Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v6.0.0 - introduction of the scm.privatelink.azurewebsites.net private dns zone appears to break DNS lookups for App Service kudu endpoint #1064

Closed
eehret opened this issue Aug 1, 2024 · 3 comments
Closed

v6.0.0 - introduction of the scm.privatelink.azurewebsites.net private dns zone appears to break DNS lookups for App Service kudu endpoint #1064

eehret opened this issue Aug 1, 2024 · 3 comments

Comments

@eehret
Copy link

eehret commented Aug 1, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform:
1.8.5

azure provider:
3.113.0

module:
6.0.0

Description

Describe the bug

I noticed that in v6.0.0 the private dns zone scm.privatelink.azurewebsites.net got added.
But the DINE policy we've been using (built-in policy Configure App Service apps to use private DNS zones) only configures DNS integration with the privatelink.azurewebsites.net zone.

Prior to v6.0.0, two A records had been getting added to that zone for every app: one for the app name, and a second that looks like <app name>.scm. This all worked fine for us. Kudu was accessible via the private endpoint via URL of the form https://<app name>.scm.azurewebsites.net

Now with v6.0.0, the scm.privatelink.azurewebsites.net appears to "hide" or conflict with the information for <app name>.scm that is present in the privatelink.azurewebsites.net zone. Kudu URL no longer resolves to the correct IP address when the new zone is in place and linked to the VNET where client is doing DNS resolution.

Are we sure it is correct to add the new zone? This link appears to say that only one private DNS zone need be created for app service, and that two A records would be created it in it for each app, just like we have in our environment now.
https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint#dns

I am concerned about deploying v6.0.0 in its current form, since it seems we would have to migrate the <app name>.scm records out of the original zone and into the new one, and also potentially reconfigure our on-prem DNS forwarder to cover this new zone. And the current DINE policy mentioned above might need to be replaced as well.

Steps to Reproduce

I don't really have detailed steps to reproduce, but happy to try to provide more information if required.

Screenshots

n/a

Additional context

n/a
@eehret eehret changed the title v6.0.0 - introduction of the scm.privatelink.azurewebsites.net private dns zone appears to break DNS lookups for kudu endpoint v6.0.0 - introduction of the scm.privatelink.azurewebsites.net private dns zone appears to break DNS lookups for App Service kudu endpoint Aug 1, 2024
@gittyNico
Copy link
Contributor

#968 (comment)

@endreigesund
Copy link

I can confirm that it broke lookups for the scm.privatelink.azurewebsites.net namespace. We can't deploy to scm anymore from pipelines on private appservices.

There isn't anyway to disable this zone in the module either without disabling privatelink.azurewebsites.net.

@egnirra egnirra mentioned this issue Aug 22, 2024
Merged
5 tasks
@matt-FFFFFF
Copy link
Member

Will be fixed in next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@eehret @matt-FFFFFF @endreigesund @gittyNico