I've set up a private endpoint for a new storage account in my VNet. Initially, I had whitelisted the IPs for some existing storage accounts and accessed them without any issues. However, now that I've created the private endpoint, the IPs for those original accounts aren't resolving anymore because all traffic is routed through the new private DNS zone, which only has an A record for the new storage account. I'm looking for a way to access the old storage accounts without needing to set up private endpoints for each of them. Any suggestions?
2 Answers
A good approach might be to enable the internet fallback for your private DNS zone. This feature will allow your storage accounts that don't have a private endpoint to resolve to their public IP addresses instead of failing with an NXDOMAIN error. It could help you maintain access without needing to create private endpoints for your existing storage accounts.
If you configure the private DNS zone correctly, enabling the internet fallback feature should help prevent those resolution issues. This way, any storage accounts that lack private endpoints will still be reachable via their public IPs, keeping everything accessible as needed.
Just a heads up, though, since you mentioned you can't allow open networks, you might want to double-check your security settings after enabling that.