Today, I worked on a service request that our customer had some doubts about how to Configure Private Endpoint Connections in Azure SQL Managed instance (In Preview). Our customer reported us that the IP resolution of Azure SQL Managed Instance always points to the normal one instead of resolving the private endpoint IP. Following, I would like to share my lessons learned how to fix it.
We are going to configure two main components:
- Private Endpoint Connection in Azure SQL Managed Instance.
- Private DNS Zone.
Step #1: Configuring Private Endpoint Connection
- The process is prety much the same process that we are using for Azure SQL Database but, in this case, for Azure SQL Managed Instance the Integrated Private DNS Zone needs to be configured in another way, for this reason is disabled nowdays. Let's create the Private Endpoint using the portal.
- First, we are going to specify the basic details of the Private Endpoint.
- In terms of Resource, we need to configure only the name of the Azure SQL Managed Instance.
- For Virtual Network, we need to choose the Virtual Network and Subnet of the client (Virtual Machines, for example) that are going to connect to the Private Endpoint.
- Finally, as you could see the DNS configuration is disabled for Managed Instance and we are going to configure later.
Step #2: Private DNS Zone
- Here is the main different, Private DNS Zone in Azure SQL Database will be privatelink.database.windows.net but Azure SQL Managed Instance we need to create it separately and the name should not contain privatelink.<dns-zone>.database.windows.net; for example: privatelink.site. for more information: Azure Private Link and private endpoints - Azure SQL Managed Instance | Microsoft Learn.
- For example, my manage instance name is: mymanagedinstance.a34e740a3aca.database.windows.net
- mymanagedinstance is the name of the instance.
- a34e740a3aca is the DNS Zone
- database.windows.net is the rest of FQDN (domain).
- For this reason, we are going to create a new Private DNS Zone, with the name of, privatelink.{dnszone}
- After it, going back to the Private Endpoint definition, we need to add the configuration using the new Private DNS Zone in Private Endpoint connection, specifying the privatelink.{dnszone}
- Finally, modify the Private DNS Zone and add a virtual network link with the VNET/Subnet where client (Virtual Machines for example, will use this private endpoint to connect to your Azure SQL Managed Instance.
Step #3: Testing the resolution.
- Once we have configured, basically, we need to connect to our Virtual Machine, run the following command to review if the resolution is working well:
- ipconfig /flushdns to renew the DNS.
- ping or nslookup with the name of your manage instance and you could obtain the name of the private endpoint instead of the normal one.
Additional notes
In case your virtual machine is hosted on another VNET (not on the same Azure SQL managed instance VNET), you need to consider the below points:
- Make sure you have VNET peering between both VNETs, you can check this document for more information on how to create it.
- Access Azure portal -> Select your private DNS zone -> Access Virtual Network links blade and make sure the link is connected with the private endpoint VNET.
- Then, go back to overview blade and make sure you have a record for your Azure SQL managed instance IP address, if not please click Record Set and add the private IP address.
Enjoy!