can connect to VMS using VNET integration and custom dns server is also setup for name resolution, However app service is able to communicate to VM using only private IP adress and not via fqdn, I used the networking tools in azure app service and following is the result, 172.23.2.150 is the private IP address of the VM to which I need to connect from app service, fqdn Is the fully qualified domain name of VM (virtual machine), App service is connected to VNET and there are custom dns servers primary 172.23.0.4 and alternate dns server 172.23.0.5

Default Server is used instead of Custom DNS Server for name resolution, First it goes to custom dns server( 172.23.0.4) but it times out and then it goes to Default Azure DNS Server but over there it finds just the private ip address (Image1)

Also below (Image2) is the configuration done on VNET in attached to app service to link to custom DNS Server

One of the link says create a forwarder on the DNS VM machine, but no detail steps are given

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#name-resolution-using-your-own-dns-server

Name resolution that uses your own DNS server

In order to resolve a VM's host name, the DNS server VM must reside in the same virtual network, and be configured to forward host name queries to Azure. - DNS forwarder is available in the Azure Quickstart Templates gallery and GitHub. But that is for ubuntu only

On Windows – Any inputs How can this be configured, Any inputs, Below is the screenshot to create forwarder in DNS on windows VM.

(Image3)

Answer 1

Lets take a step back and go over your scenario, and the best way to get DNS resolution.

First off, you are only using 1 Virtual Network. Your Web App is connecting via Azure App Service VNet Integration, which is a P2S VPN join into your Virtual Network. For all DNS resolution scenarios for your Web App, it will act the same as a P2S VPN.

Next, typically VMs get a FQDN from a Public IP Address. This address is registered via Public DNS, and will resolve to your Public IP Address, not your internal IP Address. If you are using this address and want to resolve it to your VNET level IP address, you will need to override the record in your custom DNS, or use a different DNS name for your VMs.
As you discussed earlier, and is discussed in this doc, you can use the 'internal.cloudapp.net' name resolution within your virtual Network by forwarding records to Azure's DNS, creating a DNS Private Zone, or adding your own records to your DNS Server. As you already have a custom DNS server set up, the easy way is to just create the records in your DNS server, and then your Web App will resolve it without issue.

If you would like to forward the records to Azure DNS, you will need to create a conditional forwarder to send 'internal.cloudapp.net' DNS suffix to the recursive resolver at '168.63.129.16'. For the screenshot you posted, the DNS Domain will be 'internal.cloudapp.net', and all you should need on the 2nd area is the IP Address. After that, the records should be able to resolve.

Answer 2

The end goal of your scenario is to resolve internal IPs via a DNS name. After re-reading your scenario, I am not sure that forwarding the DNS queries will work for an Azure Web App With VNET Integration. Private DNS Zones will also not work.

The easiest and best solution for your scenario is to create a DNS 'A' record in your private DNS server that will point an address to the VM.