I'm looking to migrate my on-premises file server to Azure Files, and I'm a bit unsure about the DNS setup. I'm considering whether I need to implement DNS conditional forwarding from my on-prem DNS server to the Azure IP (168.63.129.16). Also, I'm confused about why my file server is showing a public IP address when using nslookup on an Azure VM. I believe I need to make sure that file.core.windows.microsoft.net resolves to a private IP address. By the way, the cost of Azure's DNS private resolver seems a bit high at $180/month for a single endpoint. Any advice would be appreciated!
3 Answers
You can definitely manage this with your On-Prem DNS or Active Directory DNS. In fact, we've been implementing this for multiple Azure services across North America and APAC, utilizing a mixed setup with numerous Domain Controllers on-prem and in Azure regions. Check out this Hybrid DNS scenario for more info: [Hybrid DNS Guide](https://github.com/dmauser/PrivateLink/tree/master/DNS-Scenario-Using-AD#scenario).
For your on-prem DNS server, create a new zone called file.core.windows.net and then add an A record for your storage account's private endpoint IP. This setup will ensure that the storage account name resolves to the correct private endpoint IP within your internal network. Unfortunately, you can't map Azure Files via just an IP address; going through the DNS route is necessary.
Awesome! I set up a zone for privatelink.file.core.windows.net and added the A record without a PTR record. It looks like it’s working perfectly now! Thanks for your help, it's really saved me a lot of time!
Since you've found a workaround, keep in mind that the 168 Azure DNS is only reachable from the VNet. If you're planning to set up forwarders for Azure-aware DNS updates, you'll need to have a DNS server in your VNet that forwards to it. You can use either Azure's DNS or a separate VM/container set up for this.
Just a heads up! Make sure to add the new zone in the forward lookup area when setting this up. Trying it out now!