cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Azure Databricks unable to connect to private DNS KeyVault in createScope, showing "DNS invalid"

Nilave
New Contributor III

I have an Azure KeyVault with private endpoint created in the same Vnet as Azure Databricks. While trying to add it as a scope using the private DNS Zone ie <KVname>.privatelink.vaultcore.azure.net

getting error "DNS  is invalid and cannot be reached."

If I try to ping it from Azure Databricks using as below

%sh ping <KVName>.privatelink.vaultcore.azure.net , it does resolves to its private IP address.

What could be the issue

1 ACCEPTED SOLUTION

Accepted Solutions

mark_362882
New Contributor III

I got it working by creating the KV backed scope via UI. I used the the dns without the private part: <KVName>.vault.azure.net

The private dns will resolve it to the right IP.

You do have to check the "Allow trusted Microsoft services to bypass this firewall" in the Firewalls and virtual tab if you have set Allow access from to disable public access or Allow public access from specific virtual networks and IP addresses.

View solution in original post

6 REPLIES 6

Kaniz_Fatma
Community Manager
Community Manager

Hi @Nilave Chakraborty​ , You will find a similar issue in a similar thread here, which already has the best answer- https://community.databricks.com/s/question/0D53f00001HKHjtCAH/databricks-cannot-access-azure-key-va...

Do let us know if that helps.

This is not the answer.

I have the same question.

How can I connect an Azure Key Vault with private endpoint to the databricks vnet?

Kaniz_Fatma
Community Manager
Community Manager

Hi @Nilave Chakraborty​ ​, We haven’t heard from you on the last response from me, and I was checking back to see if you have a resolution yet. If you have any solution, please share it with the community as it can be helpful to others. Otherwise, we will respond with more details and try to help.

Soma
Valued Contributor

hi @Kaniz Fatma​ @Nilave Chakraborty​ still facing the same issue.

The solution you have provided is not working and in this case the key vault dns itself not getting resolved.

Can you please let me know how this got resolved

mark_362882
New Contributor III

I got it working by creating the KV backed scope via UI. I used the the dns without the private part: <KVName>.vault.azure.net

The private dns will resolve it to the right IP.

You do have to check the "Allow trusted Microsoft services to bypass this firewall" in the Firewalls and virtual tab if you have set Allow access from to disable public access or Allow public access from specific virtual networks and IP addresses.

Hi @mark van den berg​, Thank you for sharing your workaround to this question.

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!