You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, this appears to be slightly different for App Services that use Unique Default Hostnames because the default hostname for the App Service includes a region name - e.g.
test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net
It's not obvious from the documentation whether the Private DNS Zone should be:
privatelink.<region>.azurewebsites.net
or
<region>.privatelink.azurewebsites.net
so some clarification in the documentation would be super helpful. (Note that other services that include a region in the fqdn have privatelink as a prefix - e.g. privatelink.northeurope.backup.windowsazure.com and privatelink.northeurope.azmk8s.io)
Possible Bug with Unique Default Hostnames?
I'm not sure where the best place to report this is - if there's a better place please let me know.
I've tried attaching Private DNS Zones in both name formats to a Private Link connected to an App Service that uses a Unique Default Hostname and neither work, with the following problems:
<region>.privatelink.azurewebsites.net - when attaching this zone to the Private Endpoint in a DNS Configuration the A records from the App Service (test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net , test-a6gqaeashthkhkeu.eastus-01.scmazurewebsites.net don't get added automatically to the Private DNS Zone as they normally do with App Services with non-Unique Default Hostnames.
privatelink.<region>.azurewebsites.net - when attaching this zone to the Private Endpoint in a DNS Configuration the A records from the App Service (test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net , test-a6gqaeashthkhkeu.eastus-01.scmazurewebsites.net do get added automatically to the Private DNS Zone but the CNAME returned from appears to be test-a6gqaeashthkhkeu.<region>.privatelink.azurewebsites.net, so the recursive DNS query to resolve the CNAME fails.
Our DNS setup is... complex... so there could be something wrong in our configuration, but clarifying the required Private DNS Zone setup per above would at least confirm which one we should be using.
The text was updated successfully, but these errors were encountered:
@mikeclayton
Thank you for bringing this to our attention.
I've delegated this to content author @msangapu-msft, who will review it and offer their insightful opinions.
mikeclayton
pushed a commit
to mikeclayton/azure-docs
that referenced
this issue
Sep 23, 2024
It turns out I was doing the wrong thing - the Azure Private DNS Zone to attach to the Private Endpoint for web apps that use Unique Default Hostnames is neither of these:
privatelink.<region>.azurewebsites.net
<region>.privatelink.azurewebsites.net
It's in fact, the same as web apps that don't use Unique Default Hostnames:
privatelink.azurewebsites.net
What happens is the A records that get automatically created in the Private DNS Zone include the <region> part:
Name
Type
Value
mywebapp-<hash>.<region>
A
<private endpoint ip>
mywebapp-<hash>.scm.<region>
A
<private endpoint ip>
and this then resolves the fqdn mywebapp-<hash>.<region>.privatelink.azurewebsites.net
I've added some specific details about this in PR #124485 in case it helps others...
Documentation Improvement Request
The documentation at Using Private Endpoints for App Service apps describes the required DNS configuration for App Services that use a Private link.
However, this appears to be slightly different for App Services that use Unique Default Hostnames because the default hostname for the App Service includes a region name - e.g.
It's not obvious from the documentation whether the Private DNS Zone should be:
or
so some clarification in the documentation would be super helpful. (Note that other services that include a region in the fqdn have
privatelink
as a prefix - e.g.privatelink.northeurope.backup.windowsazure.com
andprivatelink.northeurope.azmk8s.io
)Possible Bug with Unique Default Hostnames?
I'm not sure where the best place to report this is - if there's a better place please let me know.
I've tried attaching Private DNS Zones in both name formats to a Private Link connected to an App Service that uses a Unique Default Hostname and neither work, with the following problems:
<region>.privatelink.azurewebsites.net
- when attaching this zone to the Private Endpoint in a DNS Configuration the A records from the App Service (test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net
,test-a6gqaeashthkhkeu.eastus-01.scmazurewebsites.net
don't get added automatically to the Private DNS Zone as they normally do with App Services with non-Unique Default Hostnames.privatelink.<region>.azurewebsites.net
- when attaching this zone to the Private Endpoint in a DNS Configuration the A records from the App Service (test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net
,test-a6gqaeashthkhkeu.eastus-01.scmazurewebsites.net
do get added automatically to the Private DNS Zone but the CNAME returned from appears to betest-a6gqaeashthkhkeu.<region>.privatelink.azurewebsites.net
, so the recursive DNS query to resolve the CNAME fails.Our DNS setup is... complex... so there could be something wrong in our configuration, but clarifying the required Private DNS Zone setup per above would at least confirm which one we should be using.
The text was updated successfully, but these errors were encountered: