Azure Application Gateway Default DNS Suffix

kh flag


What is the correct way to configure an Azure Application Gateway to be able to handle requests which use a host header with only a hostname (i.e. not a fully qualified domain name) due to clients relying on their DNS search suffix list to handle this.


We have an Azure Application Gateway which is configured with a Private IP to act as a load balancer for a variety of internal websites / web applications.

Since we're handling multiple sites on this app gateway, I've configured multi-site listeners, which rely on the HTTP/1.1 Host Header to correctly route requests to the relevant backend.

Many of these sites have FQDNs which are on our primary domain suffix; e.g. Because our primary domain is in our client device's search suffix list, this means that normally they'd be able to type reporting and have DNS resolve this to, taking them to the correct place. However, the browser doesn't send the DNS resolved FQDN, but sends the user entered hostname in the host header value. This means that my listener won't get the full name it expects.

I can work around this; creating a listener configured with the hostname without the DNS suffix to capture requests which arrive this way; and I can even handle HTTPS as we have an our own trusted certificate authority (i.e. AD Certificate Services), so can issue certificates which include both FQDN and the short name form in their SAN list.

However, I found an oddity after setting up a few sites... with listeners configured like below:

  • listener -> redirects to an external site
  • listener example1 -> redirects to listener
  • listener -> sits over a backend pool

I found that requests made to were being redirected to the external site configured on listener

I tested with Chrome's Developer Tools' Network > Disable Cache option checked to ensure I wasn't being affected by cached 301s, double checked the app gateway's configuration to ensure I'd not mapped the listener to the wrong request routing rule, or configured the rules incorrectly, and deleted and recreated the listeners and rules in case something had become corrupted; but with no joy.

When I changed the hostname of the example1 listener to XXXexample1 I found that started working as expected.

I've not found any documentation on this setup, so don't know if it's a bug, if what I'm trying is unsupported, if the listener isn't using a string but some form of pattern matching/regex equivalent, or if there's some other official way to handle this scenario instead of the method I "discovered".

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.