I'm currently setting up a virtual network with a private subnet, and I've got an SQL Server connected through a private endpoint in that subnet. This private endpoint has a private IP linked to a private DNS zone, which is connected to my virtual network. I've also set up a virtual network gateway to access the network from my local machine.
The goal is to securely access the SQL Server by being connected to the Virtual Network while preventing any public traffic access. However, although I can connect my local machine to the VNet, I'm running into issues accessing the SQL Server via its privatelink.database.windows.net address. I keep getting an error that says the server is set to deny all public access. A quick nslookup reveals that the resolved IP is 20.x.x.x, suggesting my machine is still trying to reach the server over the public internet despite being connected to the vNet.
What's going wrong here? Thanks for any help!
5 Answers
You're likely running into a situation where VPN gateways don't pass along records from the Azure DNS server to your local network. The public DNS likely gets priority. Setting up a private DNS resolver or even using a VM with CoreDNS or Bind9 as your custom DNS in Azure could completely resolve the issue.
You're definitely on the right track with wanting to block public access. But to do so, you'll need an Azure DNS resolver with a conditional forwarder from your on-premises DNS server directed at the DNS resolver’s IP. That can get a bit pricey, so I’d love to know if there are any cheaper alternatives!
DNS can be tricky with private links. Just a question: do you have a Domain Controller set up, or are you using Azure DNS only? Making sure your configurations align with what Azure expects might help.
Sounds like a DNS issue to me. Sometimes your local machine might still try to resolve the SQL Server to its public IP instead of the private link. You may want to double-check your DNS settings or even link a private DNS zone correctly in Azure.
I think the problem is that your DNS server is still pulling public IP resolutions. For a quick fix, you could manually adjust your hosts file on your local machine. However, long term, it might be better to set up a more robust DNS solution.
Related Questions
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically
[Centos] Delete All Files And Folders That Contain a String