With the release of the new ILB ASE v2 (appservicenvironment.net), it's a common ask from customers to help them configure an Azure Private DNS to manage the ILB ASE's DNS records.
I'll describe step-by-step how to create each record listed under the DNS configuration section of the Create and use an Internal Load Balancer App Service Environment document.
It's important to note that records on Azure Private DNS Zones will only be resolvable by resources inside the VNet(s) to which the Zone has been linked to. Consider this if you have resources that cannot use this Azure Private DNS Zone (like on-prem resources).
Create a zone for <ASE name>.appserviceenvironment.net
1. In the Azure Portal, click in the portal search bar, type private dns zones in the search text box and press Enter. This will start the Create Private DNS zone experience.
2. Select the Subscription that contains your ILB ASE's VNet.
3. Create or select an existing Resource Group.
4. In Name under Instance details type <ASE name>.appserviceenvironment.net
5. In Resource group location select the same location as your ILB ASE's VNet.
6. Click Review + create and then Create.
7. Once the deployment finishes click in Go to resource.
Create an A record in that zone that points * to the ILB IP address
8. In your Azure Private DNS Zone, click in +Record set
9. Fill out the following information and then click OK:
Name: *
Type: A
IP address: <ILB IP address>
Note: You can find this under your ILB ASE's IP address blade, listed as Internal Load Balancer IP address. In my case my ILB ASE's IP is 172.20.0.11:
Create an A record in that zone that points @ to the ILB IP address
10. Click on + Record set
11. Fill out the following information and then click OK:
Name: @
Type: A
IP address: <ILB IP address>
This is the same IP address used in Step 9.
Create a zone in <ASE name>.appserviceenvironment.net named scm
12. The article says "create a zone in" which will correspond to a subdomain, but since Azure Private DNS Zone doesn't seem to have an option to create a subdomain this means either creating a separate zone called scm.<ASE name>.appserviceenvironment.net (more expensive) or simply creating a wildcard record for *.scm. We'll explain how to do the latter.
Create an A record in the scm zone that points * to the ILB IP address.
13. In your Azure Private DNS Zone, click in +Record set
14. Fill out the following information and then click OK:
Name: *.scm
Type: A
IP address: <ILB IP address>
This is the same IP address as in Step 9.
Assign the Azure Private DNS zone to the ILB ASE's VNet
15. Click in Virtual network links
16. Click Add+
17. Fill out the following information and then click Ok:
Link name: <Any name> There's no requirement as to what name to use but I recommend using a descriptive name something like <VNet name>-PrivateDNS-Link
Subscription: Select the subscription that contains the ASE's VNet
Virtual network: Select the ASE's VNet
18. After it finishes adding it, you should be able to see the link under Virtual network links.
Now Web Apps running on this ASE or Azure VMs on this VNet, should be able to resolve any Web App name or kudu console (SCM) created on this ASE.
The ILB ASE's IP address won't change unless the ASE is suspended, so you shouldn't need to modify these records in the future.