Broken DNS resolving because landing zone VNET is defaulting to 10.0.0.4

[denniseik]

After deploying a jumpbox in my data landing zone, I wasn't able to resolve any private link DNS. After checking VNET configuration, DNS was defaulting to IP 10.0.0.4 which I believe is the firewall device. I'm not sure whether this expected. After changing to default Azure DNS, my configuration started to work @marvinbuss .

[marvinbuss]

Hi @denniseik,
Yes, this is expected.

We are using a centralized DNS infrastructure that is in line with what most organizations have. What this means is that all Private DNS Zones are setup in the connectivity hub subscription and that all DNS resolutions must happen in this subscription. Therefore, we have to forward DNS requests to a DNS forwarder in the connectivity hub, which in our case is the Azure Firewall that got deployed with the Data Management Zone. The DNS forwarder then forwards DNS requests to Azure DNS and uses the Private DNS Zones via CNAME to resolve the IP of the Private Endpoints.

If you remove that setup from the spoke vnet, resolution of private endpoints will no longer work. I will work on some guidance to help users get started in that environment with a jumpbox.
Please let me know, if anything is still unclear.

I am assuming that there was some issue on the jumpbox config, which is why you were not able to resolve private endpoints!

This Feature Request will most likely also fix your issues: https://github.com/Azure/data-landing-zone/issues/153