Pvt DNS zone best practice

Mohammed Thahif BK 341 Reputation points


We have a hub n spoke topology in 2 regions (prod & DR). We are planning to enable pvt endpoints for various PaaS services. In terms of creating pvt DNS zone for these services, do we have to create separate DNS zone in each region per service basis? or 1 dns zone is enough for a given resource type?

for eg: for a storage blob, do we have to create the zone privatelink.blob.core.windows.net both in prod and DR region? or only in PROD is enough and all vnets can be connected.

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
472 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Ilkin Javadov 1 Reputation point

    The two variant in my opinion absolutely true.
    only in PROD is enough and all vnets can be connected.

    0 comments No comments

  2. KapilAnanth-MSFT 36,861 Reputation points Microsoft Employee

    Hi @Mohammed Thahif BK ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you would like to know best practices for Private DNS Zone.

    In Azure, Private DNS Zones are not bound to a region.
    I.e, they do not have location property.

    Hence, you can create a single zone and link it to any virtual network.



    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    0 comments No comments