I'm new to Azure and trying to wrap my head around the networking for my simple setup. I've got a storage account with public access turned off and a virtual machine. Since public access is disabled, I can't access the storage account from the VM, which makes sense. Then, I created a private endpoint for the storage account in the same virtual network as my VM, and suddenly I can access the storage account from my VM. However, when I run `nslookup storage-name.blob.core.windows.net`, it still shows the public IP instead of the private endpoint IP. I'm confused as to how it's still communicating over the public endpoint when all public access is disabled. Shouldn't the connection be rejected until I create a private DNS zone or add an entry in the `/etc/hosts` file? Any guidance would be greatly appreciated!
1 Answer
Make sure your private DNS zone is linked to the right VNET. Are you using Azure DNS on your VM? That can impact resolution.
I don’t have a private DNS zone set up, and I’m not using Azure DNS either.