Networking

Most networking issues in Azure are actually DNS issues. Here is why DNS is hard in Azure, and how we handle it. Public and Private DNS Do Not Play Well Together Azure resources have public endpoints by default. They resolve via public DNS. When you add a private endpoint, the resource gets a private IP. Now you have two IPs for the same resource: public IP (internet-facing) private IP (VNET-only) DNS must resolve to the private IP from within your VNET, and the public IP from outside. ...

We spent hours debugging connectivity when the real issue was authentication. Here is why identity failures masquerade as network failures. The Error Message Lies Your app cannot connect to Azure SQL. The error says: “Connection timeout.” You check: firewall rules network security groups VNET configuration DNS resolution Everything looks correct. The issue is not networking. It is identity. The Managed Identity does not have permissions on the database. But the error said “timeout,” not “access denied.” ...

We thought Container Apps networking would be simple. We were wrong. Here is what we learned after hours of troubleshooting. Internal vs External Environments Are Not What You Think Container Apps have two environment types: internal and external. We assumed: external means public internet internal means private network That is partially true, but incomplete. External environments get a public IP and can accept traffic from the internet. They can also be restricted to your VNET. ...