Multiple private endpoints in different regions for same resource DNS resolving

Tong, Tong 20 Reputation points
2024-06-21T13:21:56.62+00:00

We have a storage account setup in eastus2 with GRS replication to centralus. In case of DR, we need to know how to access the private endpoint in centralus region.

I assume we may need to setup multiple private endpoints. One used in eastus2, one setup in centralus. However the question is how can we setup DNS to allow the same FQDN name resolve to centralus private endpoint IP in case of eastus2 goes down. Or we just manually change the mapping in Azure private DNS zone?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
631 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
492 questions
0 comments No comments
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 24,656 Reputation points Microsoft Employee
    2024-06-21T18:39:56.6466667+00:00

    @Tong, Tong Thank you for reaching out.

    I understand you have a question regarding Disaster Recovery for DNS resolution of Azure Storage accounts integrated with Azure private endpoints.

    I think it will help if you could go through this similar architecture is described here. This article provides an example architecture of a geo-replicated storage account using private endpoints for secure networking, and what is needed for each BCDR scenario.

    User's image

    Based on your question above

    However the question is how can we setup DNS to allow the same FQDN name resolve to centralus private endpoint IP in case of eastus2 goes down.

    In the architecture above geo-redundant storage account is deployed in the primary region, but has private endpoints for its blob endpoint in both regions.

    The two private endpoints can't use the same Private DNS Zone for the same endpoint. As a result, each region uses its own Private DNS Zone.

    You can also go through this failover scenarios described here

    Hope this helps! Please let me know if you have any additional questions. Thank you!


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful