I have an App Service with a custom domain that is available to the public Internet. This setup worked fine, and the DNS could be resolved from anywhere.
Recently I've added a Private Endpoint to the App Service, because I want traffic from other App Services to use a local IP address. I have a Private DNS Zone with an entry for the privatelink domain. I also still want the App Service exposed to the public Internet so I've enabled the Public network access option.
This seemed to work as intended at first:
- From the public Internet, the DNS is resolved to a public IP address for the App Service.
- From inside the same VNet, the DNS is resolved to a private IP address for the App Service.
However, what I've noticed is that from another totally unrelated Azure subscription, the DNS doesn't get resolved, meaning there is no IP address in the response from Azure DNS (e.g. with nslookup). I expected to get the public IP address in this case. How can I make sure the public IP address would get resolved for other Azure subscriptions?
Since the primary Google DNS server at 8.8.8.8 can resolve your app service's DNS correctly it sounds like there is an issue with DNS resolution from one or more resources in the other Azure subscription. One possible resolution could be to set 8.8.8.8 as the DNS server for those resources instead of the default. For example, you can accomplish this with an app service by using the WEBSITE_DNS_SERVER app setting like this.