Hello @Piotr E ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you want to access a blob storage connected to private endpoint via Microsoft Azure Storage Explorer over an Azure P2S VPN Connection and would like to know if there is a better way than using an Azure Private DNS Resolver to access the private DNS zone.
For on-premises workloads to resolve the FQDN of a private endpoint, you need to use a DNS forwarder to resolve the Azure service public DNS zone in Azure.
A DNS forwarder is a Virtual Machine running on the Virtual Network linked to the Private DNS Zone that can proxy DNS queries coming from other Virtual Networks or from on-premises. This is required as the query must be originated from the Virtual Network to Azure DNS.
A few options for DNS proxies are: Windows running DNS services, Linux running DNS services, Azure Firewall. Or you could use the new Azure service called Azure DNS Private Resolver that enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying VM based DNS servers.
If you check the table in Name resolution for resources in Azure virtual networks article, you can find the below:
Conditional forwarding for Azure Private DNS is natively supported using Azure DNS Private Resolver.
Refer: https://learn.microsoft.com/en-us/azure/dns/private-dns-overview#other-considerations
Usage of Azure DNS Private Resolver service can be found in the below docs:
Refer: https://learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview
https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns
If you don't want to use Azure Private DNS Resolver, then for P2S VPN clients to be able to resolve Private Endpoint entries hosted on Azure Private DNS Zones, you must leverage an existing DNS Server (Forwarder or Proxy) or deploy one IaaS VM using a DNS Server role. That is required for P2S VPN clients to be able to consume Azure Private DNS Zone which is exposed to 168.63.129.16 via DNS Forwarder/Proxy.
Once you have a DNS forwarder/proxy deployed on Azure, you can define the DNS server at the VNET level or set DNS Server configuration directly on client XLM profile. Post this, you will be able to resolve Private Endpoint entries from your P2S clients.
Refer: https://github.com/dmauser/PrivateLink/tree/master/DNS-Integration-P2S
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.