Merge pull request #251988 from Ratulac-Azure/patch-3

prmerger-automator[bot] · web-flow · commit 6edff9790878 · 2023-09-19T18:52:42.000Z
Edit "Add Using Custom DNS Servers section and notes for route table permis… #251579"
diff --git a/articles/spring-apps/how-to-deploy-in-azure-virtual-network.md b/articles/spring-apps/how-to-deploy-in-azure-virtual-network.md
@@ -146,6 +146,8 @@ This section shows you to grant Azure Spring Apps the [Owner](../role-based-acce
 
 > [!NOTE]
 > The minimal required permissions are [User Access Administrator](../role-based-access-control/built-in-roles.md#user-access-administrator) and [Network Contributor](../role-based-access-control/built-in-roles.md#network-contributor). You can grant role assignments to both of them if you can't grant `Owner` permission.
+>
+> If you're using your own route table or a user defined route feature, you also need to grant Azure Spring Apps the same role assignments to your route tables. For more information, see the [Bring your own route table](#bring-your-own-route-table) section and [Control egress traffic for an Azure Spring Apps instance](how-to-create-user-defined-route-instance.md).
 
 ### [Azure portal](#tab/azure-portal)
 
@@ -295,6 +297,17 @@ The route tables to which your custom vnet is associated must meet the following
 * You can't update the associated route table resource after cluster creation. While you can't update the route table resource, you can modify custom rules on the route table.
 * You can't reuse a route table with multiple instances due to potential conflicting routing rules.
 
+## Using Custom DNS Servers
+
+Azure Spring Apps supports using custom DNS servers in your virtual network.
+
+If you don't specify custom DNS servers in your DNS Server Virtual Network setting, Azure Spring Apps will, by default, use the Azure DNS to resolve IP addresses. If your virtual network is configured with custom DNS settings, add Azure DNS IP `168.63.129.16` as the upstream DNS server in the custom DNS server. Azure DNS can resolve IP addresses for all the public FQDNs mentioned in [Customer responsibilities running Azure Spring Apps in a virtual network](vnet-customer-responsibilities.md). It can also resolve IP address for `*.svc.private.azuremicroservices.io` in your virtual network.
+
+If your custom DNS server can't add Azure DNS IP `168.63.129.16` as the upstream DNS server, use the following steps:
+
+* Ensure that your custom DNS server can resolve IP addresses for all the public FQDNs. For more information, see [Customer responsibilities running Azure Spring Apps in a virtual network](vnet-customer-responsibilities.md).
+* Add the DNS record `*.svc.private.azuremicroservices.io` to the IP of your application. For more information, see the [Find the IP for your application](access-app-virtual-network.md#find-the-ip-for-your-application) section of [Access an app in Azure Spring Apps in a virtual network](access-app-virtual-network.md).
+
 ## Next steps
 
 * [Troubleshooting Azure Spring Apps in VNET](troubleshooting-vnet.md)
