FQDN for Azure VNG dynamic IP - azure

I'm aware that Azure does not support static IP address on their VNG. Is it possible in anyway to configure FQDN for the VNG in such a way that when the IP address changes due to a restart, connection would still me maintained as long as DNS record is mapped to the new IP. I will appreciate 3rd party suggestion from Azure marketplace

Of course, yes. You can create an alias record set for the public IP with the type Azure resource in the DNS Zone. Then the DNS Zone will route your requests to that public IP, no matter if the IP address changes.
By the way, when you use the VPN, you install the client and connect the Azure VNet from your local network, in this step, you do not care about the public IP of the VPN. So I don't think you need to configure the FQDN for the public IP of the VPN. Of course, maybe you have a special reason. This just is advice.

Related

Azure storage account cannot map drive locally with DNS

I have created a storage account and a fileshare on Azure, but my ISP blocks port 445, bummer!
So I went ahead and created a virtual network, then a virtual gateway, then a VPN, then a private endpoint where there is an entry like this:
NAME mystorageacc (not the real one)
VALUE 10.0.0.4
I can map the network drive using the 10.0.0.4 IP address while connected to the VPN, but I don't want to use that, I would like to use the new DNS, but when I ping mystorageacc.file.core.windows.net I still get the public IP address 52.239.193.168 instead of the private from my virtual network 10.0.0.4.
How do I achieve this? using mystorageacc.privatelink.file.core.windows.net still points to the public IP address, so what resolves to 10.0.0.4?
In this case, the easy way for test is to edit hosts file in the directory C:\Windows\System32\drivers\etc on the local VPN client machine.
Add the following record in the HOSTS file.
10.0.0.4 mystorageacc.file.core.windows.net
Another solution is to use a DNS forwarder. You can add Azure DNS (168.63.129.16) as a forwarder on your custom DNS. Read this document On-premises workloads using a DNS forwarder for more details. For more steps, you could refer to step 5 in this blog.

Configure custom DNS for Public IP Address

i created VM behide Azure Load Balancer. i want to use custom domain to Load Balance Public IP. for example i want to access url like 'xx.mvg.com' instead Load Balance Public IP from internet. how i can do it?
i tried to did followed reference link 'https://learn.microsoft.com/en-us/azure/dns/dns-custom-domain' but still not working.
Please recommend how to register my domain name i wish, i want map my domain name to my application running on VM behide Azure Load Balancer.
and Azure have service about internet domain registrar?
about your last question - no, Azure have only Azure DNS, which is not a domain registrar, but a DNS as a service.
Easiest way to achieve what you want - assign a dns name to a public ip (called dns label here) and create a CNAME record in your DNS for that DNS name. or just straight up create a A record in your DNS and point it to your public ip.

DNS routing to private IP

We have 1 virtual machine with IIS in Azure, it doesn't hold the public IP address.
Its FQDN is machine.domain.local.
Its serving a service from IIS. We want to install certificate. However, we got the SSL by name service.domain.com.
If my machine would have public IP address I would have created A record for service.domain.com pointing to machines public IP address.
But we want this service to run internally, how we can we achieve this routing?
Any suggestions?
you can make a CNAME record to map service.domain.com bind to machine.domain.local
The question is not Azure or DNS related, it looks like its IIS/certificate related.
You got certificate for service.domain.com, which you want to apply to website machine.domain.local.
You either get machine.domain.local added to CName on Certificate or change IIS website domain to service.domain.com
You can use IIS to generate a self-signed certificate. Then, use an Azure Site-to-Site or Express Route to connect to On-premise. Set up a local host file entry on the servers for that domain & private IP address. This would work without a flaw but, it's tedious and not much of a recommended design.
What I would do is, I would MAP my domain to the private IP within the local DNS server and set the DNS as custom DNS on the VNET. This will make sure that all the VM's will point to the DNS server for any query and then start a recursive query.
MAP to Private IP
Make record entry with the local DNS server with Private IP
Make changes at the Azure VNET to use the custom DNS, provide the DNS server private IP
Else
Do a host file entry manually on all the servers.
You can also read more along the lines of Private DNS on Azure:
https://azure.microsoft.com/en-in/blog/azure-dns-private-zones-now-available-in-public-preview/
Regards,
Charan

how to set dns to azure aks?

I am currently using Azure AKS.
I have a frontend application which is using LoadBalancer to have a public IP to access the service.
Should I just direct my domain name to the public IP address?
Because the IP is dynamic, if the port is destroy and recreate again, a new IP is generated.
Should I use Ingress/Nginx controller to manage the IP?
You can use A record points to the external IP address.
You can change the public IP address to static via Azure portal, in this way, restart the service will not change the IP.
But in Azure, if we delete the Azure AKS, the Public IP address will collected by Azure platform, and we will lose this IP address.
You can use kubernetes-incubator/external-dns to automatically update the A record in your Azure DNS zone with the (dynamic) IP of the Azure Loadbalancer or Ingress controller. Read here how to set up.
You're not limited to use Azure DNS, you could use other providers to, in v0.4: Google CloudDNS, AWS Route 53, AzureDNS, CloudFlare, DigitalOcean,
DNSimple, Infoblox
Should I just direct my domain name to the public IP address?
As Mohit said, we can set static public IP via Azure portal, and map your domian name to that Public IP address.
Because the IP is dynamic, if the port is destroy and recreate again,
a new IP is generated.
By default, AKS expose pods to internet will create a Kubernetes service, the Public IP address work for that service.
If one pod was not work(multiple pods), AKS will create another pod in your service and that will not get a new public IP. But if you only have one pod in that service and re-create that pod, we will get a new Public IP address.
For now, Azure does not support to keep the public IP address for AKS service.
Hope this helps.

Azure app service - routing traffic through vnet - does IP translation take place?

I have an azure app service with a web job that grabs data from a web service. The networking properties show that the webjob has a few outbound IPs, which are public Azure IP addresses.
I know that the web service app can be configured to route traffic through a VNET, however, it's not clear to me if the IP is translated to a local IP in the VNET, or if the Azure public IP remains. This obviously has implictions if there are firewalls on the network that block external IP's. Would this also mean that the return route could be over the internet rather than through the network? (espseically if the traffic end's up going down a VPN and outside of Azure - surely a 40. something public azure address would then force a return over the internet, which may not always be possible).
it's not clear to me if the IP is translated to a local IP in the
VNET, or if the Azure public IP remains.
As far as I know, when we use public IP address to communicate the internet, the public IP address will not translated to a internal IP.
I think this might cause an issue when using this with a VPN as I'm
not sure how the return path would know to use the VPN rather than
route over the internet.
When we use Azure P2S or S2S VPN, we can't force the internet traffic through the VPN tunnel.
Update:

Resources