mysqlazureazure-mysql-database

Azure mysql single server with private link still resolves to public name


I've setup a MySql single server (we cannot AFAIK use flexible server because we want to configure data encryption which seems problematic on Flexible server).

The MySql single server is setup to disable public access and has been connected to a vnet. I have created a private link for it as well as a private dns zone and vnet link.

When i connect to a vm that is also linked to the vnet, the mysql server name is still resolving to it's public name/ip address.

for example:

> server01.mysql.database.azure.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
server01.mysql.database.azure.com  canonical name = server01.privatelink.mysql.database.azure.com.
server01.privatelink.mysql.database.azure.com      canonical name = cr6.westeurope1-a.control.database.windows.net.
Name:   cr6.region-a.control.database.windows.net
Address: 1x.xx.xx.xxx

This is the response I receive. When i attempt to ping the server, it always resolves to the public name's ip, which in this case is: cr6.region-a.control.database.windows.net

What am i doing wrong?


Solution

  • I tried to reproduce the same in my environment I got the result successfully like below:

    I have created a virtual machine and virtual network with same region with public Ip like below:

    enter image description here

    Created MySQL single server setup to disable public access and has been connected to a vnet like below:

    enter image description here

    Then I have created private link center added private endpoint link type as Microsoft.DBforMySQL/servers

    enter image description here

    Linked with virtual Network:

    enter image description here

    Now, when I access the MySQL server privately from the VM i got result successfully like below:

    enter image description here

    Reference:

    Private Link - Azure portal - Azure Database for MySQL | Microsoft Learn