Simplify Private Endpoint DNS resolution from on-premises
Currently to access a storage account with private endpoints, one must do the following to achieve a simple DNS resolution from on-premise machines (across VPN/ExpressRoute):
- Create DNS proxy VMs to forward DNS traffic to Azure DNS server 220.127.116.11
- Setup DNS forwarding on on-prem DNS to forward traffic to the DNS proxy VM in step #1.
- Azure DNS entries will have to be manually updated if any Private Endpoint is changed/removed/re-created.
A workaround is to simply create a hosts file entry for the storage account name on the local on-premise machine, but this does not work well with Azure Storage Explorer, and the solution obviously does not scale well.