Merge pull request #285866 from sdwheeler/sdw-w303947-dns

Update FAQ for private DNS issue

Author: prmerger-automator[bot]

articles/cloud-shell/faq-troubleshooting.md

@@ -1,7 +1,6 @@
 ---
 description: This article answers common questions and explains how to troubleshoot Cloud Shell issues.
-ms.contributor: jahelmic
-ms.date: 08/22/2024
+ms.date: 08/29/2024
 ms.topic: troubleshooting
 tags: azure-resource-manager
 ms.custom: has-azure-ad-ps-ref
@@ -97,8 +96,10 @@ command that requires elevated permissions.
 - **Details**: When creating the Cloud Shell storage account for first-time users, it's
   unsuccessful due to an Azure Policy assignment placed by your admin. The error message includes:
 
-  > The resource action 'Microsoft.Storage/storageAccounts/write' is disallowed by
-  > one or more policies.
+  ```
+  The resource action 'Microsoft.Storage/storageAccounts/write' is disallowed by
+  one or more policies.
+  ```
 
 - **Resolution**: Contact your Azure administrator to remove or update the Azure Policy assignment
   denying storage creation.
@@ -118,17 +119,16 @@ command that requires elevated permissions.
   following domains:
   - `*.console.azure.com`
   - `*.servicebus.windows.net`
+  - `*.servicebus.usgovcloudapi.net` for Azure Government Cloud
 
-### Accessing Cloud Shell from VNET Isolation with a Private DNS Zone - Failed to request a terminal
+### Failed to request a terminal - Accessing Cloud Shell from a network that uses a private DNS resolver
 
 - **Details**: Cloud Shell uses Azure Relay for terminal connections. Cloud Shell can fail to
   request a terminal due to DNS resolution problems. This failure can be caused when you launch a
-  nonisolated Cloud Shell session from within a VNet-isolated environment that includes a private
-  DNS Zone for the servicebus domain.
+  Cloud Shell session from a host in a network that has a private DNS Zone for the servicebus
+  domain. This error can also occur if you're using a private on-premises DNS server.
 
-- **Resolution**: There are two ways to resolve this problem. You can follow the instructions in
-  [Deploy Cloud Shell in a virtual network][01]. Or, you can add a DNS record for the Azure Relay
-  instance that Cloud Shell uses.
+- **Resolution**: You can add a DNS record for the Azure Relay instance that Cloud Shell uses.
 
   The following steps show you how to identify the DNS name of the Cloud Shell instance and how to
   create a DNS record for that name.
@@ -139,7 +139,8 @@ command that requires elevated permissions.
      corner. Search for `terminals?` to find the request for a Cloud Shell terminal. Select the one
      of the request entries found by the search. In the **Headers** tab, find the hostname in the
      **Request URL**. The name is similar to
-     `ccon-prod-<region-name>-aci-XX.servicebus.windows.net`.
+     `ccon-prod-<region-name>-aci-XX.servicebus.windows.net`. For Azure Government Cloud, the
+     hostname ends with `servicebus.usgovcloudapi.net`.
 
      The following screenshot shows the Developer Tools in Microsoft Edge for a successful request
      for a terminal. The hostname is `ccon-prod-southcentalus-aci-02.servicebus.windows.net`. In
@@ -148,6 +149,9 @@ command that requires elevated permissions.
 
      [![Screenshot of the browser developer tools.](media/faq-troubleshooting/devtools-small.png)](media/faq-troubleshooting/devtools-large.png#lightbox)
 
+     For information about accessing the Developer Tools in other browsers, see
+     [Capture a browser trace for troubleshooting][03].
+
   1. From a host outside of your private network, run the `nslookup` command to find the IP address
      of the hostname as found in the previous step.
 
@@ -159,15 +163,15 @@ command that requires elevated permissions.
 
      ```Output
      Server:         168.63.129.16
-     Address:        168.63.129.16#53
+     Address:        168.63.129.16
 
      Non-authoritative answer:
      ccon-prod-southcentralus-aci-02.servicebus.windows.net  canonical name = ns-sb2-prod-sn3-012.cloudapp.net.
      Name:   ns-sb2-prod-sn3-012.cloudapp.net
      Address: 40.84.152.91
      ```
 
-  1. Add an A record for the public IP in the Private DNS Zone of the VNET isolated setup. For this
+  1. Add an A record for the public IP in the Private DNS Zone of your private network. For this
      example, the DNS record would have the following properties:
 
      - Name: ccon-prod-southcentralus-aci-02
@@ -178,6 +182,13 @@ command that requires elevated permissions.
      For more information about creating DNS records in a private DNS zone, see
      [Manage DNS record sets and records with Azure DNS][02].
 
+     > [!NOTE]
+     > This IP address is subject to change periodically. You might need to repeat this process to
+     > discover the new IP address.
+
+  Alternately, you can deploy your own private Cloud Shell instance. For more information, see
+  [Deploy Cloud Shell in a virtual network][01].
+
 ## Managing Cloud Shell
 
 ### Manage personal data
@@ -232,3 +243,4 @@ Use the following steps to delete your user settings.
 <!-- link references -->
 [01]: /azure/cloud-shell/vnet/overview
 [02]: /azure/dns/dns-operations-recordsets-portal
+[03]: /azure/azure-portal/capture-browser-trace