Open RostKost opened 1 year ago
Hi @RostKost,
2.45.0 is not the latest Azure CLI(2.46.0).
Please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.
@necusjz for awareness
Same issue for me. I'm not able to reach scm through private endpoint. Any updates on this? @yonzhan
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
I'm hitting this issue as well, all though I'm using azure policy DINE to deploy this, do we have any updates?
"resources": [
{
"name": "[concat(parameters('privateEndpointName'), '/deployedByPolicy')]",
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"properties": {
"privateDnsZoneConfigs": [
{
"name": "sites-privateDnsZone",
"properties": {
"privateDnsZoneId": "[parameters('privateDnsZoneIdSites')]"
}
},
{
"name": "sitesScm-privateDnsZone",
"properties": {
"privateDnsZoneId": "[parameters('privateDnsZoneIdSitesScm')]"
}
}
]
}
}
]
the same issue for me and my team
Join those who have this issue
It has been a long time. Can we get some clarification from Microsoft on this?
It seems that Azure documentation on this is not consistent. For example here, it is stated that just one private DNS zone should be created: https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint#dns
This is how we have it set up, and it works just fine. The privatelink.azurewebsites.net
zone just ends up getting two A records for every app, one with the .scm
suffix attached to it. Kudo is accessible via the private end point.
We are also using the built in DINE policy here, which only configures the privatelink.azurewebsites.net
zone on the app service private endpoints : /providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452
Describe the bug
DNS records for the Private endpoint are automatically generated but one of them is placed in the wrong private DNS zone. Both DNS records of type A are located in the private DNS zone 'privatelink.azurewebsites.net'
The Private endpoint for Azure Web App is linked to two FQDN that point to aliases:
Based on private-endpoint-dns documentation private DNS zone are created in line with recommended naming privatelink.azurewebsites.net scm.privatelink.azurewebsites.net
DNS zone configuration can be added for the Private endpoint through the portal or az command
az network private-endpoint dns-zone-group add
The result DNS zone configuration for the Private endpoint is here:
Command Name
nslookup appname.scm.privatelink.azurewebsites.net
Errors:
To Reproduce:
Steps to reproduce the behavior.
az network private-endpoint dns-zone-group add --endpoint-name {} -n {} --resource-group {} --zone-name "scm_privatelink_azurewebsites_net" --private-dns-zone {}
az network private-endpoint dns-zone-group add --endpoint-name {} -n {} --resource-group {} --zone-name "privatelink_azurewebsites_net" --private-dns-zone {}
nslookup appname.scm.privatelink.azurewebsites.net
command from a host in the same vNetExpected Behavior
"test-service.scm.privatelink.azurewebsites.net" record will be added to "scm.privatelink.azurewebsites.net" zone, not to "privatelink.azurewebsites.net and nslookup will resolve the name appname.scm.privatelink.azurewebsites.net to the IP address
Environment Summary
Additional Context