I am using Azure App Service (Regional Vnet Integrated) and Paas Services Like Azure Key Vault, Azure Storage with System Managed Identity and Service endpoints enabled to access the Azure Key vault.
I am using Spring Boot Application.
And integrated the Key vault as per following doc.
https://learn.microsoft.com/en-us/java/api/overview/azure/spring-boot-starter-keyvault-secrets-readme?view=azure-java-stable
Also in App service we have set the config properties as follows:
WEBSITE_VNET_ROUTE_ALL - 1
WEBSITE_DNS_SERVER - 168.63.129.16
But i am getting below exception on application startup-
Caused by: java.net.UnknownHostException: failed to resolve '$$$$.vault.azure.net' after 2 queries
at io.netty.resolver.dns.DnsResolveContext.finishResolve(DnsResolveContext.java:1013)
... 22 common frames omitted
Caused by: io.netty.resolver.dns.DnsNameResolverTimeoutException: [/8.8.4.4:53] query via UDP timed out after 5000 milliseconds (no stack trace available)
Also similar connection issues to other Paas Services.
There is no document to follow to configure connections in such a case.
Any one faced such issue?
Hello
@SonalBK843
,
Thanks for reaching out and sorry for delayed response.
This issue seems to be more on "io.netty.resolver.dns.DnsNameResolverTimeoutException" project related than Azure Key vault.
I would request you to try out solution suggested in below GitHub issues as those were related with "io.netty" exception, meanwhile I will try to get more insight. Thanks.
https://github.com/redisson/redisson/issues/1944#issuecomment-468312630
Hello
@SonalBK843
,
Thanks for reaching out.
This issue seems to be more on DNS resolution (io.netty.resolver.dns.DnsNameResolverTimeoutException project) related than Azure Key vault starter.
The Azure SDKs support users to bring their own http client implementation while constructing the sdk client.
https://github.com/Azure/azure-sdk-for-java/blob/0d8e8a5a8f3a3119caf52a9c7b7a414999a9ccbc/sdk/spring/azure-spring-boot/src/main/java/com/azure/spring/keyvault/KeyVaultEnvironmentPostProcessorHelper.java#L89
In addition that could you try to customize the reactor http client like this
https://projectreactor.io/docs/netty/release/reference/index.html#_host_name_resolution_2
Hope this helps.
Please "
Accept the answer
" if the information helped you. This will help us and others in the community as well.
Like
@Gabriel Nica
mentioned, this started with latest versions of spring boot, which uses netty under the hood, which changed the DNS resolution and now it fails.
I was able to do a work-around like @sikumars-msft suggested! below is an example with certificates library, you can do the same for other libs like secrets
reactor.netty.http.client.HttpClient nettyHttpClient =
reactor.netty.http.client.HttpClient.create()
.resolver(DefaultAddressResolverGroup.INSTANCE);
HttpClient httpClient = new NettyAsyncHttpClientBuilder(nettyHttpClient).build();
CertificateClient certificateClient =
new CertificateClientBuilder()
.httpClient(httpClient)
.vaultUrl(keyVaultUri)
.credential(new ManagedIdentityCredentialBuilder().build())
.buildClient();
A similar fix was done with WebClient --> https://github.com/reactor/reactor-netty/issues/1431
