Hi community,
I've been trying to connect Databricks Serverless to a SQL Server
running on an EC2 instance using NCC Private Endpoint, but traffic
is not being routed through PrivateLink.
## Setup
- Databricks Serverless (AWS, us-east-1)
- NCC attached to workspace: ESTABLISHED status
- VPC Endpoint Service: internal NLB (scheme: internal)
forwarding TCP:1433 to EC2 target (Healthy)
- Resource FQDN in NCC rule:
LBdemosql-80fcd74e8ec6b9b0.elb.us-east-1.amazonaws.com
- VPC Endpoint status: ESTABLISHED
## Evidence
From serverless notebook:
# DNS resolves correctly via PrivateLink
nslookup LBdemosql-80fcd74e8ec6b9b0.elb.us-east-1.amazonaws.com
→ 10.0.0.45, 10.0.0.23 ✅
# But routing goes via internet gateway, not PrivateLink
ip route get 10.0.0.45
→ 10.0.0.45 via 169.254.1.1 dev eth0 src 192.168.210.11 ❌
# TCP connection fails
socket.connect_ex("LBdemosql...", 1433) → 111 (Connection refused)
# Direct connection via EC2 public IP works fine ✅
## What I've tried
- Recreated NCC rule multiple times
- Verified NLB target is Healthy
- Verified Security Groups allow traffic
- Verified NACL allows all traffic
- Cross-zone load balancing enabled
- Windows Firewall disabled on EC2
- Allow principals includes Databricks IAM role
## Questions
1. Is an internal NLB supported as NCC PrivateLink target for
Serverless compute?
2. Does the FQDN need to resolve to a public IP for Serverless
to intercept DNS and route via PrivateLink?
3. Is there any additional configuration needed when the NLB
DNS resolves to private IPs (10.0.0.x)?
Thanks in advance.
