Search code examples
azurednsvirtual-machineendpointmailtrap

How to set up endpoints within a Azure Virtual Machine


I'm trying to set up MailTrain (a newsletter application) on an Azure VM. I created a resource group with the virtual machine, a virtual network, a network interface, a network security group, a public ip adress and a private DNS zone.

MailTrain expects three URL endpoints which all point to the same IP adress. For testing purposes I would like to create internal endpoints which all point to the VM. I played around with DNS entries in the DNS zone, but it doesn't work as I expected.

The name of the private DNS zone is equal to the DNS name of the VM's public IP adress. The private DNS zone and the VM are linked with the virtual network link and auto registration is enabled. The virtual network contains a default subnet. I created an A entry for "lists" pointing to the VM's internal IP adress and a CNAME entry for "sbox" pointing to the DNS name of the public IP adress. Inbound rules for the ports 80 and 443 were added to the netwwork security group.

The console shows me the following message while running the installation script:

Domain: lists.xxx.cloudapp.azure.com
Type:   None
Detail: DNS problem: NXDOMAIN looking up A for
lists.xxx.cloudapp.azure.com - check that
a DNS record exists for this domain

Domain: sbox.xxx.cloudapp.azure.com
Type:   None
Detail: DNS problem: NXDOMAIN looking up A for
sbox.xxx.cloudapp.azure.com - check that a
DNS record exists for this domain

Domain: xxx.cloudapp.azure.com
Type:   unauthorized
Detail: Invalid response from
https://xxx.cloudapp.azure.com/.well-known/acme->challenge/VIjYMd-Uic_T2lQBl4vSyy9Va46-yVxmTA8SSE3f8J8
[xxx.xxx.xxx]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>503 Service
Unavailable</title>\n</head><body>\n<h1>Service"

Solution

  • Followed that quick start, you just need to create three DNS records in your public domain DNS zone.

    enter image description here

    Please note that there is public DNS and private DNS in Azure. In this case, I assume you have created a private DNS zone for internal endpoints. To resolve the records of a private DNS zone from your virtual network, you must link the virtual network with the zone. Additionally, you can also enable autoregistration on a virtual network link. If you enable auto registration on a virtual network link, the DNS records for the virtual machines on that virtual network are registered in the private zone. Or, you can manually create an A record to map to your VM's private IP address in the zone and create other CNAME records to map to the other internal endpoints.

    As a best practice, do not use a .local domain for your private DNS zone. Not all operating systems support this.

    In addition, you need to add inbound ports 80, 443 in your network security group that associated with the Azure VM subnet or NIC.

    Update

    For an internal test, you can use a private DNS zone because the DNS records in a private Zone can only be resolved in a virtual network it can not be resolved over the Internet, you could select the local installation in this scenario.

    For example, I create a private DNS zone named contoso.com,

    enter image description here

    After local install, you can access the website via the trusted endpoint http://localhost:3000, then you should access the other endpoints in the VNet instead of access external. enter image description here

    However, if you want to use it for public access, you could select to install a public website secured by SSL. In this case, you need to purchase a domain and add the related DNS records to the DNS zone in the respective DNS provider. Azure DNS zone supports host your public domain zones in Azure.