Name resolution of VMs in Virtual Network after connecting via P2S Client VPN

Rohit Mitra 1 Reputation point
2022-04-08T07:05:38.833+00:00

I recently set up a VM on my Azure subscription and connected it to a vNet. The NIC connecting the VM only has a private IP. Now I added a VPN gateway to this vNet, configured it, and downloaded and installed the VPN Client locally. Now, to connect to the VM, I first connect to the VPN and once that is successful, I check the Private IP assigned to the VM and RDP to it. This all works.

However, I felt it may be easier to connect to the Hostname of the VM instead of via the IP. So, I perform the same set of steps to connect to the VPN and then instead of using the Private IP, I use the Hostname. But this time around, it doesn't resolve. Interestingly, I created another VM in the same vNet and connected to it using its private IP and within VM2, I am able to open the RDP connection to VM1 using the Hostname. But that doesn't work from my VPN Client - basically my PC where I installed the VPN Client.

191216-topology.png

This is the topology of the vNet (prior to me creating the 2nd VM). One option that I already checked was to create Azure Private Zone DNS, but I don't want to go that route. I instead want to be able to use the Azure Provided Name Resolution. I used this link to get a sense of both these options - https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.

And since the Private IP assignment is dynamic (and I want to keep it that way), adding an entry into my local hosts file won't do me any good.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
631 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,551 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,451 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,391 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. srbhatta-MSFT 8,551 Reputation points Microsoft Employee
    2022-04-08T16:58:27.4+00:00

    Hi @Rohit Mitra ,
    Thanks for reaching out to Microsoft QnA.
    To implement your solution in Azure, you need to deploy a DNS forwarder (server) in Azure virtual network, that will forward or query the Azure managed DNS for name resolution.
    Also, since you are using a P2S VPN connection, I assume you are using Azure VPN client. I implemented this in my lab.
    What I did was, deployed a VPN Gateway in the Vnet, created two subnets in the Vnet, in each subnet deployed one VM.
    VM name : VM1-subnet1
    Subnet : subnet1

    VM name : VM2-subnet2
    Subnet : subnet2

    Follow the steps mentioned below:

    Step 1: Install Azure VPN Client from Microsoft Store.
    Step 2: Downloaded the VPN Client present under Point-to-site configuration of the Virtual Network Gateway blade.

    191360-2022-04-08-21-35-58-clipboard.png

    Step 3: Open the downloaded VPN client folder, and open the azurevpnconfig_aad.xml file in editor.
    Step 4: Install DNS role in any one of the windows server VM (I did on VM1-subnet1), open the DNS Manager, add a Conditional Forwarder. Name it internal.coudapp.net, add IP 168.63.129.16
    Step 5: Open azurevpnconfig_aad.xml and add the following

    <AzVpnProfile>  
      <clientconfig>  
      
        <dnssuffixes>  
              <dnssuffix>.internal.cloudapp.net</dnssuffix>  
        </dnssuffixes>  
        <dnsservers>   
        <dnsserver>10.1.3.4</dnsserver>   
        </dnsservers>  
          
    </clientconfig>  
    </AzVpnProfile>  
    

    191387-2022-04-08-22-16-33-clipboard.png

    Step 6: Add your server private IP under <dnsserver> tag
    Step 7: Once again open the Azure VPN Client and select Import, then select azurevpnconfig_aad.xml file. The VPN connectivity will get re-established.

    Post doing this, open the RDP prompt, and type in the vmname.internal.cloudapp.net , it will resolve to the correct IP, you can even try doing a ping to vmname.internal.cloudapp.net, and you will see the ping timing out, but you will definitely see the DNS resolution happening.

    191328-2022-04-08-22-25-49-clipboard.png

    Ping test from my local machine :

    191424-2022-04-08-22-27-10-clipboard.png

    ------------------------------------

    Please don't forget to 179759-accept.png and 179670-upvote.png if you think the information provided was useful so that it can help others in the community looking for help on similar issues.

    0 comments No comments