Hello @N Wakchaure, Jagdish
Your issue is quite common
Indeed , Azure DNS zones, which resolve private endpoint names for Azure file shares, are not directly accessible from on-premises networks. The existing conditional forwarders on your Azure DCs work within Azure but won't help on-premises users.
- Create a DNS forwarding zone on your on-premises DNS servers. This zone will be responsible for handling requests for the Azure private DNS zone names (e.g.,
privatelink.file.core.windows.net
). - Configure this forwarding zone to forward queries to your Azure-based DNS servers (the two DCs you mentioned).
- Conditional Forwarder (On-Premises):
- On your on-premises DNS servers, create a conditional forwarder that matches the DNS names in your Azure private DNS zone.
- Point this conditional forwarder to the IP addresses of your Azure-based DNS servers.
- Ensure that this conditional forwarder is scoped to apply only to your on-premises DNS servers.
- Firewall Rules (Azure):
- In your Azure network security groups (NSGs), allow inbound DNS traffic (UDP port 53) from your on-premises DNS servers to your Azure-based DNS servers. This ensures that the forwarding queries are not blocked.
Try this setup and come back with the results !
--
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards