DNS Resolution Issue for Point-to-Site VPN Users in Azure

The issue you're encountering is due to a limitation where a private DNS zone will not work over an Azure P2S VPN connection by default. This results in DNS resolution failures for private endpoints when connected through a P2S VPN. Here are three proposed solutions to resolve this issue:

Modifying the Hosts File: You can manually add entries to the hosts file on each P2S client to point the private resource to the private IP of the private endpoint. This method is straightforward but becomes difficult to manage at scale, especially if there are multiple entries and users.

Configuring a DNS Forwarder or Proxy: Deploy a DNS forwarder or proxy, or use an IaaS VM with a DNS Server role in Azure to forward DNS queries to Azure DNS. You'll need to manually configure the AzureClient.xml file to use this DNS forwarder. This method centralizes DNS management but requires additional infrastructure setup.

Using Azure DNS Private Resolver: Implement an Azure DNS Private Resolver to handle DNS queries for private endpoints. This removes the need for a separate DNS forwarder and simplifies the setup. The DNS Private Resolver will need only an Inbound endpoint and should be set as a DNS Server in the VNET.

Resources:

• DNS Forwarder VM - Code Samples | Microsoft Learn
• Configure Azure VPN Client - Microsoft Entra authentication - Windows - Azure VPN
• Configure Azure VPN Client optional settings - Azure VPN
• What is Azure DNS Private Resolver?
• Name resolution for resources in Azure virtual networks

Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.

Please do not forget to "Accept the answer" and "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.