Allow DNS alias masking for SQL Azure Database Server
We would like to be able to take an azure sql server's instance name (server01.database.windows.net) and add an alias entry to our internal DNS for resolution which aligns to our existing set of onpremise standards.
Chris Egan commented
This would be very useful
There is a workaround which i will detail here but it comes with an additional risk that this would get rid of.
So you can currently do this as long as you set TrustServerCertificate=True in your con string and then use your internal DNS name.
We are doing it with private link to inject it into multiple VNETs then using our DNS to allow access, in one case this is over a VPN to the vnet using the private IP and DNS to route the traffic through the VPN.
So in our dns we have the private link IP address of the server and name eg server1.example.com this all resolves correctly and allows the login but because its an encrypted connection an error is thrown that the certificate does not match the server name in the connection string, as the cert is against the windows.net name you need to tell the connection to ignore that and trust the cert anyway, this does open up risks around spoofing etc as you are no longer validating the server certificate just trusting it etc
Johan Bennink commented
I'm out of votes but I like this idea.