Web App and Private DNS zone support
Web App support for using Azure Private DNS Zones without a DNS server to forward requests through. We are able to resolve the private dns queries from a VM that uses Azure provided dns and linked Private DNS zone, but the Web App is not able to do the same when using regional vnet integration. We must set the vnet to use a VM or on-prem DNS server that forwards requests to the Azure DNS IP, which is then able to return the private dns records. For a PaaS implementation, this seems clunky. The use case is to send Web App traffic across an ExpressRoute circuit, to the backend, while using URLs rather than private IPs.
John Hyde commented
Hi, just been running around trying to do the same form a function app! Be good to get this working soon as it would be really usefull.
David Sandbrand commented
Agreed. I just spent a bunch of time fighting with MS on this when the vNet had a private DNS zone.
The workaround was to create a VM on the vNet that runs DNS services, and then manually override the web app to use that VMs internal IP as the DNS server. So clunky, and introduces many failure points.
If the app is truly integrated with the vNet, then the DNS queries will be routed through the vNET.
The amount of traffic this involves is miniscule, and without it, the advertised benefit of "Securely access resources available in or through your Azure VNet." isn't really possible or true!