Unqualified Domain Names in Azure Container Instance Connector

Referring to Supporting Unqualified Domain Names

I tried adding the indicated switch to the generated AZ CLI command (after “–memory 2”, before “–environment-variables”) but the CLI gave an error

unrecognized arguments: --dns-search file.core.windows.net

How do I enable Unqualified Domain Names for the Azure Connector ?

Hi Mike,

Based on everything I can see, I do not believe this is actually something you can pass via the Azure CLI, and I’ll make a note to flag this in the docs.

As per this link if you’re using Azure provided DNS, the only search domain that will be appended is the default one, and it is inflexible.

You could potentially get around this by running your own private DNS server within Azure and pointing the container at it.

I will check in with my team to see if I’m totally off base or if there’s another solution.



I just found another solution! I hadn’t had a chance to come here and update this, yet.

It’s easier to use an alias, rather than an unqualified host name, IMO.

Create a Twingate resource with desired alias pointing to the proper private endpoint; Twingate seems to require at least a two-part host (this.that). I tried creating a resource with just a hostname, and nslookup resolved it to a Twingate IP, but the actual connection didn’t go through.

If you really want to use an unqualified domain name, Windows’ TCP/IP settings specify the search domain on the client instead of the connector. If you’re connected to an AD domain, the domain will automatically be appended to the unqualified host name and you just have to create the matching Twingate resource for alias.your.domain to point to the Azure private endpoint. If you’re Azure AD or workgroup joined, you have to specify the search domain in the advanced network settings of any adaptor (this setting is shared across all network devices using TCP/IP).

The all-important step, though, is that you have to add corresponding credentials to Windows! The Azure portal will generate a script to map the share to a drive (File Share → Connect in the portal). Copy the username and password from that script, go to Windows Credential Manager, and add those credentials for the host name as it will be typed.

I know I’ve been trying to get an alias or unqualified hostname to work for at least a week and a half. Hopefully someone else will find this and it will save them some time. Or maybe Twingate will add a better-written version of these instructions to the documentation.