Unable to create MySQL flexible server without vnet link in centralized DNS Architecture

[hardik-id]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Creating MySQL Flexible Server fails. Error "VnetNotLinkedToPrivateDnsZone" I am following Centrlized DNS Architecture https://learn.microsoft.com/en-us/azure/dns/private-resolver-architecture#centralized-dns-architecture

That means,

• I have Hub with Private DNS resolver, inbound endpoint
• I have all private DNS zones created in the hub, such as "privatelink.vaultcore.azure.net", "privatelink.mysql.database.azure.com"
• Spokes are connected to Hub
• All spoke custom DNS is the inbound endpoint of the hub private resolver.

This configuration allows me to create private link of Key Vault in Hub without linking private DNS zone to spoke vnet. But the same configuration fails when I try to create the private link to MySQL Flexible server

resource "azurerm_mysql_flexible_server" "mysql_server" {
  name                              = "test"
  location                          = var.location
  resource_group_name               = var.rg_name
  administrator_login               = var.administrator_login
  administrator_password            = module.password.password
  backup_retention_days             = 7
  delegated_subnet_id               = var.private_endpoints_subnet_id
  geo_redundant_backup_enabled      = true
  private_dns_zone_id               = data.azurerm_private_dns_zone.private_dns_mysql_server.id
  sku_name                          = "GP_Standard_D2ds_v4"
  version                           = "8.0.21"
  zone                              = "1"

Terraform Version

1.9.8

AzureRM Provider Version

3.116.0

Affected Resource(s)/Data Source(s)

azurerm_mysql_flexible_server

Terraform Configuration Files

resource "azurerm_mysql_flexible_server" "mysql_server" {
  name                              = "test"
  location                          = var.location
  resource_group_name               = var.rg_name
  administrator_login               = var.administrator_login
  administrator_password            = module.password.password
  backup_retention_days             = 7
  delegated_subnet_id               = var.private_endpoints_subnet_id
  geo_redundant_backup_enabled      = true
  private_dns_zone_id               = data.azurerm_private_dns_zone.private_dns_mysql_server.id
  sku_name                          = "GP_Standard_D2ds_v4"
  version                           = "8.0.21"
  zone                              = "1"

Debug Output/Panic Output

│ Status: "VnetNotLinkedToPrivateDnsZone"
│ Code: ""
│ Message: "The virtual network 'vnet-spk-nonprod' is not linked to private DNS zone 'privatelink.mysql.database.azure.com'. Please link the virtual network to zone and retry."
│ Activity Id: ""

Expected Behaviour

It should allow the creation of a MySQL private link without linking the vent to a private DNS zone.

Actual Behaviour

fails with error VnetNotLinkedToPrivateDnsZone

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[neil-yechenwei]

Thanks for raising this issue. It's by service API design. Suggest to file Azure Support Ticket for this feature request.