02-26-2020 07:29 AM
I have started using Azure Private Endpoints to connect to my Azure Databases. These are assigned a dynamic IP when created, so I need to be able to resolve the FGDN back to the IP. I have created Private DNS Zones within my VNet which have the host names in them. However, despite a lot of trying, I have not been able to get the DNS to resolve when using Infoblox.
I have an infoblox appliance running in Azure within the same VNet as my EndPoints and DNS Zones. I was initially hoping vDiscovery would pick them up, but it does not seem to. My next plan was to set up forwarding in Infoblox to forward to the Azure Private DNS. I was hoping this could be done by adding the IP of the Azure Resolver as a Forwarder in my Grid DNS Properties, but this does not seem to work.
I would have expected others would have come across this, but not being particularly familiar with Infoblox I am struggling with how to fix it.
Any help would be greatly appreciated!
08-13-2020 11:22 AM - edited 08-13-2020 11:24 AM
To resolve the Private Endpoints from Infoblox DNS server, you'll need specific conditional forwarders for the public zone of the service you are trying to resolve, to a DNS server running in the Azure VNet where your Private Endpoint lives. The DNS server running in Azure must then be configured to forward resolution to the Azure provided DNS at 188.8.131.52. For example, if you are using endpoints for Azure SQL DB, forward database.windows.net to your DNS server in Azure.
Microsoft's docuemntation covers this well, including a table mapping services to public zones and detailed diagrams for the required forwarding configuration. https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns