Lesson Learned #399:Why is Private Link Still Resolving to Private IP Despite Its Removal in Azure?
Published Jul 12 2023 09:57 AM 1,740 Views

In Microsoft Azure, Private Link has been a popular feature that enables secure access to Azure services over private network connections. However, some users have reported an intriguing issue where even after removing the Private Link configuration, the service still resolves to a private IP address instead of the public one. This article explores the potential causes behind this behavior and suggests possible solutions, including the impact of a custom DNS from the customer side.

 

1. DNS Caching:

 

One possible explanation for the continued resolution of the private IP address is DNS caching. When a private link is removed, the DNS records associated with it may remain cached locally or within the Azure infrastructure until receiving the update from Azure (normally, it will take seconds). As a result, if you are still seeing the private IP the subsequent requests to the service may still resolve to the private IP. To address this, users can try flushing the DNS cache using the "ipconfig /flushdns" command, which clears the local DNS cache and forces a fresh lookup.

 

2. Stale Local Hosts File:

 

Another factor that can contribute to the persistence of private IP resolution is a stale entry in the local hosts file. The hosts file is a manual DNS mapping that can override the DNS resolution process. If a previous entry pointing to the private IP address was added to the hosts file, it would continue to direct the requests to the private IP even after removing the Private Link. Users should check the hosts file and remove any relevant entries to ensure proper resolution.

 

3. Custom DNS Configuration:

 

In some scenarios, customers may have implemented a custom DNS configuration that overrides the Azure default DNS settings. If a custom DNS is used and the Private Link resolution is still pointing to the private IP, it's essential to examine the custom DNS configuration. Ensure that the custom DNS server is updated with the appropriate public IP information and that it is being properly utilized by the client machines. This step ensures that the resolution request flows through the custom DNS and retrieves the correct public IP address.

 

4. Connection String Configuration:

 

Lastly, it's important to review the connection string used to connect to the Azure service. If the connection string contains an IP address (either private or public) instead of relying on DNS resolution, it will override any DNS-based resolution and continue to connect to the specified IP address. Ensure that the connection string is correctly configured to leverage DNS resolution and not hardcoded IP addresses.

 

Conclusion:

 

By understanding the potential causes behind this behavior, such as DNS caching, stale hosts file entries, custom DNS configurations, or connection string configurations, users can take the necessary steps to ensure proper resolution. Remember to flush the DNS cache, check the hosts file, review custom DNS configurations, and ensure correct connection string settings to address any potential issues and achieve the expected public IP resolution.

 

Version history
Last update:
‎Jul 12 2023 09:57 AM
Updated by: