Azure Private DNS Resolver Configuration Issues

Question

The scenario involves two storage accounts: one with a Private Endpoint and public access disabled, and another with public access enabled. A Conditional Forwarder has been set up to point to a Private DNS resolver for name resolution from on-premises. Accessing the storage account with the Private Endpoint works fine, but accessing the storage account without a Private Endpoint fails.

What steps can be taken to resolve this issue? Additionally, is there a way to configure the Private DNS resolver to query public DNS if there is no A record in the Private DNS zone? This feature would be beneficial for customers transitioning to a Hybrid DNS solution.

Answer 1

@Kosalan A ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Please note that this is not related to Azure Private DNS Resolver,

• Instead, this is the behavior when using a Private DNS Zone
• Until recently, if you are going to query a Private DNS Zone and this zone does not contain a record, the DNS Query will not fall back to Internet
  • You will get a NXDOMAIN response (as the record is not part of the Private DNS Zone)

However, our Product team released a new feature to address this

• See : Fallback to internet for Azure Private DNS zones (Preview)
• This setting is available in the Azure portal at: Private DNS zones > Virtual Network Links > Enable fallback to internet.

Important thing to note here is that this is in preview as of now and hence not recommended for production workloads.

You can use this to test your lower/dev/test environment and once the feature becomes generally available, you can use them in Production workload.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.