Skip to Content

AZ-700: How to Configure DNS for Private Endpoints in Azure Storage with Site-to-Site VPN?

Learn the best way to configure DNS for Azure Storage’s private endpoint with a Site-to-Site VPN. Discover how to minimize maintenance efforts with a DNS forwarder and Azure Private DNS zone for seamless connectivity.

Table of Contents

Question

Your on-premises network and Azure subscription are connected via a Site-to-Site (S2S) VPN.
You have an Azure Storage account named storage1 with a file share named share1.
You are configuring a private endpoint for storage1.
You need to ensure that the DNS name of storage1 will be resolvable to its private IP address from the on-premises network. The solution must minimize the effort of maintaining updates in case of private endpoint changes.
What should you configure?

A. a DNS forwarder and an Azure Private DNS zone
B. an Azure Private DNS zone linked to a virtual network
C. an on-premises forward lookup zone
D. an on-premises reverse lookup zone

Answer

A. a DNS forwarder and an Azure Private DNS zone

Explanation

A private DNS zone group creates an association between the private endpoint and the zone, so if the endpoint is deleted it will remove it from DNS.
A forward lookup zone will work but needs to be updated manually for new endpoints or removals. A private DNS zone group will only work for Azure virtual machines.

Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Designing and Implementing Microsoft Azure Networking Solutions AZ-700 exam and earn Designing and Implementing Microsoft Azure Networking Solutions AZ-700 certification.