-1

security concern with Azure Database. I want my database to have a private DNS name so that it cant get access from internet.

I have tried with options available on Azure cloud while creating Database, but none of them helped me.

This is a cloud compute question so it dosnt involve code.

Jeroen Heier
  • 3,520
  • 15
  • 31
  • 32
Anshita
  • 13
  • 2
  • Did you create a virtual network? See [here](https://azure.microsoft.com/nl-nl/blog/azure-dns-private-zones-now-available-in-public-preview/) – Jeroen Heier Jan 08 '19 at 04:55
  • What database are you referring to? Something running in a VM? SQL Database Service? Cosmos DB? Something else? Also, you mention trying "options" but you haven't shown what those are, or what errors you get. Please edit your question with specifics. Otherwise, it runs the risk of being closed as "unclear" or "too broad." – David Makogon Jan 08 '19 at 05:11
  • The database I have mentioned here is sql Database in Azure. While creating a Sql database, we get a DNS specified to the particular db. But this DNS is by default Public and can be accessed from Internet . My concern here is to make my db private(weather it should have a private DNS or Private Ip). But azure dont have a concept of specifying Private IP to Database. Is there any way that we can make DNS as Private so that my Database is not at all visible to Internet. – Anshita Jan 08 '19 at 06:55
  • check here https://stackoverflow.com/questions/50483132/how-to-secure-access-from-app-service-to-azure-sql-database-using-virtual-networ/57986995#57986995 – Sajeetharan Sep 18 '19 at 07:23

2 Answers2

0

Azure SQL Database has a Domain Name System (DNS) server.

A DNS alias can be used in place of the Azure SQL Database server name. Client programs can use the alias in their connection strings. The DNS alias provides a translation layer that can redirect your client programs to different servers. This layer spares you the difficulties of having to find and edit all the clients and their connection strings.

And the Microsoft document also said the common uses for a DNS alias:

  1. Create an easy to remember name for an Azure SQL Server.
  2. During initial development, your alias can refer to a test SQL Database server. When the application goes live, you can modify the alias to refer to the production server. The transition from test to production does not require any modification to the configurations several clients that connect to the database server.
  3. Suppose the only database in your application is moved to another SQL Database server. Here you can modify the alias without having to modify the configurations of several clients.

The Internet relies on the DNS. The DNS translates your friendly names into the name of your Azure SQL Database server.

The DNS alias is for your Azure Database server not the database instance. You can connect to the Azure Database with your unique DNS alias connection string.

So we can add private DNS to Azure Database but can not completely restrict its access from internet.

For more details you can see:

1.DNS alias for Azure SQL Database

2.Manage your DNS aliases

Hope this can helps you.

Leon Yue
  • 15,693
  • 1
  • 11
  • 23
  • This does not prevent custom dns name resolution of the database endpoint; it's available publicly, just like the default assigned dns name. – David Makogon Jan 09 '19 at 00:04
0

You cannot block dns lookup for an Azure SQL Database. However, you can set up IP-based restrictions, allowing for traffic coming from only the IP addresses you specify. The settings are located within the server the SQL Database is assigned to:

firewall setup

You may also grant access to a vnet (regardless whether you allow for IP-based access).

lastly, there's the option to provide access to other Azure services (a generic on/off switch).

With these restrictions in place, you can effectively block database access from all external sources (other than the ones you specify, if any).

David Makogon
  • 69,407
  • 21
  • 141
  • 189