It would be amazing if you did a video on how to use todays Azure Private DNS Revolvers along with DNS forwarding rulesets to access private link endpoints from on prem via VPN.
Thanks Travis. i am curious if azure dns private resolver would work in a similar scenario where on-premises AD/clients require resolution to private endpoints in azure?
I believe so and have that on a short list for an upcoming video. One thing to note that I found after initial research is that a private resolvers are more expensive then a small VM.
Hey Travis. Great video. I watch all your videos. I have a question. If you want a GLOBAL DNS (for on premise and azure network using the same DNS SERVER). The best aproach would be the FORWARD LOOKUP ZONES. Right? Thank you.
Do you have a video dealing with P2S VPN accessing a Azure File Share? I'm in a situation where I just need the individual Windows clients connecting to an AFS via Azure P2S VPN. I have the File Share and P2S VPN setup (Thanks for your video on P2S), but I'm confused what I need in order to facilitate client access to the share over the VPN. I assume I need to spin up a DNS server in Azure and have the VPN configured to use that as it's dns server?
You seem to have missed out the obvious solution to this which is Private DNS Zones. This gets around the issue with Conditional Forwarders not being able to resolve Private Endpoints in other vNETs. Manually creating records for FWD Lookup zones isn't a feasible solution.
Great, I have only one question. Can we make conditional forwarding in Windows 10/11? If it cannot be done then Azure VPN Client is useless in Windows 10/11.
at 9:30, why is it that the second vnet is unable to resolve the file endpoint url? if not private dns zone, the public dns zone should be able to resolve the end point url to the public ip address, right?
What if we have multiple Virtual Machines, who need to access one storage account, using a private endpoint? How will you configure the Private DNS zone, when multiple Private End Points are connecting different Virtual networks to a single Azure Service (e.g. Azure SQL Server)? The private DNS explicitly warns us to not integrate multiple endpoints connecting to the same Service.
As always Travis your doing a great jobs by clearing confusions around on perm and az dns connectivity. Keep up the great work! How about the Az Traffic Manger can we integrate to private link or no?
Hi Traviz, I have 20+ subscription to manage and i would like to setup something to monitor the drain mode status of the Session host in the hostpoool in each subscription. Could you point out some setups ?
So this means I need to create multiple Forward Lookup Zones on my DNS? - privatelink.blob.core.windows.net - privatelink.file.core.windows.net - privatelink.queue.windows.net ......
Yes. This is extremely annoying. Every resource type seems to have its own domain zone as well so we're ending up with an untold number of *manually configured* conditional forwarders on our DNS servers. Also, since these forwarders are set for the domain used for public endpoints, we're now adding failure points in our dns system. Where we'd be querying Azure public/highly available DNS servers, we're now forcing all this resolution to a private VM we must maintain in the vnet (even to resolve public endpoints for other companies hosting in Azure as well).