Share via

VPN connected but cannot resolve private PostgreSQL server hostname via DNS from client.

Adrian Ciocirlan 20 Reputation points
2025-06-16T19:50:39.1266667+00:00

Hello,

I have configured a Point-to-Site VPN using Azure Certificate Authentication on a Virtual Network Gateway (test1-vpngw) and successfully connected from my Windows machine using OpenVPN. The VPN session is active and assigned an IP address from the configured address pool (e.g., 172.16.0.2), and the virtual network is correctly linked to the DNS zone test1-pgsql.private.postgres.database.azure.com.

However, DNS resolution for the private endpoint (test1-pgsql.private.postgres.database.azure.com) is failing. nslookup times out or cannot resolve the address from the client machine, and connection attempts via pgAdmin fail with [Errno 11001] getaddrinfo failed

Setup summary:

Resource Group: testrapid1dev

VNet: test1-vnet

Subnet: test1-subnet-postgres (delegated to PostgreSQL Flexible Server)

VPN Gateway: test1-vpngw

PostgreSQL Server: test1-pgsql (private access only)

DNS zone: test1-pgsql.private.postgres.database.azure.com with VNet link to test1-vnet (status = InProgress)

VPN client: Windows 11 with OpenVPN Connect (profile imported from Azure download)

I suspect that the DNS integration is not functioning properly or the zone is not yet propagating correctly to the client. Please advise on how to proceed or validate that the Private DNS is resolving properly for Point-to-Site VPN clients.

Thank you!

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,780 questions
Accepted answer
  1. Praveen Bandaru 4,755 Reputation points Microsoft External Staff Moderator
    2025-06-16T22:10:34.6566667+00:00

    Hello Adrian Ciocirlan

    I understand that you are facing issue with DNS resolution for your private PostgreSQL server while connected through your Point-to-Site VPN.

    For further investigation please share the below information.

    1. Please try to share the nslookup screen shot.
    2. And in the meantime, please try to test PsPing and share the results with us.
    3. If possible, please share the topology diagram as well.

    Additionally adding some more points:

    Please let me know private endpoint and Source VM both are in same Vnet or different Vnet.

    • And also let me know which DNS you are using the azure provided or Custom DNS.
    • If you are using a custom DNS, you need to configure a forwarder pointing to the Azure DNS IP on the custom DNS server machine.
    • Additionally, if the custom DNS is hosted in a different VNET, you need to add the custom DNS virtual network in the private DNS zone.
    • If you are trying to connect from on-premises, you need to use a VPN. For connections inside Azure, you need a private DNS resolver.
    • Additionally, you must configure a conditional forwarder pointing to the private DNS resolver's inbound IP in your local machine's DNS server.

    Kindly check the below documents for more understanding:

    https://github.com/msrini-MSFT/Troubleshooting-Private-Link-DNS-Scenarios?tab=readme-ov-file#scenario-2---if-your-source-machine-is-deployed-on-premises-other-cloud

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.