Share via

Conditional Forwarder to Azure DNS Private resolver sometimes returns a public IP address for a private endpoint.

Richard Ward 20 Reputation points
2024-09-11T11:37:16.6966667+00:00

We have a Windows Server 2022 that we are using for DNS queries on our domain.  This server is virtual and in Azure.

We have an SQL server that has a Private endpoint configured.

We have setup a private dns zone(privatelink.database.windows.net) for the sql server in azure and created a dns private resolver.

On the DNS server, we have created a conditional forwarder for privatelink.database.windows .net.

On the Server, Initially, if we run Nslookup xxx-xxx-xxx-xxx.privatelink.database.windows.net then it all works fine, and it returns the Private IP address.

If we then run Nslookup xxx-xxx-xxx-xxx.database.windows.net then it returns the public IP address, which is also correct.

The problem is now if we again run NSlookup xxx-xxx-xxx-xxx.privatelink.database.windows.net then this time it returns the same public address as returned when we run Nslookup xxx-xxx-xxx-xxx.database.windows.net and NOT the private address.

Eventually, after waiting sometime running NSlookup xxx-xxx-xxx-xxx.privatelink.database.windows.net will return the correct private IP address.

Why does running NSlookup to xxx-xxx-xxx-xxx.database.windows.net cause NSlookup to xxx-xxx-xxx-xxx.privatelink.database.windows.net to stop returning the private IP address?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
691 questions
Accepted answer
  1. Ganesh Patapati 1,275 Reputation points Microsoft Vendor
    2024-09-13T09:38:15.1033333+00:00

    Hi Richard Ward,

    Thank you for reaching out to us on the Microsoft Q&A forum.

    As an original poster cannot accept their own answer, I am reposting it so that you can accept it an answer. Accepted answer will help other community members navigate to the appropriate solutions.

    Issue: Conditional Forwarder to Azure DNS Private resolver sometimes returns a public IP address for a private endpoint.

    Solution: We have now resolved the issue. On the internal windows DNS server, we initially created a conditional forwarder to privatelink.database.windows.net. However, what we did to resolve the issue was to remove this and create a conditional forwarder to database.windows.net. After doing this, running nslookup to xxx-xxx-xxx-xxx.privatelink.database.windows.net always returns the correct result.

    Remember to "Accept Answer" so that others in the community who are experiencing similar challenges can easily find a solution.

    Your contribution is greatly appreciated.

    Regards,

    Ganesh

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Richard Ward 20 Reputation points
    2024-09-13T08:17:14.0866667+00:00

    We have now resolved the issue. On the internal windows DNS server, we initially created a conditional forwarder to privatelink.database.windows.net. However, what we did to resolve the issue was to remove this and create a conditional forwarder to database.windows.net. After doing this, running nslookup to xxx-xxx-xxx-xxx.privatelink.database.windows.net always returns the correct result.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.