Share via

SQL Managed Instance resolving to Virtual Cluster IP instead of Private Endpoint IP from on-prem DNS

Naveen Vasanthakumar 20 Reputation points
2025-08-20T23:11:09.7366667+00:00

We have a SQL Managed Instance (MI) deployed with a Private Endpoint. The private DNS zone (privatelink.d<guid>.database.windows.net) is correctly configured and linked to the MI's virtual network. We are using an on-prem Windows Server DNS to resolve the MI FQDN.

Here's the issue:

  • From on-prem, when resolving the MI FQDN (sql.d<guid>.database.windows.net), it returns the Virtual Cluster IP (10.200.12.9).

When we force DNS resolution through the Azure DNS Resolver IP (10.200.5.4), it correctly resolves to the Private Endpoint IP (10.200.12.76).

What we’ve verified so far:

Conditional forwarder is correctly set up on our on-prem Windows DNS server (10.160.5.4) for privatelink.d<guid>.database.windows.net10.200.5.4

There are no conflicting zones or A records on the DNS server

DNS cache has been cleared

The private DNS zone is correctly linked and working in Azure

When querying the Azure Resolver directly, resolution is correct

Still, on-prem resolution through the local DNS server returns the Virtual Cluster IP instead of the Private Endpoint IP.We have a SQL Managed Instance (MI) deployed with a Private Endpoint. The private DNS zone (privatelink.d<guid>.database.windows.net) is correctly configured and linked to the MI's virtual network. We are using an on-prem Windows Server DNS to resolve the MI FQDN.

Here's the issue:

From on-prem, when resolving the MI FQDN (sql.d<guid>.database.windows.net), it returns the Virtual Cluster IP (10.200.12.9).

When we force DNS resolution through the Azure DNS Resolver IP (10.200.5.4), it correctly resolves to the Private Endpoint IP (10.200.12.76).

What we’ve verified so far:

Conditional forwarder is correctly set up on our on-prem Windows DNS server (10.160.5.4) for privatelink.d<guid>.database.windows.net10.200.5.4

There are no conflicting zones or A records on the DNS server

DNS cache has been cleared

The private DNS zone is correctly linked and working in Azure

When querying the Azure Resolver directly, resolution is correct

Still, on-prem resolution through the local DNS server returns the Virtual Cluster IP instead of the Private Endpoint IP.

Azure SQL Database

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Antony Maxwin 0 Reputation points
    2025-08-21T02:56:47.63+00:00

    Hi Will you please check which "A" record showing in the on prem local DNS Server , Can you share the Picture Also Try Below steps .

    Remove the old conditional forwarder: Delete the conditional forwarder on your on-premises DNS server for privatelink.d<guid>.database.windows.net.

    Add a new conditional forwarder for the parent zone: Create a new conditional forwarder for the database.windows.net zone.

    DNS Domain: database.windows.net

    IP Address: Your Azure DNS Resolver IP (10.200.5.4 in this case).

    Clear DNS cache: Clear the DNS cache on your client machine and the DNS server to ensure the new forwarder is used for the next query. You can do this with the command ipconfig /flushdns.

    Also if you can create a A record manually on the local DNS Server for Private end point and try whether its resolving the proper IP As you expected.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.