-5

I'm on a corporate network with various mysterious lockdowns including ZScaler

My current issue is that when I try to connect to xyz.databases.windows.net (Azure SQL database) I see these symptoms:

From SSMS I get

No such host is known

Trying nslookup

nslookup xyz.databases.windows.net

Server: abc.au.mydomain.com

Address: 10.x.x.x

Non-authoritative answer:

Name: xyz.database.windows.net

(note no IP address returned)

If I switch to a different non-corporate network I can connect fine.

I'm about to raise a ticket with the sausage factory to try and resolve but would appreciate some insight on what's going on here so I can discuss with a bit less ignorance. NSLookup doesn't return an IP address. Does that mean the DNS server is actively blocking this? Or something is misconfigured somewhere?

There is some info in server side setup here, but this seems like a client side issue.

https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture?view=azuresql

Improve this question
5
  • Just a flyby downvote. Surely the question has sufficient explanation for someone to pose an answer... why doesn't nslookup give me an IP address?
    – Nick.Mc
    Commented Jun 13, 2023 at 1:33
  • "I'm about to raise a ticket with the sausage factory" - what does this mean?
    – Paul
    Commented Jun 14, 2023 at 12:16
  • 1
    To me it's a slightly derogatory term for IT support. Because I put my ticket in one end, it goes through the factory and gets mashed up and mistreated and I might get a good result out the other side.
    – Nick.Mc
    Commented Jun 14, 2023 at 22:54
  • you still get correct answers for everything else right? Its not just this particular hostname thats not responding? If you know what your other resolvers are you could try setting nslookup to use those nslookup xyz.database.windows.net 10.x.x.y
    – captainmish
    Commented Jun 15, 2023 at 9:59
  • Did you setup conditionnal forwarding to some Microsoft domains on your AD DS resolver? Is database.windows.net in the list?
    – setenforce 1
    Commented Jun 19, 2023 at 8:56

2 Answers 2

Reset to default
1
+100

Assuming its just xyz.database.windows.net thats not working, just show them what you've got with an identical, successful lookup on your other device. Here's one i made earlier:

Non-authoritative answer:
xyz.database.windows.net        canonical name = dataslice1.indiawest1-a.control.database.windows.net.
dataslice1.indiawest1-a.control.database.windows.net    canonical name = cr4.indiawest1-a.control.database.windows.net.
Name:   cr4.indiawest1-a.control.database.windows.net
Address: 104.211.144.4

Its a bit wierd that you get no response, usually you'd get a response that'll direct you to a block page if its actively blocked.

nslookup xyz.database.windows.net {{another reachable dns server}} might give you different results - if so, its a forwarder issue like @michael-lindsay says.

Its probably blocked but, try some external dns servers too (8.8.8.8, 1.1.1.1 are good for testing) if you can.

I dont reckon there's much more that you can do apart from telling them you already turned it off and back on again, and then being nice to them and waiting on your ticket :)

Improve this answer
1

I had this issue a few months ago and while I don't remember the exact details I know had to add a forwarder to either Azure DNS or Google DNS as the first forwarder on a server running 2008 R2. I want to say we originally had CloudFlare DNS configured as our sole forwarder. I’ve since taken the on premise servers to the farm or I’d go validate that answer for you.

You could test this if you don't have access the make changes to the DNS server by setting your primary DNS server to Azure DNS\Google DNS and secondary to your DC and flush the DNS cache on the machine, or just update the host file temporarily to provide your resolution for internal resources that server needs.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .