We have a Azure Data Lake Storage Gen2 which should not allow public network access.
So far we have setup a private endpoint for the dfs and blob endpoints. Each private endpoint has a private dns zone and an A-record entry for the private ip. The private dns zones are linked to our vnet which is connected to our on-premise via site-to-site vpn.
We have setup our dns server to point the *.dfs.core.windows.net and *.blob.core.windows.net to the private ip address but we cannot get a connection via the azure portal or azure storage explorer. This has been working for our SQL Server but isnt working for the storage account as it seems to need further resolve the urls. Other options like cname to the privatelink.dfs.core.windows.net also did not work.
How should the on-premise dns be setup to allow access to the storage via azure portal from our on-premise network? We do not want to use a dns-forwarder.