DEV Community

Discussion on: Using Azure private links and private DNS zones with globally distributed resources

pacodelacruz profile image

Hi Kai,

Great post! Thanks for sharing!

Did you create multiple DNS Private Zones for the same resource for each regional VNET?
As per my understanding Microsoft recommends creating one single Private DNS Zone as suggested here. You can link that Private DNS Zone with multiple VNETs as described here
This way you can manage all your Private Zones in one resource group. Unless you faced any limitations with that approach?

Look forward to your thoughts :)

kaiwalter profile image
Kai Walter Author

Hello Paco,

right, for most of the resources - which have a unique name within a region and hence a unique IP address - I created one private DNS zone and linked that to multiple VNETs. For the 2 in our environment "global" resources like CosmosDb and Container Registry, which are linked into all regional VNETs and with that have different IP addresses for the same "global" name, this did not work. I did add same name with multiple IP addresses into the one private DNS zone for e.g. CosmosDB, but with that resolution and accessing the service was not possible - our VNETs are not cross-connected and there was no way controlling that always the correct "local/regional" IP address was resolved. Hence the approach that for these global resources I have regional private DNS zones with the proper local/regional IP address.

Does this make sense? Maybe I overlooked something here but I was really checking docs and also haunting MS support :-)


pacodelacruz profile image
pacodelacruz • Edited

It does make sense. Thanks for clarifying Kai!