I am currently facing an issue with Azure's managed PostgreSQL Database. I've set up the database and associated resources according to several Microsoft guides, but when I connect to the VPN, I am still unable to resolve the address of the database.
The PostgreSQL database is part of a Virtual Network (VNET), namely myVNET-db, with a private DNS zone (myDB.private.postgres.database.azure.com). This VNET is peered with another VNET named myVNET.
Here are the subnets within myVNET:
default (10.224.0.0/16)
GatewaySubnet (10.225.0.0/24)
AzureBastionSubnet (10.225.1.0/26)
snet-inbound (10.225.2.0/28)
snet-outbound (10.225.3.0/28)
I've configured a VPN with point-to-site, and I've also set up a Private DNS resolver. The resolver is linked with both snet-inbound and snet-outbound subnets and has a ruleset added to its outbound endpoint (myDB-endpoint) that maps myDB.private.postgres.database.azure.com to 10.1.0.4.
However, despite the configurations, when I connect to the VPN, I am unable to resolve the address of the database. It seems that the DNS resolution isn't working as expected.
Here are the Microsoft guides I followed for setting up the environment:
- https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns
- https://learn.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal
- https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
What could be the issue here? How can I successfully resolve the PostgreSQL database address over the VPN? I'm keen to ensure that the database isn't accessible publicly for security reasons.
I'd appreciate any insights or recommendations to troubleshoot and resolve this issue.
Thanks in advance!
I tried with the Azure PostgreSQL Database - Flexible server. I don't know if this might be of help. Look at the DNS resolution and verify if it functions correctly within the
VNETitself. You can test this by spinning up aVMwithin theVNETand attempting to resolve thePostgreSQLdatabase address from there. This will help determine if theDNSresolver andprivate DNSzone is functioning as expected within theVNET. Again, kindly double-check your VPN configuration to ensure it is correctly set up forpoint-to-site connectivity. The VPN client must be configured to use the DNS resolver associated with theVNET. The following documentation might help. Documentation LINK 1 Documentation LINK 2