Hey everyone, I'm relatively new to Azure and have set up a basic configuration with a storage account that has public access disabled, along with a virtual machine (VM). Since public access is turned off, I can't access the storage from my VM, which is fine. However, after creating a private endpoint for the storage account within the same virtual network (VNET) as my VM, I'm able to access the storage account from my VM. The confusing part is that when I run an nslookup for the storage account, it still returns the public IP, not the private endpoint IP. I'm trying to figure out how communication is happening over the public endpoint when the public access is completely disabled. I thought that access should be rejected unless I set up a private DNS zone or add a hosts entry. Any insights would be super helpful!
5 Answers
Have you linked your Private DNS zone to the VNET? Also, check if your VM is configured to use Azure DNS. That could affect how it resolves network names.
In a VNET with Azure's standard DNS (default), private endpoints should resolve correctly. You should see the private IP if it worked, which is why it’s puzzling that you're still seeing the public IP. This could be a misconfiguration.
When you say you're accessing the storage account, are you able to interact with the data or just view the account in the Azure portal?
If you enable a private Azure DNS and link that zone to your VNET, it helps route your queries properly, allowing you to use the public name for accessing the private endpoint.
The nslookup shows the public IP because it can't resolve the private IP without a hosts file entry or Azure DNS. The traffic is allowed within Azure since the storage account has a private endpoint.

Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux