-2

I have an application gateway (AG) and a linux VM on the same Vnet (without custom DNS server).

I try now to configure the AG with a backend pool that targets the VM using the FQDN of this VM (and not the IP nor the NIC). I get the FQDN using the command nslookup "$(hostname)".

The AG does not manage to resolve the VM FQDN. The Connection troubleshoot of the AG failed at the DNS resolution. Every VMs in the same Vnet succeed in resolving this FQDN but not the AG...

How to use an internal linux fqdn on an Application Gateway? If it is possible...

Thank you.

Nicolas Labrot
  • 4,017
  • 25
  • 40

1 Answers1

0

How to use an internal linux fqdn on an Application Gateway? If it is possible...

It's possible to use internal FQDN. If you want to use FQDNhostname.xxx.bx.internal.cloudapp.net, you could use an application gateway with SKU V2. However, the V2 currently must have a public frontend.

In this case, Here are two suggestions:

  1. Deploy a custom DNS server. I just use a built-in DNS server on one Windows VM in the current VNet, create an A record pointing to it's VM IP address, make sure DNS resolution work. Then add the DNS server's IP address in the DNS servers setting of VNet page in the Azure portal.

    Note: you need to remove your application gateway and re-deploy it to take the DNS effect in the same VNet. Add the VM FQDN as the backend of APP GW.

    enter image description here

  2. Without a custom DNS server, you could deploy an Azure DNS private zone. Note: It is not possible to create a private zone on a not empty VNet. The feature is planned for the GA.

    I create a DNS private zone like contoso.local and add an A record mapping the Linux VM in the zone. Then add the internal FQDN linuxvmhostname.contoso.local to the internal Application Gateway backend. It will work. You can access the backend VM via the frontend private IP of App Gw. Read more about name resolution for resources in Azure virtual networks.

    enter image description here You could follow these steps to create an Azure DNS private zone using the Azure CLI

Overall, you also could directly target VM using virtual machine selection when you edit the backend pool.

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • 1
    Note: It is not possible to create a private zone on a not empty vnet. The [feature](https://feedback.azure.com/forums/217313-networking/suggestions/34686697-azure-dns-private-zone-for-non-empty-vnets) is planned for the GA – Nicolas Labrot Dec 31 '18 at 09:02
  • Yes, Currently, if you create a private zone, you have to re-create a new VNet. – Nancy Dec 31 '18 at 09:14
  • Not for my use case because my vnets are not empty (I have edited the description of my question). I would suggest that you edit your answer to cover "empty vnet" (possible) and "non empty vnet" (not yet possible) – Nicolas Labrot Dec 31 '18 at 09:15