From 7f1db4955a6cad6d5b2ce07450895885f26d7f94 Mon Sep 17 00:00:00 2001
From: Håkon Hallingstad <hakon@yahooinc.com>
Date: Thu, 29 Feb 2024 14:42:12 +0100
Subject: Document private vs public IPs in Azure

---
 .../main/java/com/yahoo/vespa/hosted/provision/node/Dns.java  | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'node-repository/src/main')

diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/Dns.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/Dns.java
index 9f5aaf4b327..1131529c84e 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/Dns.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/Dns.java
@@ -38,11 +38,12 @@ public class Dns {
         }
 
         if (cloudName == CloudName.AZURE) {
-            return ipVersion.is6() ?
-                    EnumSet.noneOf(RecordType.class) :
-                    enclave || hostType == confighost ?
-                            EnumSet.of(RecordType.FORWARD, RecordType.PUBLIC_FORWARD) :
-                            EnumSet.of(RecordType.FORWARD);
+            return ipVersion.is6() ? EnumSet.noneOf(RecordType.class) :
+                   // Each Azure enclave and cfg host and child gets one private 10.* address and one public address.
+                   // The private DNS zone resolves to the private, while the public DNS zone resolves to the public,
+                   // which is why we return FORWARD and PUBLIC_FORWARD here.  The node repo only contains the private addresses.
+                   enclave || hostType == confighost ? EnumSet.of(RecordType.FORWARD, RecordType.PUBLIC_FORWARD) :
+                   EnumSet.of(RecordType.FORWARD);
         }
 
         throw new IllegalArgumentException("Does not manage DNS for cloud " + cloudName);
-- 
cgit v1.2.3