Why is DNS ownership proof needed for a Private DNS Zone?

By
Elli Mongillo
-
0
28
Asked By CuriousCoder42 On

I'm in the process of setting up a Static Web App behind an Application Gateway using a Private Endpoint Link on a private VNet. I already have an external DNS set up that points to the Gateway via an A record. My understanding is that I need to create a Private DNS Zone for the Static Web App, which functions like a hosts file, allowing me to set mappings (e.g., google.com -> mysite.com) that are only resolved within the VNets linked to it. However, when I attempt to set a custom domain for the Static Web App, I'm prompted to verify with a TXT record. This leaves me puzzled because: 1. Why do I need verification for a private configuration? 2. Shouldn't the verification be on the Application Gateway instead, since that's the public-facing service? Have I misunderstood the role of private DNS zones?

3 Answers

Answered By DevDude2023 On

To add on, when creating a private endpoint for a Static Web App, it blocks public access unless you explicitly set up the public access property to null during creation. So, your app could end up being a hybrid resource if that setting isn’t correctly configured. Regarding the App Gateway giving you a 502 Bad Gateway, it looks like it's not resolving the private DNS properly, which may need further troubleshooting on your network setup.

Answered By TechieTraveler99 On

It seems there's a bit of confusion here. The domain verification you're referring to is necessary for using a custom domain with your Static Web App instead of the default one. What you have to do for the private DNS zone is just set up the private endpoint for your web app and link it with the zone—no verification is needed for that. However, once you create a private endpoint, it disables public access to your app.

Answered By WebWhisperer88 On

The verification you're encountering isn't directly related to the private DNS zone but rather the web app itself. The Static Web App manages TLS and therefore requires you to authenticate ownership of the custom domain for which it will issue a legitimate SSL certificate. This verification is essential to ensure that you own the domain you are trying to use with the web app, even though you're operating in a private DNS context.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.