Open vasra-gh opened 1 month ago
fawadasaurus
commented
1 month ago Hi @vasra-gh
Do you use the privatelink hostnames for your private network endpoints?
https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
I am thinking that another solution would be that if the provided url has the privatelink suffix that it should honor that.
vasra-gh
commented
1 month ago Hi @vasra-gh
Do you use the
privatelinkhostnames for your private network endpoints?https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
I am thinking that another solution would be that if the provided url has the
privatelinksuffix that it should honor that.
Hi @fawadasaurus, thanks for the reply We have the DNS records registered within another part of the organization subscription that maintains the private DNS resolver. We simply ask to link the hostnames of the blob storage endpoint to a specific private endpoint. Attempting to resolve the privatelink hostname with a public dns will just resolve to a public ip. Maybe I am missing something, but just adding the privatelink subdomain to the endpoint doesn't do anything in our case
fawadasaurus
commented
1 month ago Ok. This seems like a unique setup.
I believe that the intended setup is that the systems that are able to access the private endpoint will (by default) use a resolver that has the internal IP address for the resource. But it sounds like you do not have that option with your current environment setup.
Is there a way to override the dns resolver for requests made to blob storage? If an Azure storage account has public access disabled and is only accessible via a private network, then we need to use a private DNS which there is no way to force it on the Azure SDK HTTP client. Otherwise, there is a chance that the client uses a public DNS, and it will get an unauthorized response when obtaining blob data.