Forum Discussion
Entra Private Access - Private DNS
Hello Everyone We are using the trial period of Entra Private access and Entra Internet Access using Global Secure Access client. We recently got the Private DNS feature within Quick Access under Gl...
anyone with any ideas ?
vbakshi123Hey, no ideas, but wanted to let you know I'm suffering along with you.
If I try
resolve-dnsname -name _ldap._tcp.my.domain.com -type SRV
it fails, but if i specify the server listed in the connection properties by doing
resolve-dnsname -name _ldap._tcp.my.domain.com -type SRV -server 6.6.255.254
it returns records for all my domain controllers.
I've opened a ticket with Microsoft support for assistance but they haven't been able to provide a resolution yet, still hoping.
- I managed to resolve it in some way. Even though you are correct, it won't resolve the private DNS name of any of the devices in the on-premise network
We had a Entra Global Secure Access app that had port 3389 access to the entire domain, i.e. *.yourdomain.com I suspected that after enabling private DNS, somehow the namespace was conflicting between the Quick Access app and the entra global secure app since the private dns name and the domain name are obviously the same. Even though they are meant to be communicating on different ports.
So, I removed that entry from the entra global app and then enabled private dns, then our access to the other private apps were unaffected. For password change, we opened the relevant ports on the same quick access app which allows private dns. Creating a separate enterprise app for DC communications whilst having private DNS enabled on the quick access app didn't seem to work that well.
The only issue we have is looking up DNS names , but only getting magic IP's instead of the private IP address.