I have a Vnet with 2 virtual machines and 2 container instances.
I have 2 subnets, 10.0.0.0/24 and 10.0.1.0/24, because apparently Container Instances cannot be deployed in subnets that have other types of resources for some reason.
I have a Private DNS Zone with automatic registration, linked to this vnet and the 2 VMs can resolve each other by name. They also show up in the list of registered records, resolving to 10.0.0.4 and 10.0.0.5 respectively.
However, when I try to connect from the Container Instance to the VM, the name does not resolve. If I connect directly by IP address it works.
Furthermore the 2 container instances don't even show up in the Private DNS Zone.
Is there anything I need to do for my ACI to make use of the Private DNS Zone just like the normal VMs are doing? Why are they not resolving names through the Private DNS Zone as they should?
@jbx999
Just want to comment that we have the exact same problems with ACI only being able to reach the Private DNS in the VNet in which the ACIs are deployed for around 50% of our ACI deploys.
We run approximately 50 ACIs in the West Europe Azure region, and had no issues with Private DNS from May 2020 to end of Jan 2021.
Then, suddenly around 50% of ACI deploys couldn't reach Private DNS and therefore not reach neighbour ACIs in the same VNet, nor Private Endpoints to databases deployed in the same VNet.
Since ACIs may change internal IPs on auto-restart, and since private db-endpoints are also registered in the Private DNS Zone, this problem creates big difficulties for us.
Not that it is a solution or sustainable; but have you tried redeploying ACIs (alternatively stop + start (not restart) through the Azure Portal Interface) with a different outcome? Like I said, for us Private DNS is ok for ca 50% of our ACI deploys.
In the end I decided to move away from Azure Container Instances. They are a half baked, buggy and unstable product, with crucial functionality missing. You can't expose an ACI that is inside a vnet publicly. Accessing resources inside the vnet by DNS doesn't work properly. Registering the container itself to the private DNS zone works erratically. Furthermore West EU zone seems to be unstable, with support unable to figure out what is going on.
Just stay away from ACI.
@jbx999
Below thread might be helpful:
https://stackoverflow.com/questions/64700687/how-to-get-azure-container-instances-using-my-dns-server
Hope it helps!!!
Please
“Accept as Answer”
if it helped so it can help others in community looking for help on similar topics
I saw that, but I am not quite sure what I have to do. How can I know the IP address of the DNS server Azure is using for my Private DNS Zone?
There isn't this information anywhere on the Azure Portal.
privateDNS IP is static: 168.63.129.16
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#considerations
Although we experience similar problem in WestEurope region - we need to restart containers several time to finally make it work.
If I explicitly configure the Container-Instance's DNS servers .... it works. And fortunately Bicep can figure out those DNS-servers of my Virtual Network for me.
resource resourceVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' existing = {
name: virtualNetwork_Name
scope: resourceGroup(virtualNetwork_ResourceGroup_Name)
resource containerGroup 'Microsoft.ContainerInstance/containerGroups@2021-09-01' = {
name: containergroup_Name
location: location
properties: {
dnsConfig:{
nameServers: resourceVirtualNetwork.properties.dhcpOptions.dnsServers
containers: [
name: containergroup_Name
properties: {
image: image
........
.........
