Windows Web App and VNET Integration strange behavior with DNS

Hi there,

What i thought to be completely anecdotic is actually a pain.

We have a hub & spoke infrastructure, and everything works as expected with our centralized dns forwarders, in any direction for onprem or spokes. But not for a windows web app.

The windows web app just doesn't care about the Custom DNS configuration of the VNET where it is integrated.

If i reach the console for this webapp and try to resolve a private endpoint fqdn, it will endlessly point to the public endpoint.

If i take a linux webapp integrated into the same VNET, it correctly resolves all the private endpoints that are configured.

$ nslookup [vaultname].vault.azure.net
Server:         127.0.0.11
Address:        127.0.0.11#53

Non-authoritative answer:
[vaultname].vault.azure.net canonical name = [vaultname].privatelink.vaultcore.azure.net.
Name:   [vaultname].privatelink.vaultcore.azure.net
Address: 10.0.0.4

As the windows web app console is really restricted, i cant really manage to troubleshoot further the behavior.

C:\home>nslookup [vaultname].vault.azure.net
Non-authoritative answer:
Server:  UnKnown
Address:  168.63.129.16

Name:    chn.tm.prd.r.kv.aadg.trafficmanager.net
Addresses:  51.103.202.76
  51.107.58.2
  20.208.18.76

This is not aligned with Integrate your app with an Azure virtual network - Azure App Service | Microsoft Learn

Has any one of you faced this issue with windows containers web apps ?