I’m having a bit of trouble getting this to work. Here’s the scenario, simplified.

In vNet W I have a web application, FQDNS mywebsite.azurewebsites.net. In vNet A I have a rest api FQDNS myapiapplication.azurewebsites.net. It’s kind of a hub-spoke model where A is the hub for multiple W’s, so I wanted to use peering over private links.

In vNet A I have a private DNS for mydomain.com. Inside is a CNAME record mapping api.mydomain.com to the FQDN myapiapplication.azurewebsites.net **The reason for this is we have similar 2-vent solutions in multiple environments and I want to configure all of them to point to api.mydomain.com in config and let DNS route the app service to the right one.

The private DNS is linked to both vNet A and vNet W, and the vnets are peered (in the same region)

When I open a console on myapiapplication and run nslookup api.mydomain.com it resolves to the private IP.

When I open a console on mywebsite and run the same nslookup, it cannot find the entry. It also cannot find the FQDN of the api application.

When we did this in our test environment, instead of CNAME we did A records to the private IP, but that IP is dynamic, so we really want to use CNAME records.

We do have Azure Front Door, but I am reluctant to pass traffic through AFD via private links because I want to keep the traffic all on the Azure backend in case we want to do SSL offloading.

I also wanted a solution that avoided making private links to the api in ever vnet that needed to call into it, because as our network expands, that could end up being may web vnets that call the API and I don’t want to hit a hard limit.

I feel like I’m missing something, but I’m just not sure what it could be that is preventing the private DNS from working in both vnets.