Add an additional option to work around AKS limitation

On a large Enterprise I found a way to achieve this for hub and spoke networking, the secret is to deploy AKS with no DNS Zone and then create a seperate Zone where you can add the aks subnet to the linked network and add the corresponding A records

Author: markcunninghamuk

articles/aks/private-clusters.md

@@ -151,7 +151,7 @@ As mentioned, virtual network peering is one way to access your private cluster.
 
 2. The private DNS zone is linked only to the VNet that the cluster nodes are attached to (3). This means that the private endpoint can only be resolved by hosts in that linked VNet. In scenarios where no custom DNS is configured on the VNet (default), this works without issue as hosts point at 168.63.129.16 for DNS that can resolve records in the private DNS zone because of the link.
 
-3. In scenarios where the VNet containing your cluster has custom DNS settings (4), cluster deployment fails unless the private DNS zone is linked to the VNet that contains the custom DNS resolvers (5). This link can be created manually after the private zone is created during cluster provisioning or via automation upon detection of creation of the zone using event-based deployment mechanisms (for example, Azure Event Grid and Azure Functions).
+3. In scenarios where the VNet containing your cluster has custom DNS settings (4), cluster deployment fails unless the private DNS zone is linked to the VNet that contains the custom DNS resolvers (5). This link can be created manually after the private zone is created during cluster provisioning or via automation upon detection of creation of the zone using event-based deployment mechanisms (for example, Azure Event Grid and Azure Functions). Additionally to avoid the cluster failure on first time deployment the aks cluster can be deployed with privateDNSZone set to 'none' and an additional private dns zone can be created outside of the managed resource group using powershell or the azure cli where virtual network links and dns A records can be created.
 
 > [!NOTE]
 > Conditional Forwarding doesn't support subdomains.
@@ -257,4 +257,4 @@ Once the A record is created, link the private DNS zone to the virtual network t
 [container-registry-private-link]: ../container-registry/container-registry-private-link.md
 [virtual-networks-name-resolution]: ../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server
 [virtual-networks-168.63.129.16]: ../virtual-network/what-is-ip-address-168-63-129-16.md
-[use-custom-domains]: coredns-custom.md#use-custom-domains
+[use-custom-domains]: coredns-custom.md#use-custom-domains