67 votesDavid Sandbrand commented
Agreed. I just spent a bunch of time fighting with MS on this when the vNet had a private DNS zone.
The workaround was to create a VM on the vNet that runs DNS services, and then manually override the web app to use that VMs internal IP as the DNS server. So clunky, and introduces many failure points.
If the app is truly integrated with the vNet, then the DNS queries will be routed through the vNET.
The amount of traffic this involves is miniscule, and without it, the advertised benefit of "Securely access resources available in or through your Azure VNet." isn't really possible or true!David Sandbrand supported this idea ·