You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**Azure Data Lake Storage Gen2**| (Microsoft.Storage/storageAccounts) | Blob (blob, blob_secondary) |
56
56
57
-
For details on region availability, please review [Private Link availability](private-link-overview.md#availability).
58
57
59
-
60
58
## Network security of private endpoints
61
59
When using private endpoints for Azure services, traffic is secured to a specific private link resource. The platform performs an access control to validate network connections reaching only the specified private link resource. To access additional resources within the same Azure service, additional private endpoints are required.
62
60
@@ -79,18 +77,16 @@ The private link resource owner can perform the following actions over a private
79
77
> Only a private endpoint in an approved state can send traffic to a given private link resource.
80
78
81
79
### Connecting using Alias
82
-
Alias is a unique named moniker that is generated when the service owner create its own private link service behind a standard load balancer. Service owner can share this Alias with its consumers offline. Consumers can request a connection to private link service using either the resource URI or the Alias. If you want to connect using Alias, you must create private endpoint using manual connection approval method. For using manual connection approval method, set manual request parameter to true during private endpoint create flow. Look at [New-AzPrivateEndpoint](https://docs.microsoft.com/en-us/powershell/module/az.network/new-azprivateendpoint?view=azps-2.6.0) and [az network private-endpoint create](https://docs.microsoft.com/en-us/cli/azure/network/private-endpoint?view=azure-cli-latest#az-network-private-endpoint-create) for details.
80
+
Alias is a unique moniker that is generated when the service owner creates the private link service behind a standard load balancer. Service owner can share this Alias with their consumers offline. Consumers can request a connection to private link service using either the resource URI or the Alias. If you want to connect using Alias, you must create private endpoint using manual connection approval method. For using manual connection approval method, set manual request parameter to true during private endpoint create flow. Look at [New-AzPrivateEndpoint](https://docs.microsoft.com/en-us/powershell/module/az.network/new-azprivateendpoint?view=azps-2.6.0) and [az network private-endpoint create](https://docs.microsoft.com/en-us/cli/azure/network/private-endpoint?view=azure-cli-latest#az-network-private-endpoint-create) for details.
83
81
84
82
## DNS configuration
85
-
When connecting to a private link resource using a fully qualified domain name (FQDN) as part of the connection string, it's important to correctly configure your DNS settings to resolve into the allocated private IP addresses. Existing Azure services might already have a DNS configuration to use when connecting over a public endpoint. This needs to be overridden to connect using your private endpoint.
83
+
When connecting to a private link resource using a fully qualified domain name (FQDN) as part of the connection string, it's important to correctly configure your DNS settings to resolve to the allocated private IP address. Existing Azure services might already have a DNS configuration to use when connecting over a public endpoint. This needs to be overridden to connect using your private endpoint.
86
84
87
85
The network interface associated with the private endpoint contains the complete set of information required to configure your DNS, including FQDN and private IP addresses allocated for a given private link resource.
88
86
89
-
A given network interface can contain multiple private IP addresses (IPConfigurations), each as a corresponding private IP address and an array of FQDNs that must resolve into the same private IP address.
90
-
91
87
You can use the following options to configure your DNS settings for private endpoints:
92
-
-**Use the Host file (only recommended for testing)**. You can use the host file on a test virtual machine to override the DNS.
93
-
-**Use a private DNS zone**. You can use private DNS zones to override the DNS resolution for a given private endpoint. A private DNS zone can be linked to your virtual networks to resolve specific domains.
88
+
-**Use the Host file (only recommended for testing)**. You can use the host file on a virtual machine to override the DNS.
89
+
-**Use a private DNS zone**. You can use private DNS zones to override the DNS resolution for a given private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.
94
90
-**Use your custom DNS server**. You can use your own DNS server to override the DNS resolution for a given private link resource. If your DNS server is hosted on a virtual network, you can create a DNS forwarding rule to use a private DNS zone to simplify the configuration for all private link resources.
95
91
96
92
> [!IMPORTANT]
@@ -110,7 +106,7 @@ For Azure services, use the recommended zone names as described in the following
110
106
||||
111
107
112
108
113
-
The Azure service provider will create a canonical name DNS record (CNAME) on the public DNS to redirect the resolution to the suggested domain names. You'll be able to override the resolution with the private IP address of your private endpoints.
109
+
Azure will create a canonical name DNS record (CNAME) on the public DNS to redirect the resolution to the suggested domain names. You'll be able to override the resolution with the private IP address of your private endpoints.
114
110
115
111
Your applications don't need to change the connection URL. When attempting to resolve using a public DNS, the DNS server will now resolve to your private endpoints. The process does not impact your applications.
0 commit comments