Open RostKost opened 1 year ago
azure-client-tools-bot-prd[bot]
commented
1 year ago Hi @RostKost,
2.45.0 is not the latest Azure CLI(2.46.0).
Please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.
yonzhan
commented
1 year ago @necusjz for awareness
akhilthomas011
commented
1 year ago Same issue for me. I'm not able to reach scm through private endpoint. Any updates on this? @yonzhan
microsoft-github-policy-service[bot]
commented
1 year ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
Schillman
commented
10 months ago I'm hitting this issue as well, all though I'm using azure policy DINE to deploy this, do we have any updates?
"resources": [
{
"name": "[concat(parameters('privateEndpointName'), '/deployedByPolicy')]",
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "sites-privateDnsZone",
"properties": {
"privateDnsZoneId": "[parameters('privateDnsZoneIdSites')]"
}
},
{
"name": "sitesScm-privateDnsZone",
"properties": {
"privateDnsZoneId": "[parameters('privateDnsZoneIdSitesScm')]"
}
}
]
}
}
]
falken01
commented
8 months ago the same issue for me and my team
belozd
commented
8 months ago Join those who have this issue
eehret
commented
1 month ago It has been a long time. Can we get some clarification from Microsoft on this?
It seems that Azure documentation on this is not consistent. For example here, it is stated that just one private DNS zone should be created: https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint#dns
This is how we have it set up, and it works just fine. The privatelink.azurewebsites.net zone just ends up getting two A records for every app, one with the .scm suffix attached to it. Kudo is accessible via the private end point.
We are also using the built in DINE policy here, which only configures the privatelink.azurewebsites.net zone on the app service private endpoints : /providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452
Describe the bug
DNS records for the Private endpoint are automatically generated but one of them is placed in the wrong private DNS zone. Both DNS records of type A are located in the private DNS zone 'privatelink.azurewebsites.net'
The Private endpoint for Azure Web App is linked to two FQDN that point to aliases:
Based on private-endpoint-dns documentation private DNS zone are created in line with recommended naming privatelink.azurewebsites.net scm.privatelink.azurewebsites.net
DNS zone configuration can be added for the Private endpoint through the portal or az command
az network private-endpoint dns-zone-group addThe result DNS zone configuration for the Private endpoint is here:
Command Name
nslookup appname.scm.privatelink.azurewebsites.netErrors:
To Reproduce:
Steps to reproduce the behavior.
az network private-endpoint dns-zone-group add --endpoint-name {} -n {} --resource-group {} --zone-name "scm_privatelink_azurewebsites_net" --private-dns-zone {}az network private-endpoint dns-zone-group add --endpoint-name {} -n {} --resource-group {} --zone-name "privatelink_azurewebsites_net" --private-dns-zone {}nslookup appname.scm.privatelink.azurewebsites.netcommand from a host in the same vNetExpected Behavior
"test-service.scm.privatelink.azurewebsites.net" record will be added to "scm.privatelink.azurewebsites.net" zone, not to "privatelink.azurewebsites.net and nslookup will resolve the name appname.scm.privatelink.azurewebsites.net to the IP address
Environment Summary
Additional Context