Share via

i am facing issue on accessing the private cluster via VPN. and not moving traffic to firewall

Shankara Satya Veerabhadrudu Bara 0 Reputation points
2025-08-25T06:55:16.31+00:00

i am facing an issue accessing the private cluster via VPN, and not going traffic from the firewall.

This is the error iam getting

E0825 12:17:25.677908 39308 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get "https://hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io:443/api?timeout=32s": dial tcp: lookup hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io: no such host"

E0825 12:17:25.680370 39308 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get "https://hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io:443/api?timeout=32s": dial tcp: lookup hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io: no such host"

E0825 12:17:25.683401 39308 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get "https://hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io:443/api?timeout=32s": dial tcp: lookup hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io: no such host"

E0825 12:17:25.685872 39308 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get "https://hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io:443/api?timeout=32s": dial tcp: lookup hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io: no such host"

E0825 12:17:25.689364 39308 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get "https://hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io:443/api?timeout=32s": dial tcp: lookup hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io: no such host"

Unable to connect to the server: dial tcp: lookup hobasa-uat-aks-01-dns-zt701mzb.bbf85e43-a749-4597-9fb8-30d9f4839ef6.privatelink.eastus.azmk8s.io: no such host

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michele Ariis 4,505 Reputation points MVP
    2025-08-25T07:52:28.39+00:00

    Hi, “No such host” error = DNS: VPN client doesn’t resolve AKS API private FQDN (…privatelink.<region>.azmk8s.io). Quick fix, all in one go: from a VM in the VNet, check nslookup <aks_fqdn> 168.63.129.16 (should return private IP); create/use the Private DNS zone privatelink.<region>.azmk8s.io, link it to both the AKS VNet and the VNet where the VPN clients terminate; if necessary, add the API A record with the Private Endpoint IP; ensure VPN clients use a resolver that “sees” that zone (in the P2S profile, set DNS to a DNS VM or Azure DNS Private Resolver; on-prem, add a conditional forwarder to the inbound endpoint in Azure); check routing: the P2S pool must reach the CIDRs of the AKS VNet; Final test: nslookup from the PC using the VPN (it should return the private IP) and then kubectl. If you want to quickly confirm that it's DNS-only, temporarily map the FQDN to the private IP in hosts (then remove it).

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.