Share via

Cannot Nslookup my private storage account

Yashas Manjunath 186 Reputation points
2025-07-15T13:08:52.6766667+00:00

I have a hub and spoke architecture. with a firewall in the hub and 2 spokes. One of the spokes has a storage account which is private. The storage account is in the spoke Vnet. this is peered to the hub Vnet which has a firewall. The spoke also has a windows Vm deployed. Once logged into to It I am trying to find this private storage account with the command nslookup spoketest.blob.core.windows.net . I get a non autoritative answer as a response.

User's image

I have a private endpoint configured on the storage account. The Private DNS zone has a record set whcih points to the private IP of the storage account.

But when I use the same command followed by the IP of the DNS private resolver (Inbound endpoint) it resolves and gives me the private IP of the storage account. nslookup spoketest.blob.core.windows.net x.x.x.x .

How do i make it so that it resoves just by the name of the storage account and not followed by the IP after it.

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
Accepted answer
  1. Alex Burlachenko 13,640 Reputation points Volunteer Moderator
    2025-07-15T14:31:05.86+00:00

    Yashas hi ca va )

    ur private endpoint is set up, which is good )) but the dns magic isn't auto spreading to ur vm. u need to link that private dns zone to ur vnet where the vm lives https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns

    go to ur private dns zone for blob.core.windows.net. then under 'virtual network links', add a link to the spoke vnet where ur vm is chilling. this makes the vm automatically use the private ip when u nslookup. no need to manually point to the dns resolver ip like some sort of peasant )))

    check this https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints#dns-changes-for-private-endpoints to see if ur dns config matches what microsoft expects. sometimes the records get shy and don't propagate right.

    now for some vendor agnostic wisdom ) this might help in other tools too... when dns acts up, always check these basics.... is the dns server actually reachable from ur vm? do a quick ping or telnet to port 53, are u maybe hitting some cached dns entries? ipconfig /flushdns is ur friend... windows firewall being dramatic?

    try nslookup with the full fqdn first, then just the short name. sometimes windows gets confused about suffixes. u can check ur dns suffix settings with ipconfig /all.

    if u ever move this setup to another cloud, remember most have similar private link features but call them different things like 'vpc endpoints' or 'service connect'. the dns dance remains the same though ))

    let me know if ur storage account is still being stubborn! sometimes it takes a few minutes for dns links to settle in.

    ps. if u ever need to test without waiting, u can always edit ur hosts file as a quick fix. but shhh, don't tell the purists i suggested that %) lol

    Best regards,

    Alex

    and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer

    https://ctrlaltdel.blog/

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.