DNS_HOSTNAME_RESOLVED_PRIVATE Error with Custom Auth0 Domain

Help
1

Hello Vercel Community,

I am experiencing a persistent DNS_HOSTNAME_RESOLVED_PRIVATE error on my Vercel project when my application, attempts to complete the Auth0 login flow. I am on the Hobby (free) plan.

404: NOT_FOUND
Code: DNS_HOSTNAME_RESOLVED_PRIVATE
ID: fra1::2hgmz-1748359167188-87ace65c989b


Read our documentation to learn more about this error.

Project Details:

  • Production Domain: https://www.domain.com
  • Auth0 Custom Domain: https://auth.domain.com

Problem Description:

  • My Vercel app’s /api/auth/login endpoint returns 200 OK in Vercel logs, indicating it’s initially working.
  • However, after initiating the Auth0 flow and returning to my Vercel application, I receive a 404: NOT_FOUND page with the DNS_HOSTNAME_RESOLVED_PRIVATE error (e.g., fra1::k45qr-1748355475782-b35b79dddb20).
  • The login flow works perfectly on http://localhost:3000.

My Setup & Checks:

  1. DNS Configuration:
  • www.domain.com correctly points to Vercel (A-record to 76.76.21.21 or CNAME to cname.vercel-dns.com). Vercel shows “Valid Configuration” for this domain.
  • auth.domain.com correctly points to Auth0 via a CNAME record (e.g., dev-***.edge.tenants.us.auth0.com). This is essential for my custom Auth0 domain. My DNS provider correctly handles this, and external DNS lookups show auth.domain.com resolving to Auth0.
  • Vercel’s domain settings UI suggests adding a CNAME for auth.domain.com to cname.vercel-dns.com, but this conflicts with my Auth0 CNAME and would break my Auth0 custom domain setup.
  1. Vercel Environment Variables:
  • APP_BASE_URL is set to https://www.domain.com for Production.
  • AUTH0_DOMAIN is set to auth.domain.com for Production.
  • All other AUTH0_* variables are correctly configured for Production.
  1. Auth0 Application Settings:
  • Allowed Callback URLs: https://www.domain.com/auth/callback,http://localhost:3000/auth/callback
  • Allowed Web Origins: https://www.domain.com,http://localhost:3000
  • Allowed Logout URLs: https://www.domain.com,http://localhost:3000
  • All these URLs are precisely configured.

My Hypothesis:

Given that external DNS for both domains is correct, and my Vercel app logs show a 200 for the initial /api/auth/login request, I suspect this DNS_HOSTNAME_RESOLVED_PRIVATE error is occurring due to an internal DNS resolution or networking issue within Vercel’s platform when my serverless function tries to communicate with auth.domain.com (my custom Auth0 domain) during the authentication process.

Any help or insights from the community, or Vercel staff who monitor the forums, would be greatly appreciated.

Thank you.

2

There’s another community post with 404 debugging tips that might be helpful. Please give these solutions a try and let us know how it goes.

A human should be around soon to offer more advice. But you can also get helpful information quickly by asking v0.

4

From the docs on DNS_HOSTNAME_RESOLVED_PRIVATE:

The DNS_HOSTNAME_RESOLVED_PRIVATE error occurs when attempting to connect to a private IP from an external rewrite, or when trying to connect to an IPv6 address. The error indicates that the DNS hostname resolved to a private or inaccessible IP address.

I recommend using Auth0’s default domain instead of your custom domain. So you would pout the Auth0 domain (like dev-***.edge.tenants.us.auth0.com) in your Vercel environment variables instead of your custom domain. Your custom domain could still be used for the user-facing login experience, but your backend would communicate with Auth0’s default domain directly.

A couple of other things to check:

  • Make sure your Auth0 callback URLs exactly match your application URLs, including trailing slashes if necessary. Even small differences can cause authentication failures.
  • Look at your Auth0 logs to see if there are any errors during the authentication process

Please give that a try and let me know how it goes :slightly_smiling_face: