Unable to Connect to Azure PostgreSQL Database via Point-to-Site VPN with Azure Active Directory on macOS

Mert Ertugrul 0 Reputation points
2024-09-10T12:32:49.9433333+00:00

I’m trying to connect to my Azure Flexible PostgreSQL private access server using a Point-to-Site (P2S) VPN configured on an Azure Virtual Network Gateway with Azure Active Directory not Certificates, but I’m unable to access the database from my local machine (macOS, M1 chip, Sonoma 14.6.1). The VPN connects successfully, but I cannot resolve the database’s private DNS.

Steps Taken:

  1. Verified that the VPN connects, and I receive an IP address from the address pool (172.16.0.0/24).
  2. Attempted to ping and nslookup the database hostname, but DNS resolution fails with NXDOMAIN.
  3. Manually configured the DNS server to the Azure VNet internal DNS (e.g., 10.0.0.4) on my macOS network settings, and flushed the DNS cache.
nslookup timepiepstg.postgres.database.azure.com
Server: 194.168.4.100
Address: 194.168.4.100#53
** server can't find timepiepstg.postgres.database.azure.com: NXDOMAIN

Additional Info:

• The VPN route table includes:

• 10.1.0.0/24

• 10.0.0.0/24

• 172.16.0.0/24

• Other internal resources (like VMs) also do not seem reachable.

Question:

What could be causing the DNS resolution to fail for the private PostgreSQL Flexible Server? Is there a networking or DNS configuration that I might be missing?

Any guidance or troubleshooting tips would be appreciated.

Screenshot 2024-09-10 at 13.26.59.png

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,516 questions
Azure Database for PostgreSQL
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,444 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jing Zhou 6,375 Reputation points Microsoft Vendor
    2024-09-12T01:54:38.3666667+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Here are steps that we can follow to troubleshoot the DNS issue:

    1.Configure a DNS forwarder VM in the VNet forward the request to the appropriate Azure DNS server for resolution.

    2.Edit the Azure VPN client configuration file (azurevpnconfig.xml) to add the custom DNS server IP address responsible for resolving private link names.

    3.Add conditional forwarder for the DNS domain postgres.database.azure.com, which should point to the Azure DNS IP address 168.63.129.163.

     

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

     

    Best regards,

    Jill Zhou

     

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.