Recently, I had to configure some storage accounts to consume Azure files for users. I decided to use private DNS servers and route all traffic down an existing Express route circuit.
The official documentation on configuring Private DNS and how it works can be found on the microsoft documentation site.
This article assume you already have a storage account setup with the appropriate container / file share already setup and these storage accounts are using private links.
To configure Private Link DNS – I did the following:
Open up “Private DNS Zones” in the Azure portal
Once in Private DNS Zones, create a new zone and fill in the required details:
- The name is the DNS name that will be applied to the storage account names. In a hub and spoke topology, deploy the new Zone in the hub subscription and network.
Once the Zone has been created, go to the required private links and select “DNS Configuration” then “+ Add Configuration”
Add the zone that was previously created
- The configuration name is arbitrary, but it is recommended to use your storage account name or something that will help identify the resource
Once DNS zone configuration has been added – go back to the Private DNS zones and click on virtual network links
Then select Add, and add in the virtual network where your resources reside.
On your on-prem DNS servers you will need to create conditional forwarders for your cloud domains such as file.core.windows.net, blob.core.windows.net and any other ones you will be utilizing. The conditional forwarders will need to point to an IaaS vm running DNS on it or any other DNS forwarder in the Azure environment. On the DNS forwarder in Azure you will need to point the same conditional forwarders to 220.127.116.11 (internal Azure DNS server)
If you get errors stating that the DNS forwarder is not authoritative for the domain, you can safely ignore these.
Once this is complete you should be able to resolve internal addresses without having to change the resource.file.core.windows.net addressing on the front end. Hopefully, this will help on how to configure azure private dns with private links