How to Set Up On-Prem DNS for Azure Private Link?

To get your on-prem DNS to work with Azure private endpoints, you'll need to set up conditional forwarders. However, since you’re avoiding anything in Azure like a VM or Private Resolver, that's tricky. Without a forwarder in Azure that can talk to the Azure wire server, your on-prem DNS won't be able to resolve those private zones properly.

I understand where you’re coming from with not wanting a VM in Azure, but having one could simplify things. You could set up a lightweight VM as a DNS server to handle the private zones for you. It’s worth considering, as it might reduce the complexity of your setup!

If you know the static IPs for your private endpoints, setting them up in your on-prem DNS manually could be a good solution. Just keep in mind that this requires manual updates whenever the endpoints change, but it’s straightforward if the number of changes is low.

As a workaround, you could also manually set up the private endpoint records in your on-prem DNS. It’s not the most efficient approach, especially if you’ll be adding endpoints regularly, but it’ll work for immediate needs without Azure resources.

Non-Azure machines can't directly reach the Azure wire server for DNS resolution. You can either create a copy of your private zones on your local DNS server or manage them separately, which might be cumbersome. It’s often easier to maintain them in one place, like Azure, and use a forwarder if you decide to go that route.