Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
DNS Zone for Azure APIM in Internal VNet mode with default (Azure provided) Domain
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Taranjeet Malik
611
Reputation points
Hi
We're planning to deploy an Azure APIM instance in internal VNet mode, which will be front-ended by a third-party solution (not Front Door / App Gateway). The third-party solution will proxy / CNAME the public name (FQDN) to the internal (default / Azure provided) name of the APIM, for example, apim01.azure-api.net. I've read these articles, but not sure what the Private DNS Zone we need to host in Azure (it is azure-api.net or privatelink.azure-api.net).
https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
the screenshot below clearly states that azure-api.net is the public domain and privatelink.azure-api.net is private one.
However, most of the articles I've come across (like the one below) seem to suggest creating private DNS Zone as azure-api.net.
Can someone please confirm / share their thoughts?
Thanks
Taranjeet Singh
Azure API Management
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 54%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Harish Badijana 15 Reputation points Microsoft External Staff Moderator2025-07-31T12:01:16.4+00:00 @Taranjeet Malik I understand You're planning to deploy an Azure API Management (APIM) instance in internal VNet mode, front-ended by a third-party proxy solution, and you're unsure whether to use the azure-api.net or privatelink.azure-api.net private DNS zone
when deploying APIM in internal VNet mode, you should:
Create a private DNS zone namedazure-api.net
Register all APIM endpoints (gateway, portal, management, developer, SCM, regional) within this zone
Link the DNS zone to your VNet to enable automatic resolution of these hostnames
This setup ensures that your APIM instance can be accessed internally using its default Azure-provided FQDN (e.g., apim01.azure-api.net) and that DNS resolution works seamlessly across your network.
The privatelink.azure-api.net DNS zone is typically used when APIM is integrated with Azure Private Link, which is a different configuration from internal VNet mode. In your case, since you're not using Private Link and are instead relying on a third-party proxy, this DNS zone is not applicable.
Create Private DNS Zone:azure-api.net
Register Endpoints:
<your-apim-instance>.azure-api.net
<your-apim-instance>.portal.azure-api.net
<your-apim-instance>.management.azure-api.net
<your-apim-instance>.developer.azure-api.net
<your-apim-instance>.scm.azure-api.net
Link DNS Zone to VNet
Ensure your third-party proxy can resolve these internal FQDN
I hope this helps in resolving the issue, do let me know if you have any further questions on this
-
Taranjeet Malik 611 Reputation points
2025-07-31T22:12:26.45+00:00 Thanks for your response. Can you please point me to the MS articles on deploying the APIM in internal VNet mode with (and without) Private Endpoint, just so I understand the difference between these configurations?
Thanks
Taranjeet Singh
-
Harish Badijana 15 Reputation points Microsoft External Staff Moderator
2025-08-01T03:27:42.14+00:00 @Taranjeet Malik sharing the MS articles which I referred to find the solution
do let me know if you have any further questions other than the resposne I have provided
-
Taranjeet Malik 611 Reputation points
2025-08-03T21:47:29.36+00:00 Thanks @Harish Badijana . I don't seem to have access to the last article you shared. Is this a Public documentation or MS internal?
If internal, can you share the public equivalent pls.?
Thanks
Taranjeet Singh
-
Harish Badijana 15 Reputation points Microsoft External Staff Moderator
2025-08-12T03:54:50.64+00:00 @Taranjeet Malik I have edited the previous comment added all the documents which can help you understanding.
Please let me know if the firtst comments added helps you in resolving and we can convert the comment into answer
Sign in to comment
Sign in to answer