@Tong, Tong Thank you for reaching out.
I understand you have a question regarding Disaster Recovery for DNS resolution of Azure Storage accounts integrated with Azure private endpoints.
I think it will help if you could go through this similar architecture is described here. This article provides an example architecture of a geo-replicated storage account using private endpoints for secure networking, and what is needed for each BCDR scenario.
Based on your question above
However the question is how can we setup DNS to allow the same FQDN name resolve to centralus private endpoint IP in case of eastus2 goes down.
In the architecture above geo-redundant storage account is deployed in the primary region, but has private endpoints for its blob endpoint in both regions.
The two private endpoints can't use the same Private DNS Zone for the same endpoint. As a result, each region uses its own Private DNS Zone.
You can also go through this failover scenarios described here
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.