Open vasra-gh opened 1 month ago
Hi @vasra-gh
Do you use the privatelink
hostnames for your private network endpoints?
https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
I am thinking that another solution would be that if the provided url has the privatelink
suffix that it should honor that.
Hi @vasra-gh
Do you use the
privatelink
hostnames for your private network endpoints?https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns
I am thinking that another solution would be that if the provided url has the
privatelink
suffix that it should honor that.
Hi @fawadasaurus, thanks for the reply We have the DNS records registered within another part of the organization subscription that maintains the private DNS resolver. We simply ask to link the hostnames of the blob storage endpoint to a specific private endpoint. Attempting to resolve the privatelink hostname with a public dns will just resolve to a public ip. Maybe I am missing something, but just adding the privatelink subdomain to the endpoint doesn't do anything in our case
Ok. This seems like a unique setup.
I believe that the intended setup is that the systems that are able to access the private endpoint will (by default) use a resolver that has the internal IP address for the resource. But it sounds like you do not have that option with your current environment setup.
Is there a way to override the dns resolver for requests made to blob storage? If an Azure storage account has public access disabled and is only accessible via a private network, then we need to use a private DNS which there is no way to force it on the Azure SDK HTTP client. Otherwise, there is a chance that the client uses a public DNS, and it will get an unauthorized response when obtaining blob data.