DNS Server placement

[gerrynicol]

Can this diagram be reviewed please to reflect the DNS flow and DNS server placement.

In an Azure Landing Zone deployment, the DNS servers are located in their own spoke VNET, not the Hub vNET. This means that the 'client VM's' in the spoke VNET would need to either point at that IP's of the DC's in the Identity spoke VNET or to a Private DNS resolver in the Hub (The prefererd option I believe). If you do the former then the Private DNS zone (i.e. blob.core.windows.net) would also need to be linked to the Identity (DC) VNET alongside a conditional forwarders

Thanks Gerry

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 957180b5-a990-5e3b-2664-2685aba4a43e
• Version Independent ID: 10d75f1a-7322-34a9-eeac-a431d5d00fd8
• Content: Failover considerations for storage accounts with private endpoints - Azure Storage
• Content Source: articles/storage/common/storage-failover-private-endpoints.md
• Service: azure-storage
• Sub-service: storage-common-concepts
• GitHub Login: @stevenmatthew
• Microsoft Alias: shaas

[RamanathanChinnappan-MSFT]

@gerrynicol Thanks for your feedback! We will investigate and update as appropriate.

[ManoharLakkoju-MSFT]

@stevenmatthew Can you please check and add your comments on this doc update request as applicable.

[ManoharLakkoju-MSFT]

@gerrynicol I'm going to assign this to the document author so they can take a look at it accordingly